Security Warnings

Security Warnings

And Dumb Security Company of the day goes to.....

Argh, dammit, I can't tell you.  But the imaginary conversation goes like this.
Me: "Hi security company, I see that you have an enterprise grade security product that my client has put at the heart of their enterprise?"
Dumb Security Company (DSC) "Yes, can I tell you about it, its great - it has elements that ..."
Me: "No, no, please stop.  Anyway, the client tells me that your security products runs on Windows"
DSC: "Yes, that's right we have a strategic realationship with Mi..."

Tricks and Tips #1 Block 'em. Block 'em all.

One way that TurboTas.co.uk stops unwanted shite turning up on the website is with massive IP block lists.
As this is a very small blog, available in English only, I can take some pretty radical steps to prevent Eve from getting into my system.
The subject is somewhat evocative but I'll lay it out for you.  People visiting my website speak English and are mainly from the United Kingdom or the US.  Web logs and analytics support this.

Spammers Blocking Day

A day to stop spammers today with quite a few direct connections not picked up by the server.
189.194.93.86.  Looks like an insecure web application with an open PHP mailer script.  DOH!
186.51.53.86.  Another email spammer.
SSH attempts from 82.165.129.71 and 149.3.143.187.  Blocked both of those.
Spotted 89.67.253.49 in the HTTP logs and a check of project Honeypot shows them as massive spammers.  46.37.165.127 in same boat, also 78.157.192.24 and 46.37.189.182

Another Day, Another set of IP blocks

Quite a big set of IP addresses today because I've been scanning the logs for the evening.  Rather an alarming list building up of stuff that needs fixing.
 
Chinese email spammers.  I spotted them via attempts to web spider sites that are now offline.  60.173.10.0/24  Block them while you can! Drat, just noticed a bunch from the class c under that one too, so best block .9. too!  Oh and .26.0.  Actually this is looking like a problem with a much larger block, No? 
 
Spanish hacking attempt via the Apache Logs: 81.44.219.18