Of course, in my original post, I stipulated that we were talking about those that are neither involved in the photography or purchase it. Would you consider that a market?
And how would they get it? They must either purchase or trade in their own child porn pictures to a group, which has to by now be very hard to do amidst all the scrutiny.
I'll agree with clueless but I have an issue with "greedy". Because they are clueless they don't understand that "free" could equal bad.
Well that's a good point, but they know that what they are downloading is bootlegged, stolen goods. So yes, they don't want to buy a CD or movie but they'll take it if they can. That's greedy.
I used to record off of friend's CD's, and sharing is good, but the mass distribution thing is just pirating, and sad to say, whatever people had going on before may have been a lot of fun but now all they've got is a pipeline from hell out there on the internet.
There's one point about these arguments I don't understand...
Why are the child porn types writing software that magically puts child porn on random people's computers?
It all becomes clear once you restate the question. How can we take a sucker for everything he's got?
The overlap of child porn types with those who write malicious internet software must be small indeed. So first of all, we're not talking child porn types. It's clear from news on busts that they do have clubs, and they do trade pictures, and some busts have been big, but we're talking Yahoo reject groups here, nothing more sophisticated than emailing or FTP'ing zip files to each other (where you have to contribute pictures to join the group).
We are talking instead people running malicious software, and it's the usual culprits. The same ones running bot nets to steal everything you have and own you if they can. Since child porn is pretty close to the most universally banned thing on earth, you can't store it on a server and lure people to it. So that's why it would be stored on innocent people's PC's that are owned.
And I suspect that once they get a credit card number from someone to buy child porn, that guy can pretty much kiss it good bye. What's he gonna do, report his child porn dealer to the police for maxing out his card?
So just a different angle on the usual from our friends on the internet who spend night and day posting about all the "free" stuff they have for you.
I went out on a date with a girl a couple of times (who I met online), and she was telling me how she had to report her last boyfriend to the police after she found child porn on his PC.
And at some point mentioned either another boyfriend who she also had to report or had a friend who did. I don't know, I didn't stick around to nail down the details.:)
There are arguments about likelihood to commit a crime (I am here excluding "victimless" crimes, which I believe includes leeching child pornography), but we convict people for criminal acts, not likelihood to commit criminal acts.
The crime in that is inducing a minor to be photographed indecently exposed. Like statuatory rape, they are not legally capable of doing so voluntarily.
So one could say, oh, well, the one who took the pixtures is a criminal but everyone who bought them (or traded, etc.) didn't induce it. But of course the fact they are a market does induce it.
And it could be like a gang standing around a murder victim. Someone pulled the trigger, but who? You just convict them all is the only way to deal with it.
And we sadists in our wisdom unleash Windows XP as the tool to use. In fact it's a shite solution for that 90%.
I'm no MSFT fan, but are you kidding me. You have people basically downloading anything they think looks good to them. They are so greedy and so clueless bad people around the internet don't have to try very hard to own them.
Basically right now it's a wash. People get a lot of stuff for free, software, pictures, songs, movies, but some of them lose their bank accounts or even their identity. But hey, don't worry, click here to download.
The US have some weird attitudes to tits and nudity (playboy ain't really porn).
The US was founded by people apparently even too uptight by English standards. There's a good portion of Americans that started out dunking witches, and still at it waterboarding their demons.
On the other hand, we have some horrendous crimes committed by repeat violent sex offenders that should be locked up, but some young person has to die first before they will.
If you saw our Dateline investigative tv show showing one guy after another showing up at what he thinks is a young girl's house with booze and condoms, it is absolutely amazing. One guy even showed up at another house a second time while he was out on bond from the first visit.
But prosecutors that behave like this one with the Playboy thing among boys needs to be given a swift boot out the door.
rd
Re:There is an improved VB...
on
Lisp and Ruby
·
· Score: 1
In fact it was so good Microsoft stole the lead developer (http://en.wikipedia.org/wiki/Anders_Hejlsberg) from Borland and made C#.
If I'm not mistaken they bribed the whole dang development team away along with Anders to crush Delphi and create their own embraced and extended clone, C#.
Standard operating procedure through the years from them, just as they did to Foxpro and everyone else with superior Windows products. Anyone kicking the crap out of MSFT gets the same treatment, until there aren't any Windows products left kicking the crap out of MSFT.
Hence Linux, which MSFT can't crush with their usual MO.
Google refuses to show all of my site: only the front page, and the forums despite submitting a sitemap per the google specs. Any good advice for someone like me?
What it seems to me they are doing is not showing hits in searches for areas of a site that the algorithm determines is not core to the site premise. This I think is an attempt to make search results "relevant", or to put it more bluntly, keep sites from fooling the search engine and people using it from clicking on the site based on unrelated content.
Sort of the same premise as spam mail containing random bits of text to fool spam blockers.
Also links on the home page to those other pages will encourage search engine bots to find them.
How many days after a site has been transformed by hijackers/forum spammers/whoever into a pile of crap should it come off the top of googles search results? A day? A week?
If they'd maintained their site properly, it wouldn't have happened.
Why is this stuff being modded Insightful? Some spam posts residing briefly in an open forum does not make a site a "pile of crap", and removing the posts is "maintaining the site properly".
It was actually just a bad guess as to why the site dropped out of Google for a few days.
What, would the site owners have google preserve their site ranking even though the content on the site went in the toilet?
The nature of what is being talked about is that when you get dropped out of Google, no search hits list your site. Typing in your site URL results in "Your search did not match any documents."
It is as if your site no longer exists, and it doesn't in Google.
Despite the many guesses as to why this happens, there is no valid reason. It just happens, and your site generally reappears within a week or so.
Maybe you should stop relying on a single source for you advertising.
Maybe you should actually monitor your forums. You know, in case your customers need your help or a SPAM-bot goes on a rampage.
Maybe you should actually have a site that people care about so they'll keep coming back.
Maybe you should slashvertise and... wait, you did that.
If your site is worthwhile, dropping off Google for a week won't affect it that much, and you'll actually have control over your forums.
This was rated Insightful, but it's really silly.
Traffic coming from Google searches is not "advertising".
People come in from all over the world to sites to post links to their "you are so owned" site links. If you have a site of any consequence, and let people from all over the world register, you have to let them post their garbage before you can boot them. Google monitors site constantly, and will catch it as soon as posted.
My site is not of any consequence, and I delete the daily registrations from scumbag spammers, but Google and other search engine bots are constantly monitoring and catch whatever is posted or new member registrations with their info. I personally don't think Google dropped javalobby because of a spam posting. The nature of it is your site just drops off, and in cases like that not for any valid reason.
I have javalobby in my bookmarks, I'm registered there and have posted a few times, and all the uninformed comments about the site are just that, uninformed.
In the four years my site has been up, it has dropped out of Google a couple of times and reappeared within a week or so. No reason for it to drop, none for it reappearing. Just whatever shuffling goes on with Google software, happens.
But ever since the mid 1990's the industry thinks that cutting costs (which inevitably means cutting late life cycle costs such as operations) can be overcome with automation and hand-waving.
And this applies to every sizable government software development project since then as well. I know people pooh pooh sizable government software development on general principles, but the software attempting to be replaced were sizable government software development projects that worked.
But something about the mid-90's on, and I'm not seeing much news of success anymore. I think there's lots of hand waving going on that's not overcoming anything.
Why should the bank even care? I don't even remember the last time I balanced my checkbook.
The bank will care when one uses their incorrect balance in writing a check and writes a check for money they don't have. The bank responds with an overdraft charge.
I don't pay for overdraft protection. I balance my checkbook instead, but a lot more frequently and up to date with an online account than I used to with a monthly statement.
Your calculations are either "correct" or "not correct."
I agree with the wife. Partial credit for incorrect answer but correct method. And also only partial credit for correct answer achieved with incorrect method, such as counting fingers instead of memorizing multiplication tables.:)
Oh, what do you think you whippersnappers do that we didn't do 10 or 20 years ago, and in a few k of memory with a few megahertz of CPU.
As for the internet thing, it's just a bigger network than our Novell or phone line connections, other than having a bigger network the last 10 to 20 years have nothing on us.
The upside to this is that the same "forced" upgrade procedure MS are using to roll out IE7 can also be used to roll out bigfixes without user intervention, if IE7 was originally installed transparently anyway.
I am on Windows automatic update and was concerned after reading somewhere here on slashdot awhile back that IE7 would automatically be installed.
But I was given a dialog option to install IE7 or not, and I checked no. There was nothing forced whatsoever, so I'm not sure where that is coming from.
Sounds good in theory, but update uses activeX and that don't run in firefox so linking IE to firefox means the windosers wouldn't be able to update to coreect vulnerabilities.
IIRC, MSFT brought up IE automatically during intial fireup of my XP Pro system at a point where I accepted automatic updates. It hasn't been brought up since, and updates happen in background without IE.
If they weren't automatic, then the same thing would probably happen every time I updated.
Still, using IE as MSFT's communicator (pun intended) is fine. Just consider it a MSFT security utility (heavy dose of irony intended:)
The vast majority of this crap comes in via browser exploits these days.
And in Hacking - The Art of Exploitation by Jon Erickson, the entire book is illustrated with examples of breaking x86 Linux to take control. Now that Mac is x86 Unix I expect same principles would apply.
i thought holding a website for ransom was a problem
I've been seeing in the news all victories for anyone challenging ownership of a domain with their trademark. Doesn't look to be a problem anymore.
or unleashing a botnet DDOS to shut them down
I think the article referred to other malicious purposes that the botnet owner can use them for, and that would be one. I occasionally see references that companies get blackmailed but nothing about successful it might be.
A few years ago, I was doing systems engineering work for a technology firm when a UNIX systems administrator asked me to help him with a problem. He used a computer running the Microsoft Windows operating system and connected to the public Internet for testing, and that computer was behaving strangely. I took a quick look at it and immediately recognized the problem: The computer was infected with a worm.
"Okay. Now how do I get rid of it?" he asked.
"The computer doesn't belong to you anymore; it belongs to the bad guys now. You don't know what they might have done with it. Reformat it, re-install Windows, and get it patched."
He rebuilt it and came back to me in about an hour. His computer had become infected with the same worm while he was trying to install the security updates.
According to Sophos research published July 1, 2005, there's a 50 percent chance that an unpatched computer running the Windows operating system will be infected with a worm within 12 minutes of being connected to the Internet. That's bad news, because downloading and installing all the latest updates takes longer than 12 minutes. If you're deploying hundreds of computers, you really have no chance. So, how can you keep your new computers from being attacked before you can update them?
To confuse any one of these with AJAX itself suggests a fundamental ignorance of the subject.
There was no confusion in what I said. I referred to it a MSFT HTTP hack, and you named it.
Doubly so if he intends to claim to be an authority on the subject.
Plenty of people call it a protocol, but his authority was real life experience. And he was a lot more patient responding to you than most people would, like me for example.
I liken this to the international telephone call hacks several years back. Company PBX'es were hacked and international calls made through them, with the company getting the bill.
If the company didn't make routine international telephone calls, then a solution was to disable international phone calls.
At any level in the United States, it should be an option to disable internet traffic from, shall we say, countries where most attacks come from, or at least the bulk of it.
Now of course the botnet PC's are comprised of plenty of US PC's, that's not the point. The point is that the attacks that took them over come from overseas, and continued commands to the botnets come from the owners.
I have a small phpBB web site. I am attacked night and day with breakin attempts. When I look up the IP addresses, they are almost all from these few countries. If it is, I ban the entire ISP address range from registering and logging in, but the addresses can read the site I believe. If not from these countries, I ban the specific IP address.
For my site, I ban everything overseas because of no foreign interest in my US oriented content. The bans quickly accumulate to high level domains being banned, so the ban list for my site isn't that big.
I know it's not perfect, and I haven't done anything to generate the list but respond to attacks. But even an exact list of IP ranges for ISP's in countries where if you get a purchase, it would be from a stolen credit card, should be able to be handled by a firewall. I would include US ISP address ranges that don't implement the ban as a default, or in other words, become a hired US proxy to them.
So what I did for my site should be done publically, and software such as a firewall optionally configured to stop traffic to and from the ban list. I think for example ISP's should implement this for customer's except those who specify to be excluded. Botnet owners, not having any idea what their PC's are doing, would not normally be seeking exception from a standard ban.
It should be like an international phone call. People should be able to know what their PC's are bombarded with, and where it's coming from. For example, a firewall log should be easy to bring up and show the attacks coming in, and at least at a ligh level domain level what region the majority of the IP addresses of the attack is from. BlackICE displays the attacks very well, but just an IP address with it.
Whitelists are also good. This is to screen out the chatter, not inhibit useful communications. It's just that with some places very little useful communications is taking place, except useful to thieves.
Slashdot Mirror
Of course, in my original post, I stipulated that we were talking about those that are neither involved in the photography or purchase it. Would you consider that a market?
And how would they get it? They must either purchase or trade in their own child porn pictures to a group, which has to by now be very hard to do amidst all the scrutiny.
rd
I'll agree with clueless but I have an issue with "greedy". Because they are clueless they don't understand that "free" could equal bad.
Well that's a good point, but they know that what they are downloading is bootlegged, stolen goods. So yes, they don't want to buy a CD or movie but they'll take it if they can. That's greedy.
I used to record off of friend's CD's, and sharing is good, but the mass distribution thing is just pirating, and sad to say, whatever people had going on before may have been a lot of fun but now all they've got is a pipeline from hell out there on the internet.
rd
There's one point about these arguments I don't understand...
Why are the child porn types writing software that magically puts child porn on random people's computers?
It all becomes clear once you restate the question. How can we take a sucker for everything he's got?
The overlap of child porn types with those who write malicious internet software must be small indeed. So first of all, we're not talking child porn types. It's clear from news on busts that they do have clubs, and they do trade pictures, and some busts have been big, but we're talking Yahoo reject groups here, nothing more sophisticated than emailing or FTP'ing zip files to each other (where you have to contribute pictures to join the group).
We are talking instead people running malicious software, and it's the usual culprits. The same ones running bot nets to steal everything you have and own you if they can. Since child porn is pretty close to the most universally banned thing on earth, you can't store it on a server and lure people to it. So that's why it would be stored on innocent people's PC's that are owned.
And I suspect that once they get a credit card number from someone to buy child porn, that guy can pretty much kiss it good bye. What's he gonna do, report his child porn dealer to the police for maxing out his card?
So just a different angle on the usual from our friends on the internet who spend night and day posting about all the "free" stuff they have for you.
rd
It's a simple equation, really.
:)
Windows = Jail time
Or how about vengeful ex-girlfriend = Jail time.
I went out on a date with a girl a couple of times (who I met online), and she was telling me how she had to report her last boyfriend to the police after she found child porn on his PC.
And at some point mentioned either another boyfriend who she also had to report or had a friend who did. I don't know, I didn't stick around to nail down the details.
rd
There are arguments about likelihood to commit a crime (I am here excluding "victimless" crimes, which I believe includes leeching child pornography), but we convict people for criminal acts, not likelihood to commit criminal acts.
The crime in that is inducing a minor to be photographed indecently exposed. Like statuatory rape, they are not legally capable of doing so voluntarily.
So one could say, oh, well, the one who took the pixtures is a criminal but everyone who bought them (or traded, etc.) didn't induce it. But of course the fact they are a market does induce it.
And it could be like a gang standing around a murder victim. Someone pulled the trigger, but who? You just convict them all is the only way to deal with it.
rd
And we sadists in our wisdom unleash Windows XP as the tool to use. In fact it's a shite solution for that 90%.
I'm no MSFT fan, but are you kidding me. You have people basically downloading anything they think looks good to them. They are so greedy and so clueless bad people around the internet don't have to try very hard to own them.
Basically right now it's a wash. People get a lot of stuff for free, software, pictures, songs, movies, but some of them lose their bank accounts or even their identity. But hey, don't worry, click here to download.
Sort of like a reverse lottery.
rd
The US have some weird attitudes to tits and nudity (playboy ain't really porn).
The US was founded by people apparently even too uptight by English standards. There's a good portion of Americans that started out dunking witches, and still at it waterboarding their demons.
On the other hand, we have some horrendous crimes committed by repeat violent sex offenders that should be locked up, but some young person has to die first before they will.
If you saw our Dateline investigative tv show showing one guy after another showing up at what he thinks is a young girl's house with booze and condoms, it is absolutely amazing. One guy even showed up at another house a second time while he was out on bond from the first visit.
But prosecutors that behave like this one with the Playboy thing among boys needs to be given a swift boot out the door.
rd
In fact it was so good Microsoft stole the lead developer (http://en.wikipedia.org/wiki/Anders_Hejlsberg) from Borland and made C#.
If I'm not mistaken they bribed the whole dang development team away along with Anders to crush Delphi and create their own embraced and extended clone, C#.
Standard operating procedure through the years from them, just as they did to Foxpro and everyone else with superior Windows products. Anyone kicking the crap out of MSFT gets the same treatment, until there aren't any Windows products left kicking the crap out of MSFT.
Hence Linux, which MSFT can't crush with their usual MO.
rd
Google refuses to show all of my site: only the front page, and the forums despite submitting a sitemap per the google specs. Any good advice for someone like me?
What it seems to me they are doing is not showing hits in searches for areas of a site that the algorithm determines is not core to the site premise. This I think is an attempt to make search results "relevant", or to put it more bluntly, keep sites from fooling the search engine and people using it from clicking on the site based on unrelated content.
Sort of the same premise as spam mail containing random bits of text to fool spam blockers.
Also links on the home page to those other pages will encourage search engine bots to find them.
rd
How many days after a site has been transformed by hijackers/forum spammers/whoever into a pile of crap should it come off the top of googles search results? A day? A week?
If they'd maintained their site properly, it wouldn't have happened.
Why is this stuff being modded Insightful? Some spam posts residing briefly in an open forum does not make a site a "pile of crap", and removing the posts is "maintaining the site properly".
It was actually just a bad guess as to why the site dropped out of Google for a few days.
rd
What, would the site owners have google preserve their site ranking even though the content on the site went in the toilet?
The nature of what is being talked about is that when you get dropped out of Google, no search hits list your site. Typing in your site URL results in "Your search did not match any documents."
It is as if your site no longer exists, and it doesn't in Google.
Despite the many guesses as to why this happens, there is no valid reason. It just happens, and your site generally reappears within a week or so.
rd
Maybe you should stop relying on a single source for you advertising.
... wait, you did that.
Maybe you should actually monitor your forums. You know, in case your customers need your help or a SPAM-bot goes on a rampage.
Maybe you should actually have a site that people care about so they'll keep coming back.
Maybe you should slashvertise and
If your site is worthwhile, dropping off Google for a week won't affect it that much, and you'll actually have control over your forums.
This was rated Insightful, but it's really silly.
Traffic coming from Google searches is not "advertising".
People come in from all over the world to sites to post links to their "you are so owned" site links. If you have a site of any consequence, and let people from all over the world register, you have to let them post their garbage before you can boot them. Google monitors site constantly, and will catch it as soon as posted.
My site is not of any consequence, and I delete the daily registrations from scumbag spammers, but Google and other search engine bots are constantly monitoring and catch whatever is posted or new member registrations with their info. I personally don't think Google dropped javalobby because of a spam posting. The nature of it is your site just drops off, and in cases like that not for any valid reason.
I have javalobby in my bookmarks, I'm registered there and have posted a few times, and all the uninformed comments about the site are just that, uninformed.
In the four years my site has been up, it has dropped out of Google a couple of times and reappeared within a week or so. No reason for it to drop, none for it reappearing. Just whatever shuffling goes on with Google software, happens.
rd
If you want to use the metric system in your research, then use the metric system. What's stopping you?
Why do you need the government to change the speed limit signs if your problem is interoperating with scientists?
I'll add my amens to this.
rd
But ever since the mid 1990's the industry thinks that cutting costs (which inevitably means cutting late life cycle costs such as operations) can be overcome with automation and hand-waving.
And this applies to every sizable government software development project since then as well. I know people pooh pooh sizable government software development on general principles, but the software attempting to be replaced were sizable government software development projects that worked.
But something about the mid-90's on, and I'm not seeing much news of success anymore. I think there's lots of hand waving going on that's not overcoming anything.
rd
Why should the bank even care? I don't even remember the last time I balanced my checkbook.
The bank will care when one uses their incorrect balance in writing a check and writes a check for money they don't have. The bank responds with an overdraft charge.
I don't pay for overdraft protection. I balance my checkbook instead, but a lot more frequently and up to date with an online account than I used to with a monthly statement.
rd
Your calculations are either "correct" or "not correct."
:)
I agree with the wife. Partial credit for incorrect answer but correct method. And also only partial credit for correct answer achieved with incorrect method, such as counting fingers instead of memorizing multiplication tables.
rd
Aero and space are very unforgiving of human coding errors.
I don't see the Mars lander or whatever problem where something was in metric but the program coded for English measurements, IIRC.
rd
...20, or in some cases even 10 years ago.
Oh, what do you think you whippersnappers do that we didn't do 10 or 20 years ago, and in a few k of memory with a few megahertz of CPU.
As for the internet thing, it's just a bigger network than our Novell or phone line connections, other than having a bigger network the last 10 to 20 years have nothing on us.
rd
The upside to this is that the same "forced" upgrade procedure MS are using to roll out IE7 can also be used to roll out bigfixes without user intervention, if IE7 was originally installed transparently anyway.
I am on Windows automatic update and was concerned after reading somewhere here on slashdot awhile back that IE7 would automatically be installed.
But I was given a dialog option to install IE7 or not, and I checked no. There was nothing forced whatsoever, so I'm not sure where that is coming from.
rd
Sounds good in theory, but update uses activeX and that don't run in firefox so linking IE to firefox means the windosers wouldn't be able to update to coreect vulnerabilities.
:)
IIRC, MSFT brought up IE automatically during intial fireup of my XP Pro system at a point where I accepted automatic updates. It hasn't been brought up since, and updates happen in background without IE.
If they weren't automatic, then the same thing would probably happen every time I updated.
Still, using IE as MSFT's communicator (pun intended) is fine. Just consider it a MSFT security utility (heavy dose of irony intended
rd
The vast majority of this crap comes in via browser exploits these days.
And in Hacking - The Art of Exploitation by Jon Erickson, the entire book is illustrated with examples of breaking x86 Linux to take control. Now that Mac is x86 Unix I expect same principles would apply.
rd
i thought holding a website for ransom was a problem
I've been seeing in the news all victories for anyone challenging ownership of a domain with their trademark. Doesn't look to be a problem anymore.
or unleashing a botnet DDOS to shut them down
I think the article referred to other malicious purposes that the botnet owner can use them for, and that would be one. I occasionally see references that companies get blackmailed but nothing about successful it might be.
rd
...but I just do not buy the rubbish that every Windows machine gets compromised in five minutes.
t /articles/080305tn.mspx
I don't know why your post is considered Insightful. Because you said 5 minutes instead of 12 minutes? This from MSFT's web site:
http://www.microsoft.com/technet/desktopdeploymen
Techniques for Patching New Computers
Published: August 3, 2005
By Tony Northrup
I've Been Hacked Already?
A few years ago, I was doing systems engineering work for a technology firm when a UNIX systems administrator asked me to help him with a problem. He used a computer running the Microsoft Windows operating system and connected to the public Internet for testing, and that computer was behaving strangely. I took a quick look at it and immediately recognized the problem: The computer was infected with a worm.
"Okay. Now how do I get rid of it?" he asked.
"The computer doesn't belong to you anymore; it belongs to the bad guys now. You don't know what they might have done with it. Reformat it, re-install Windows, and get it patched."
He rebuilt it and came back to me in about an hour. His computer had become infected with the same worm while he was trying to install the security updates.
According to Sophos research published July 1, 2005, there's a 50 percent chance that an unpatched computer running the Windows operating system will be infected with a worm within 12 minutes of being connected to the Internet. That's bad news, because downloading and installing all the latest updates takes longer than 12 minutes. If you're deploying hundreds of computers, you really have no chance. So, how can you keep your new computers from being attacked before you can update them?
end quote
rd
To confuse any one of these with AJAX itself suggests a fundamental ignorance of the subject.
There was no confusion in what I said. I referred to it a MSFT HTTP hack, and you named it.
Doubly so if he intends to claim to be an authority on the subject.
Plenty of people call it a protocol, but his authority was real life experience. And he was a lot more patient responding to you than most people would, like me for example.
rd
Disrupt the botnets as much as possible.
I liken this to the international telephone call hacks several years back. Company PBX'es were hacked and international calls made through them, with the company getting the bill.
If the company didn't make routine international telephone calls, then a solution was to disable international phone calls.
At any level in the United States, it should be an option to disable internet traffic from, shall we say, countries where most attacks come from, or at least the bulk of it.
Now of course the botnet PC's are comprised of plenty of US PC's, that's not the point. The point is that the attacks that took them over come from overseas, and continued commands to the botnets come from the owners.
I have a small phpBB web site. I am attacked night and day with breakin attempts. When I look up the IP addresses, they are almost all from these few countries. If it is, I ban the entire ISP address range from registering and logging in, but the addresses can read the site I believe. If not from these countries, I ban the specific IP address.
For my site, I ban everything overseas because of no foreign interest in my US oriented content. The bans quickly accumulate to high level domains being banned, so the ban list for my site isn't that big.
I know it's not perfect, and I haven't done anything to generate the list but respond to attacks. But even an exact list of IP ranges for ISP's in countries where if you get a purchase, it would be from a stolen credit card, should be able to be handled by a firewall. I would include US ISP address ranges that don't implement the ban as a default, or in other words, become a hired US proxy to them.
So what I did for my site should be done publically, and software such as a firewall optionally configured to stop traffic to and from the ban list. I think for example ISP's should implement this for customer's except those who specify to be excluded. Botnet owners, not having any idea what their PC's are doing, would not normally be seeking exception from a standard ban.
It should be like an international phone call. People should be able to know what their PC's are bombarded with, and where it's coming from. For example, a firewall log should be easy to bring up and show the attacks coming in, and at least at a ligh level domain level what region the majority of the IP addresses of the attack is from. BlackICE displays the attacks very well, but just an IP address with it.
Whitelists are also good. This is to screen out the chatter, not inhibit useful communications. It's just that with some places very little useful communications is taking place, except useful to thieves.
rd