Search

Recent Posts

Tags

« Previous Entries

GeoIP origins of malicious network activity

Sunday, April 28th, 2013

I have previously written that GeoIP data is not a reliable source for definitive data analysis – it is, however, a reasonable indicator.  The numbers below are from a single server (logged during the past few years) and don’t really provide any surprises.  Some things to keep in mind: raw IP information is only an Continue reading →

BSD Milter-greylist smfi_main error – won’t start after ‘system upgrade’

Thursday, November 15th, 2012

Ok, you have a system that you partially manage (the ISP updates/installs ‘system’ level goodies like networking, foundation email binaries, system level libraries, etc.) All works well for months (or longer) and then, you start getting SPAM from Country ZZ (which you are sure you ‘banned’ using milter-greylist.)  Hmm..  In my, case I also get Continue reading →

Privacy is not an option, is it?

Sunday, September 30th, 2012

TED Talks are always full of interested/informative/thought-proviking/useful content – here are a few links from 2012.  This list is a bit security/privacy biased but a finish with simply being creative… 7/2012 – some very interesting Geo-political points (impacts of social media & how governments deal with it – or not…) http://www.ted.com/talks/michael_anti_behind_the_great_firewall_of_china.html Weibo (Chinese Twitter clone) Continue reading →

WordPress – BotNet Login Hacking Attacks

Friday, May 11th, 2012

So, why should you use login restrictions or a Login monitor (plugin or other solution) for your WordPress site? Just one reason – from one day of web logs for one domain – there were no successful logins during this ‘attack’. 5/9/2012 Fail | Start/Stop | IP address | GeoIP Info —–|——————-|—————–|—————————————-   1.    1 Continue reading →

PHP – decoding ‘gzinflate(str_rot13(base64_decode’ hack attempts

Monday, April 9th, 2012

A recent ‘alarm’ about RFI (remote file inclusion)  ‘attacks’ against PHP coded web sites (i.e. any WordPress site) got me curious about some of my log messages.  In this case the web server/PHP application were not compromised due to a somewhat guarded server configuration.  The configuration also ‘captured’ the triple-encoded attack code (some excerpts below.) Continue reading →

« Previous Entries

________________________________________________
YOUR GeoIP Data | Ip: 73.21.121.1
Continent: NA | Country Code: US | Country Name: United States
Region: | State/Region Name: | City:
(US only) Area Code: 0 | Postal code/Zip:
Latitude: 38.000000 | Longitude: -97.000000
Note - if using a mobile device your physical location may NOT be accurate...
________________________________________________

Georgia-USA.Com - Web Hosting for Business
____________________________________