Firewall just noticed me there was some kind of attempt made from a remote host infected with PE_NIMDA.A to connect on port 80 here…
Since port 80 is web server I think it’s faily possible someone who clicked on my signarure’s URL is infected with that virus.
The IP and name is: h-66-134-165-210.lsanca54.covad.net [66.134.165.210] so if anyone is on covad.net, I strongly suggest you scan your HD for viruses.
If you don’t have a virus scanner, try this, it’s excellent.
Looks dangerous too from what they’ve said:
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=PE_NIMDA.A
That’s exactly why I decided to post the info here. It might not be from one of the users here. Could be someone who got the URL from google but just to be safe…
Well, I wouldn’t post anyone’s IP. I would have PM’d an admin to search for the possible user with that IP. But, maybe I’m paranoid.
I understand your point of view Gringo but in that case I make a case of being public because first, nobody knows anyone’s IP if you’re not an admin and second, it’s too important an issue to try to go by a secondary channel (admins/mods). Since we know the provider (covad) it’ll be much faster and easier for the infected person to know they’ve been infected.
Anyway, IPs nowadays are move volitile than kerosene at high altitude so, I don’t think it’s a problem 
I just hope that person willl get that infection fixed soon
Another alert… Codered.a this time coming from:
Pinging rugby-na.com [204.19.189.19]
People… Virus scanners are not for sheeps damn it! 
when exactly did this happen? i pressed it but ive done loads of virus scans cos of pesky e-mails so i doubt its me
i have the IP of my router and computer + the ISP host domain so if i see it posted ill tell you, are you infected and wots with the webby now, if i click it will i be infected or is it some attept the firewall blocked?
lets find out (not that i really give a shit about my compy, its old as hell)
EDIT: Seems to be a common one now http://securityresponse.symantec.com/avcenter/venc/data/w32.nimda.a@mm.html
No, I’m not infected. It’s just my firewall poping-up those warning about the virus trying to connet to a certain port. I check the firewall log and I can get the IP.
ping -a [IP] in a DOS windows will resolve the name [-a will try reverse DNS if it exists]. I’m not at risk really but I find it damn annoying to say the least.
:banghead:
Ahem… hrrmm yeah… I did… uh huh… runs to make an update on the site 
Well, I think sending the email to the owner of the domain helped. I was at 10 attacks in the last 24 hrs :@ I sent them an email and it stopped… 
