Re: [cobalt-security] consistently pounded

[Brent Sims <brent@xxxxxxxxxxx>]

On Tue, 23 May 2000, Theodore Jones so wrote:

} Can anyone offer suggestions on scripts/software/anything I can do to
} cut down on this waste?

	Block them at the perimeter router. If you don't control the
router or your provider won't do this for you - find another
provider. In the mean time you have three other easy to implement
options.

	1) Check out the 'allow from' and 'deny from' options in
your httpd.conf file. You'll need to carefully read the comments
you'll find there as these are a bit tricky - easy to deal with you
just have to follow the instructions in order to make them work
correctly.

	2) You can install tcp wrappers (you really ought to have
'em running anyway), configure them to monitor the httpd port and
add the bums to your hosts.deny file.

	3) Publically humiliate the bums. These activities are
illegal and, IMHO, should be pursued as such. Check out cert.org for
details on how to proceed. Our policy in these matters is quite
simple: pursue every available legal avenue to try and insure the
bums will think twice before trying something like this again.

	I'd also recommend that you keep track of your time. Our last
hack attempt came from a "security consulting firm" which we'll soon
be seeking a judgment against for the $900.00 of my time it took to
keep the bums at bay. Trust me, you might not be able to collect but
you can most certainly screw up their credit record. 

	Peace be with you,
	
	Brent
	
	Brent Sims
	WebOkay Internet Services
	http://www.WebOkay.net
	Brent@xxxxxxxxxxx
	(719) 595-1427 (Voice/Fax)