View Single Post
  #1 (permalink)  
Old November 24th, 2007
BSintzel's Avatar
BSintzel BSintzel is offline
Novicius
 
Join Date: November 19th, 2007
Posts: 1
BSintzel is flying high
Default Banned over 5000 Hosts .. now what?

Re: PHEX 3

I've discovered that no matter what search string I enter (even total gibberish) I will get the same results over and over, with a few 'repeating' variations. For example: if I search on D234x.HTML, I will get a lot of hits, but I will usually always find the following included in the results: D234x.html, D234x.mpg, D234x.zip, sexy D234x.html, Rare recordings.wma, D234x music.html, D234x.mp3, D234x ringtones.html, ## track ##.wma (##=2 digits), Totally Hip Track.wma, D234x naked.zip, D234x Pictures, Top of The Charts -2005.wma.. Any of the files I mentioned above will contain a trojan or the file extension doesn't match the file type. Kinda juvinile, huh?

At first I thought that permanently banning the IP's associated with the results would eliminate the source of the problem, but after banning over 5000 ip's, I'm not so sure now if this is an effective course of action.

I know I can apply filters, but that won't eliminate the problem, only mask it.

My questions are:

1 - Are these 'fraudulent' returns actually being shared up knowingly from all the ip's that are 'apparently' associated with them, or are these returns coming from infected PC's?

2 - Will banning the IP's of the 'apparent' source of the false returns eventually alleviate the problem?

There's a point at which the number of banned ip's will eventually become insanely large, so maybe someone in the know can shed some light on what is 'really' happening to generate so many false returns and offer up a more effective and less time consuming solution.

[FONT='Calibri','sans-serif']Much Thanks in advance[/font]

Last edited by BSintzel; November 24th, 2007 at 08:03 PM.
Reply With Quote