[PLUG] strange http requests
fh hillsboro
linux at frankhunt.com
Tue Nov 15 00:15:08 UTC 2005
Yeah, you're probably right, but with my hobby website I don't really
care if I block the world. Or, at least China and Eastern Europe :-)
Elliott Mitchell wrote:
>>From: fh oregon <linux at frankhunt.com>
>>If you give your logs a good look, you will most likely find references
>>to all kinds of "stuff" in there. I run a check daily looking for 404
>>errors with an associated .exe or .cgi or .pl associated with them.
>>These are caused by someone up to no good. I trap their IP address and
>>exclude them from my web site from then on with the Deny <IP> directive.
>>
>>
>
>Problem is you're most likely to catch worms and zombies this way, than
>do any real good. In the case of dialup systems you're going to have to
>block large numbers of IP addresses, and you get a lot of uninvolved
>parties.
>
>Better is to provide an alert to the poor sap whose machine has been
>turned into swiss cheese. In this general category was the classic of
>creating a 64KB file of zeros named "default.ida", because this crashed
>the worm.
>
>
>
>
--
Frank Hunt
Confused Linux Admin
General Fool About Town
More information about the PLUG
mailing list