May 13th, 2005, 03:49 AM
Should I report Code Red attackers?
My web server recieves occasional attacks from (seemingly) random Code Red-infected wankers. I used to report every instance to the originating abuse@ISP.com address but 9/10 didn't reply to me at all and the attacks would continue, forcing me to block single IPs, blocks, or even entire ISPs at my hardware firewall. The remaining 1/10 would often apologize to me and vow to disable the user until their virus was cleared up.
I just don't have the heart to write my good natured and understanding appeals to abuse techs anymore. It tears me up knowing these negligent ISPs are making the internet a more dangerous place, but I feel there's nothing I can do about it. I feel bad for admins (naive enough to operate) without proper protection who will be assaulted by oblivious zombies.
What do you all do when faced with this problem? Have I been wasting my time writing to ISPs? Is there a more efficient\affective way I could be handling this? Are the admins of the world SOL?
May 13th, 2005, 06:05 AM
i really dont think its anything to worry about. A box thats vulnerable to a five year old worm will not survive long on the internet. these machines are usually in the hands of users and not professional administrators. if you go to that site you'll usually see under construction or some shabby attempt at a web page. my guess would be its a recent re-install where the user included iis4/5 and didn't bother (for lack of knowledge) to patch.
in the past ive written to ISPs, tried to contact the owner of the computer or left notes in their all user\start-up folder explaining what was going on but like i said their operating on borrowed time.
Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”
May 13th, 2005, 07:15 AM
Maybe just write a 'canned response' email so that you dont have to spend the time composing an email for each ISP. Maybe they dont all respond, take action, or give a ****, but at least you can say you tried. Sometimes, you might catch someone on a good day and get something accomplished.
I have to agree, such a poorly patched box cant live very long (one wouldnt think anyway). Those poor bastards that dont know a thing about computers or what a virus is, firewall, a-v, etc, are making it bad for the rest of us 'informed' net users lol. just my two cents.