ts wrote: >>>>>>"D" == David Ross <dross / code-exec.net> writes: >>>>>> >>>>>> > >D> Yes, it will part of a solution, > > Associate it with another test (captcha, or what you want) > > * positive response from a majority of RBL, the user need to pass a test > (captcha, ..) > > * otherwise he is accepted > >D> the other part is having something scan the host for known >D> ports. > > This is not the purpose of xbl.spamhaus.org (exploits block list) to > detect such hosts ? > > >Guy Decoux > > > > > oops, I mean real-time scanning like Freenode networks. Sure, the lists have some open relays, etc. Computers are infected all the time, so its up to a scanning to see who is infected. There are HTTP1.1 proxies which use CONNECT, SOCKS4/5 servers, other types of servers which are constructed for use in attacks. Hell, some people attack using over 50 hops(computers one after another connecting to the next just to attack). For Freenode to block some "kiddies" I had to help freenode with the current ports they were scanning and sent over a list of (elite) ports because somene accessed the list and wanted to act stupid so they decided to launch bot attacks. It was interersting how many attacks there are now since I gave them a list. Of course there are still the ocasion irc-trojan attacks which are not commanded by port communication, but a virus infects a computer to get information off a designated IRC server. Join the channel, and the master of a botnet attacks. Unless someone actually wants to be that stupid to attack a wiki, which is less likely. <finish for now, time ended for tea> David Ross -- Hazzle free packages for Ruby? RPA is available from http://www.rubyarchive.org/