Wednesday, July 25, 2007

DNS Bind Vulnerability

I saw headline reporting a DNS Bind vulnerability. Make sure you have the latest updates for your DNS Bind servers.

Sunday, July 15, 2007

Core Security Patterns

I was reading a book called core Security Patterns from Sun today and in the introduction chapter in this book they state:

"A Gartner Group report [CSO online] estimates that employees of companies are responsible for more than 70% of the unauthorized access to information systems in those companies. It is also employees of companies who perpetrate more than 95% of information systems intrusions that cause significant financial losses."

So when I ask - do you just "trust" your managed data center employees like the managed hosting companies would like you to do? No. Audit everything. If they cannot provide an audit trail to explicitly define who accessed your server on what time and day and what they did - you'll need to keep your password to yourself and manage access to your server and do your own auditing -- don't use that company.

And for all those companies that swear up and down that they are invincible and secure, I say no one is ever 100% secure and constant auditing and monitoring is needed. Case in point, this book says:

"According to an FBI survey [eWeek] of 500 companies, 90 percent say they'd had a computer security breach, and 80 percent of those said they'd suffered a financial loss as a result."

There are more reports an examples in the book as well as a good list of security patterns for those who use a programming language that allows you to, in my opinion, have more control over your environment such as with a Java web server. I say that because you cannot get the IIS source code...

Anyway the book for anyone who wants to read it again is:

Core Security Patterns from Sun by Christopher Steel, Ramesh, Nagappan and Ray Lai

Even if you don't program in Java it seems that some of the information could apply to any web application.

I haven't read the whole book so I cannot say how useful it is yet.

Friday, July 13, 2007

Network Solutions SSL Certificate Instructions - Java Web Server

It is really annoying that the Java web server ssl instructions on the Network Solutions web site have been wrong for over 4 months.
I also wonder what the security implications are that they send people SSL certificates in email.
Here are the correct instructions:

Installing Your Network Solutions SSL Certificate on Java Based Web Servers
There are 4 certificates that you will receive from Network Solutions:

1. AddTrustExternalCARoot.crt
2. UTNAddTrustServer_CA.crt
3. NetworkSolutions_CA.crt
4. yourdomainname.crt

These must be imported in the correct order:

1. AddTrustExternalCARoot.crt
2. UTNAddTrustServer_CA.crt
3. NetworkSolutions_CA.crt
4. yourdomainname.crt

Use the keytool command to import the certificates as follows:
keytool -import -trustcacerts -alias root -file AddTrustExternalCARoot.crt -keystore domain.key

Use the same process for the UTNAddTrustServer_CA.crt certificate using the keytool command:
keytool -import -trustcacerts -alias utnaddtrustserverca -file UTNAddTrustServer_CA.crt -keystore domain.key

Use the same process for the NetworkSolutions_CA.crt certificate using the keytool command:
keytool -import -trustcacerts -alias networksolutionsca -file NetworkSolutions_CA.crt -keystore domain.key

Use the same process for the site certificate using the keytool command, if you are using an alias then please include the alias command in the string.
Example:
keytool -import -trustcacerts -alias yyy (where yyy is the alias specified during CSR creation) -file yourdomainname.crt -keystore domain.key
The password is then requested.
Enter keystore password: (This is the one used during CSR creation) After the password is entered information will be displayed about the certificate and you will be asked if you want to trust it.
Trust this certificate? [no]:
(The default is no so type 'y' or 'yes')
Then an information message will display as follows:
Certificate was added to keystore
All of the certificates are now loaded.

Anti-virus software: Chinese vs. Russian

Looks like two anti-virus vendors are attacking each other:

http://www.networkworld.com/news/2007/071207-update-gloves-come-off-in.html?nlhtsec=0709securityalert5&

There are other options developed in the US.

Kapersky itself was embedded into a piece of malware that removed other malware from computers so who knows what is the underlying cause of all this.

This article makes it sound like you have a choice between one or the other - you don't. There are other vendors that have been doing this longer in the US.

Thursday, July 12, 2007

A list of known bots

Not sure how old this is but here is a list of known bots from a random ranting user:


Bot not obeying the Rules

This bot does not appear to be obeying robots.txt

Unversity of Illinois192.17.0.0 - 192.17.255.255MQBOT/Nutch-0.9-dev (MQBOT Nutch Crawler; http://falcon.cs.uiuc.edu; mqbot@cs.uiuc.edu)

/instmsg/aliases/orders

We are still getting hits for this URL on our server from various IPs:

/instmsg/aliases/orders

I wrote about this in another post.

RedBot

Here's a new bot:

RedBot/redbot-1.0 (Rediff.com Crawler; redbot at rediff dot com)

Seems to be some India related web site.

Doesn't say how to block it in robots.txt at first glance.

Wednesday, July 11, 2007

IEMB3 may be hacked

Whatever this is: IEMB3 may be hacked, or it may be a coincidence that this is running on a machine that appears to be scanning our sites in un-normal-web-visitor-like or hacker-like ways.

Cazoodle

Looks like the Cazoodle bot has moved to the University of Illinois. I thought this one was running out of China before:

CazoodleBot/Nutch-0.9-dev (CazoodleBot Crawler; http://www.cazoodle.com/cazoodlebot; cazoodlebot@cazoodle.com)

OrgName: University of Illinois OrgID: UIUCAddress: 1120 DCL, MC-256Address: 1304 West Springfield AvenueCity: UrbanaStateProv: ILPostalCode: 61801Country: USNetRange: 72.36.64.0 - 72.36.127.255

Bell Canada

This IP at Bell Canada is trying to be sneaky about surfing the net. Something to hide?

67.68.135.71

Bell Canada BELLNEXXIA-11 (NET-67-68-0-0-1) 67.68.0.0 - 67.71.255.255HSE HSE020924-CA (NET-67-68-0-0-2) 67.68.0.0 - 67.68.255.255

1-800-HOSTING

An IP at 1-800-HOSTING continues to attempt to surf our web sites. Why would a web server be surfing our web sites?

69.41.185.18

OrgName: 1-800-HOSTING, Inc.OrgID: 1800HAddress: 3509 Oak Lawn AveCity: DALLASStateProv: TXPostalCode: 75219Country: US
NetRange: 69.41.160.0 - 69.41.191.255

Ask Jeeves not identifying itself

An Ask Jeeves machine is not correctly identifying itself as the ask search engine in the User-Agent string when requesting robots.txt

MCI Communications Services, Inc. d/b/a Verizon Business UUNET65 (NET-65-192-0-0-1) 65.192.0.0 - 65.223.255.255AskJeeves, Inc. UU-65-214-36 (NET-65-214-36-0-1) 65.214.36.0 - 65.214.39.255

Interland, Inc.

Someone on Interland, Inc.'s network (Atlanta, GA) is hitting our site with a bot.

64.239.7.216

OrgName: Interland, Inc.OrgID: INTDAddress: 101 Marietta StreetCity: AtlantaStateProv: GAPostalCode: 30039Country: US
NetRange: 64.239.0.0 - 64.239.127.255

Bay Area Internet Solutions

Bay Area Internet Solutions is hitting our site with some sort of bot.

OrgName: Bay Area Internet Solutions OrgID: BAYAAddress: 2650 San Thomas ExpresswayCity: Santa ClaraStateProv: CAPostalCode: 95051Country: USNetRange: 72.20.96.0 - 72.20.127.255

Server4You - Germany

We are still getting unwanted hits from this hosting facility.

inetnum: 85.25.129.0 - 85.25.148.255descr: SERVER4YOU Dedicated Server Hostingdescr: http://www.server4you.denetname: SERVER4YOU-1country: DE

Tuesday, July 10, 2007

Internet Crime - Summary Of Issues - 2007

This is a bit in the past but I missed it and it is very interesting in summing up the issues with Internet Crime: http://searchsecuritychannel.techtarget.com/originalContent/0,289142,sid97_gci1248099,00.html

Monday, July 09, 2007

Hits from Czech Data Center

This doesn't look right - hits from a data center...

inetnum: 81.31.32.0 - 81.31.35.255netname: MASTER1descr: Master Internet s.r.o.descr: server housing Brno, Cejlcountry: CZ

Bot coming from this IP: 80.194.189.66

Here's another bot snooping around - 80.194.189.66

7/8/2007 23:07
80.194.189.66
MJ12bot/v1.2.0 (http://majestic12.co.uk/bot.php?+)
7/8/2007 23:07
80.194.189.66
MJ12bot/v1.2.0 (http://majestic12.co.uk/bot.php?+)
7/8/2007 23:08
80.194.189.66
MJ12bot/v1.2.0 (http://majestic12.co.uk/bot.php?+)
7/8/2007 23:08
80.194.189.66
MJ12bot/v1.2.0 (http://majestic12.co.uk/bot.php?+)
7/8/2007 23:08
80.194.189.66
MJ12bot/v1.2.0 (http://majestic12.co.uk/bot.php?+)
7/8/2007 23:07
80.194.189.66
MJ12bot/v1.2.0 (http://majestic12.co.uk/bot.php?+)
7/8/2007 23:07
80.194.189.66
MJ12bot/v1.2.0 (http://majestic12.co.uk/bot.php?+)
7/8/2007 23:07
80.194.189.66
MJ12bot/v1.2.0 (http://majestic12.co.uk/bot.php?+)
7/8/2007 23:08
80.194.189.66
MJ12bot/v1.2.0 (http://majestic12.co.uk/bot.php?+)
7/8/2007 23:08
80.194.189.66
MJ12bot/v1.2.0 (http://majestic12.co.uk/bot.php?+)
7/8/2007 23:08
80.194.189.66
MJ12bot/v1.2.0 (http://majestic12.co.uk/bot.php?+)
7/8/2007 23:07
80.194.189.66
MJ12bot/v1.2.0 (http://majestic12.co.uk/bot.php?+)
7/8/2007 23:07
80.194.189.66
MJ12bot/v1.2.0 (http://majestic12.co.uk/bot.php?+)
7/8/2007 23:08
80.194.189.66
MJ12bot/v1.2.0 (http://majestic12.co.uk/bot.php?+)
7/8/2007 23:08
80.194.189.66
MJ12bot/v1.2.0 (http://majestic12.co.uk/bot.php?+)
7/8/2007 23:08
80.194.189.66
MJ12bot/v1.2.0 (http://majestic12.co.uk/bot.php?+)
7/8/2007 23:08
80.194.189.66
MJ12bot/v1.2.0 (http://majestic12.co.uk/bot.php?+)
7/8/2007 23:08
80.194.189.66
MJ12bot/v1.2.0 (http://majestic12.co.uk/bot.php?+)
7/8/2007 23:08
80.194.189.66
MJ12bot/v1.2.0 (http://majestic12.co.uk/bot.php?+)
7/8/2007 23:09
80.194.189.66
MJ12bot/v1.2.0 (http://majestic12.co.uk/bot.php?+)
7/8/2007 23:07
80.194.189.66
MJ12bot/v1.2.0 (http://majestic12.co.uk/bot.php?+)
7/8/2007 23:07
80.194.189.66
MJ12bot/v1.2.0 (http://majestic12.co.uk/bot.php?+)
7/8/2007 23:07
80.194.189.66
MJ12bot/v1.2.0 (http://majestic12.co.uk/bot.php?+)
7/8/2007 23:08
80.194.189.66
MJ12bot/v1.2.0 (http://majestic12.co.uk/bot.php?+)
7/8/2007 23:08
80.194.189.66
MJ12bot/v1.2.0 (http://majestic12.co.uk/bot.php?+)
7/8/2007 23:08
80.194.189.66
MJ12bot/v1.2.0 (http://majestic12.co.uk/bot.php?+)
7/8/2007 23:08
80.194.189.66
MJ12bot/v1.2.0 (http://majestic12.co.uk/bot.php?+)
7/8/2007 23:08
80.194.189.66
MJ12bot/v1.2.0 (http://majestic12.co.uk/bot.php?+)
7/8/2007 23:08
80.194.189.66
MJ12bot/v1.2.0 (http://majestic12.co.uk/bot.php?+)
7/8/2007 23:09
80.194.189.66
MJ12bot/v1.2.0 (http://majestic12.co.uk/bot.php?+)
7/8/2007 23:08
80.194.189.66
MJ12bot/v1.2.0 (http://majestic12.co.uk/bot.php?+)
7/8/2007 23:08
80.194.189.66
MJ12bot/v1.2.0 (http://majestic12.co.uk/bot.php?+)
7/8/2007 23:08
80.194.189.66
MJ12bot/v1.2.0 (http://majestic12.co.uk/bot.php?+)
7/8/2007 23:09
80.194.189.66
MJ12bot/v1.2.0 (http://majestic12.co.uk/bot.php?+)
7/8/2007 23:08
80.194.189.66
MJ12bot/v1.2.0 (http://majestic12.co.uk/bot.php?+)
7/8/2007 23:08
80.194.189.66
MJ12bot/v1.2.0 (http://majestic12.co.uk/bot.php?+)
7/8/2007 23:08
80.194.189.66
MJ12bot/v1.2.0 (http://majestic12.co.uk/bot.php?+)
7/8/2007 23:09
80.194.189.66
MJ12bot/v1.2.0 (http://majestic12.co.uk/bot.php?+)

Sunday, July 08, 2007

PHP hacker - everyone's internet - 66.98.228.8

7/7/2007 15:28
66.98.228.8
/phpgroupware/xmlrpc.php
7/7/2007 15:28
66.98.228.8
/wordpress/xmlrpc.php
7/7/2007 15:28
66.98.228.8
/b2evo/xmlsrv/xmlrpc.php
7/7/2007 15:28
66.98.228.8
/phpgroupware/xmlrpc.php
7/7/2007 15:28
66.98.228.8
/b2/xmlsrv/xmlrpc.php
7/7/2007 15:28
66.98.228.8
/wordpress/xmlrpc.php
7/7/2007 15:28
66.98.228.8
/phpgroupware/xmlrpc.php
7/7/2007 15:28
66.98.228.8
/blogtest/xmlsrv/xmlrpc.php
7/7/2007 15:28
66.98.228.8
/b2evo/xmlsrv/xmlrpc.php
7/7/2007 15:28
66.98.228.8
/wordpress/xmlrpc.php
7/7/2007 15:28
66.98.228.8
/phpgroupware/xmlrpc.php
7/7/2007 15:28
66.98.228.8
/blog/xmlsrv/xmlrpc.php
7/7/2007 15:28
66.98.228.8
/b2/xmlsrv/xmlrpc.php
7/7/2007 15:28
66.98.228.8
/wordpress/xmlrpc.php
7/7/2007 15:28
66.98.228.8
/b2evo/xmlsrv/xmlrpc.php
7/7/2007 15:28
66.98.228.8
/blogs/xmlsrv/xmlrpc.php
7/7/2007 15:28
66.98.228.8
/blogtest/xmlsrv/xmlrpc.php
7/7/2007 15:28
66.98.228.8
/b2/xmlsrv/xmlrpc.php
7/7/2007 15:28
66.98.228.8
/b2evo/xmlsrv/xmlrpc.php
7/7/2007 15:28
66.98.228.8
/blogs/xmlrpc.php
7/7/2007 15:28
66.98.228.8
/blogtest/xmlsrv/xmlrpc.php
7/7/2007 15:28
66.98.228.8
/blog/xmlsrv/xmlrpc.php
7/7/2007 15:28
66.98.228.8
/b2/xmlsrv/xmlrpc.php
7/7/2007 15:28
66.98.228.8
/community/xmlrpc.php
7/7/2007 15:28
66.98.228.8
/blogs/xmlsrv/xmlrpc.php
7/7/2007 15:28
66.98.228.8
/blog/xmlsrv/xmlrpc.php
7/7/2007 15:28
66.98.228.8
/blogtest/xmlsrv/xmlrpc.php
7/7/2007 15:28
66.98.228.8
/drupal/xmlrpc.php
7/7/2007 15:28
66.98.228.8
/blog/xmlsrv/xmlrpc.php
7/7/2007 15:28
66.98.228.8
/blogs/xmlsrv/xmlrpc.php
7/7/2007 15:28
66.98.228.8
/blogs/xmlrpc.php
7/7/2007 15:28
66.98.228.8
/blog/xmlrpc.php
7/7/2007 15:28
66.98.228.8
/community/xmlrpc.php
7/7/2007 15:28
66.98.228.8
/blogs/xmlsrv/xmlrpc.php
7/7/2007 15:28
66.98.228.8
/blogs/xmlrpc.php
7/7/2007 15:28
66.98.228.8
/xmlsrv/xmlrpc.php
7/7/2007 15:28
66.98.228.8
/community/xmlrpc.php
7/7/2007 15:28
66.98.228.8
/drupal/xmlrpc.php
7/7/2007 15:28
66.98.228.8
/blogs/xmlrpc.php
7/7/2007 15:28
66.98.228.8
/xmlrpc/xmlrpc.php
7/7/2007 15:28
66.98.228.8
/blog/xmlrpc.php
7/7/2007 15:28
66.98.228.8
/drupal/xmlrpc.php
7/7/2007 15:28
66.98.228.8
/community/xmlrpc.php
7/7/2007 15:28
66.98.228.8
/xmlrpc.php
7/7/2007 15:28
66.98.228.8
/xmlsrv/xmlrpc.php
7/7/2007 15:28
66.98.228.8
/blog/xmlrpc.php
7/7/2007 15:28
66.98.228.8
/drupal/xmlrpc.php
7/7/2007 15:28
66.98.228.8
/phpadsnew2/adxmlrpc.php
7/7/2007 15:28
66.98.228.8
/xmlrpc/xmlrpc.php
7/7/2007 15:28
66.98.228.8
/xmlsrv/xmlrpc.php
7/7/2007 15:28
66.98.228.8
/blog/xmlrpc.php
7/7/2007 15:28
66.98.228.8
/phpAdsNew2/adxmlrpc.php
7/7/2007 15:28
66.98.228.8
/xmlrpc.php
7/7/2007 15:28
66.98.228.8
/xmlsrv/xmlrpc.php
7/7/2007 15:28
66.98.228.8
/xmlrpc/xmlrpc.php
7/7/2007 15:28
66.98.228.8
/ads/adxmlrpc.php
7/7/2007 15:28
66.98.228.8
/xmlrpc/xmlrpc.php
7/7/2007 15:28
66.98.228.8
/phpadsnew2/adxmlrpc.php
7/7/2007 15:28
66.98.228.8
/xmlrpc.php
7/7/2007 15:28
66.98.228.8
/Ads/adxmlrpc.php
7/7/2007 15:28
66.98.228.8
/phpAdsNew2/adxmlrpc.php
7/7/2007 15:28
66.98.228.8
/phpadsnew2/adxmlrpc.php
7/7/2007 15:28
66.98.228.8
/xmlrpc.php
7/7/2007 15:28
66.98.228.8
/phpads/adxmlrpc.php
7/7/2007 15:28
66.98.228.8
/phpAdsNew2/adxmlrpc.php
7/7/2007 15:28
66.98.228.8
/phpadsnew2/adxmlrpc.php
7/7/2007 15:28
66.98.228.8
/ads/adxmlrpc.php
7/7/2007 15:28
66.98.228.8
/phpadsnew/adxmlrpc.php
7/7/2007 15:28
66.98.228.8
/Ads/adxmlrpc.php
7/7/2007 15:28
66.98.228.8
/ads/adxmlrpc.php
7/7/2007 15:28
66.98.228.8
/phpAdsNew2/adxmlrpc.php
7/7/2007 15:28
66.98.228.8
/phpAdsNew/adxmlrpc.php
7/7/2007 15:28
66.98.228.8
/ads/adxmlrpc.php
7/7/2007 15:28
66.98.228.8
/phpads/adxmlrpc.php
7/7/2007 15:28
66.98.228.8
/Ads/adxmlrpc.php
7/7/2007 15:28
66.98.228.8
/adserver/adxmlrpc.php
7/7/2007 15:28
66.98.228.8
/phpadsnew/adxmlrpc.php
7/7/2007 15:28
66.98.228.8
/Ads/adxmlrpc.php
7/7/2007 15:28
66.98.228.8
/phpads/adxmlrpc.php
7/7/2007 15:28
66.98.228.8
/adxmlrpc.php
7/7/2007 15:28
66.98.228.8
/phpadsnew/adxmlrpc.php
7/7/2007 15:28
66.98.228.8
/phpads/adxmlrpc.php
7/7/2007 15:28
66.98.228.8
/phpAdsNew/adxmlrpc.php
7/7/2007 15:28
66.98.228.8
/phpadsnew/adxmlrpc.php
7/7/2007 15:28
66.98.228.8
/adserver/adxmlrpc.php
7/7/2007 15:28
66.98.228.8
/phpAdsNew/adxmlrpc.php
7/7/2007 15:28
66.98.228.8
/phpAdsNew/adxmlrpc.php
7/7/2007 15:28
66.98.228.8
/adxmlrpc.php
7/7/2007 15:28
66.98.228.8
/adserver/adxmlrpc.php
7/7/2007 15:28
66.98.228.8
/adserver/adxmlrpc.php
7/7/2007 15:28
66.98.228.8
/adxmlrpc.php
7/7/2007 15:28
66.98.228.8
/adxmlrpc.php
7/7/2007 15:01
66.98.228.8
/community/chat/messagesL.php3
7/7/2007 15:01
66.98.228.8
/chat3/chat/messagesL.php3
7/7/2007 15:01
66.98.228.8
/chat2/chat/messagesL.php3
7/7/2007 15:01
66.98.228.8
/forums/chat/messagesL.php3
7/7/2007 15:01
66.98.228.8
/chat1/chat/messagesL.php3
7/7/2007 15:01
66.98.228.8
/phpMyChat-0.14.4/chat/messagesL.php3
7/7/2007 15:01
66.98.228.8
/phpMyChat-0.14.3/chat/messagesL.php3
7/7/2007 15:01
66.98.228.8
/phpMyChat/chat/messagesL.php3
7/7/2007 15:01
66.98.228.8
/phpMyChat-0.14.5/chat/messagesL.php3
7/7/2007 15:01
66.98.228.8
/phpMyChat-0.14.2/chat/messagesL.php3
7/7/2007 15:01
66.98.228.8
/php/phpmychat/chat/messagesL.php3
7/7/2007 15:01
66.98.228.8
/forum/chat/messagesL.php3
7/7/2007 15:01
66.98.228.8
/chats/chat/messagesL.php3
7/7/2007 15:01
66.98.228.8
/chatroom/chat/messagesL.php3
7/7/2007 15:01
66.98.228.8
/PhpMyChat/chat/messagesL.php3
7/7/2007 15:01
66.98.228.8
/phpchat/chat/messagesL.php3
7/7/2007 15:01
66.98.228.8
/chat/chat/messagesL.php3
7/7/2007 15:01
66.98.228.8
/chat/messagesL.php3

Thursday, July 05, 2007

Blatant hacker: SERVER4YOU network

Here's a blatantly hacking IP from the Server4You network in Germany:

85.25.138.126

This IP hit our sites over 200 separate times in one day

inetnum: 85.25.129.0 - 85.25.148.255descr: SERVER4YOU Dedicated Server Hostingdescr: http://www.server4you.denetname: SERVER4YOU-1country: DE

Network Admins Not Paying Attention To Traffic

Hmm. Interesting.

http://blogs.zdnet.com/security/?p=349

Not sure I agree however. I don't know if this person understands exactly what was done in this case and yes, it should have been done sooner, but the fact is prior to this network admins didn't pay attention to traffic much at all unless it took down a machine. The fact that the government is involved and looking at the problem is a major step forward as we all know how long it takes to get the government moving...business has financial motivation. The government is pushed by voters and many voters don't even understand what is going on. So I say go Microsoft, go FBI and keep going - do more. Catch them and start whacking people with fines and putting them in jail the same way the Enron guys were put in jail - as an example to all and yes you will pay. But make the price high.

The note about cutting off criminal resources is interesting. Yes we can and should do more about this problem, but at least someone "gets it" and it is a step in the right direction. That's my take.

And as for the last line, yeah right. I'm going to let some ex (supposedly) hacker "fix" my machine. Time for a reality check.

Monday, July 02, 2007

Definitely a Hacker from Romania

This is definitely a hacker in Romania:

inetnum: 89.42.140.0 - 89.42.141.255netname: SC-ALIENSTATION-SRLdescr: SC AlienStation SRLdescr: B-dul Ferdinand, Nr. 56descr: Constanta Constanta 900693country: ro

Looks like they are scanning our sites and possibly stealing the content and posting it elsewhere - potentially they have found a way to hack DNS.

Null IP addresses in logs

I would like to know how someone is able to get a null IP address into our logs. I would like to make this not possible and to stop. All web server vendors need to look into this. Of course we have backup logging that handles this issue.

And see my last post for the matching IP address. Not sure which one but one of those generated this:

[30/06/2007:01:48:36 -0800] "GET / HTTP/1.0" 302 0 "Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.6) Gecko/20050317 Firefox/1.0.2" -

Noc4Host servers visiting again

Noc4Hosts is an IP range you might want to block out at the firewall level for web servers. Servers in their IP ranges are visiting again.

Products from China

Was just reading a report in the paper that said 100% of the 24 defective toys recalled in the US this year came from China. Also there was some toothpaste infected with poison coming from China which was distributed to US prisons.