Message14433

UW-HEP Help System

Issues
Show Unassigned
Show Critical
Show Urgent
Show Resolved
Show Open
Search

Login




Register
Lost your login?

Help
Roundup docs

Author wcmaier
Recipients ajit, dan, dasu, help, rader, radtke, wcmaier, wsmith
Date 2008.07.02 07:38
Content
On Mon, Jun 30, 2008 at 07:50:19PM -0500, Steve Rader via UW-HEP Help System wrote:
> I guess we're okay now, but we should be aware that it seems
> there's someobody out there who understands AFS and is using loose
> ACLs to "own" us.

This is ongoing; we're still seeing numerous hosts GETing
http://www.hep.wisc.edu/dasu/rootFiles/, though they're getting 404s
now that Steve's removed it. The traffic caused Apache to nearly
fill the root disk with log events. I rotated and bzip2ed the log
files, but it might be prudent to block the most egregious IPs.

These two account for 99.5% of the recent bad traffic:

    216.104.34.62
    206.225.81.178

Shall I add those to /etc/hosts.deny?

-- 

o--------------------------{ Will Maier }--------------------------o
| jabber:...wcmaier@xmpp.lfod.us | email:..will.maier@hep.wisc.edu |
| office:...........608.263.9692 | cell:..............608.438.6162 |
*--------------------[ UW High Energy Physics ]--------------------*
History
Date User Action Args
2008-07-02 07:38:21wcmaiersetrecipients: + wcmaier, help, rader, dan, dasu, ajit, wsmith, radtke
2008-07-02 07:38:21wcmaierlinkissue5332 messages
2008-07-02 07:38:15wcmaiercreate