Sanesecurity signatures are no longer being updated or distributed

René Berber r.berber at computer.org
Tue Dec 16 23:26:36 GMT 2008


Steve Basford wrote:
...
> In other words, if people downloaded the sigs every hour, each ip should
> only have 24 hits....as you can see, the above ips are WAY over that.
> Checking the log in detail... it's seems people are setting the download
> scripts to download every second.... all adding up to: 45,554 hits an hour,
> add the fact that 45,554 hits would run a php script... guess that's why
> the cpu usage was so high on a shared server and then got suspended.
...

I agree with the others, a blacklist mechanism is in order.

Fail2ban would be easy to set up (if your server is Linux, better) with
some rules like the ones Rick Cooper mentioned.  Of course you won't
test for failures, just for normal access within a given time period.

I often wonder how many system admins are so incompetent (just read this
list).
-- 
René Berber



More information about the MailScanner mailing list