"Why on earth would you do that? Unless you're really tight for drive space, this doesn't hurt anything--but now you've killed web access to your server from a very large block of the internet."
I'm not tight for drive space but the huge logs make backups take a lot longer and require more external storage space.
I hated wadeing through all that nonsense to see the real info in the logs.
Also as I understand the operation of the two viruses in question, they check active web servers for a whole slew of files. If they don't get a responce from a probed address, they don't probe again for quite a while. If they do get a valid responce from the first probe, they check for a half dozen other files. And then probe that IP again every hour. So while SME is imune to the attack from an infection point of view, the attacks still eat bandwidth. And on my connection that bandwidth consumption was pretty severe. Hundreds of seperate hosts every day from 24.x.x.x ip's.
I'm aware that I've killed web access from a large piece of the net but I'm not that concerned about it. I don't have much to offer on my server. It's primarily for my personal use.
I suspect there is a way to inspect the packets in detail and drop the ones looking for particular files. But I havn't learned enough to do that yet.