More malicious attempts blocked at the gate
I expected it to happen: When one network is blocked, attempts will come from another source. So in the cause of a few days, I blocked a few more subnets. It seems to help, since the number of alerts dropped, and accessing the site is more constant and stable. I’m working on a method to report on abusive access – no matter in what way: DoS, Spam, FTP store, HTTP(s) attempts to break into software I don’t run (or on a different location). And than I’ll be able to publish them…
One package though needs closer attention, as I think chnaging it’ s locations to ReadOnly is trouiblesome, I need some advise from the specialist in that area. But I removed a possible cause of trouible – when looking to it’s name, I suspect it was – and cleaned quite a lot of rubbish tghat is must have left behind. Also, the users I previously disabled have now been deleted, and the caches cleared.
(The Dutch railways offer Internet in some of the fast trains – free until 2012, according their site. That’s where I wrote the entry)