On Mon, 31 Mar 2003 15:40, Fred Smith wrote: > it is most likely a worm (nimda, code red, or one of their variants) and > not an actual person. if you're feeling ambitious, you could log these > hits and report them to the ISP they came from, so the ISP can contact > the owner of the machine and inform them that they are infected with a
That's a bad idea. If every Apache server was setup in such a fashion then the postmaster address for every major ISP would become unusable, and therefore postmaster addresses would become unusable. If someone setup a central clearing-house for such things then it might work. What you would need is for your server to notify a central server of the worm infection. Once 10 or more machines from different AS's had reported an IP address as being infected with a worm then it would be reported to the ISP along with any other IP addresses in the same ISP's space. That way there would be few false alarms, and the real reports would tend to have several IP addresses reported at the same time. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page
