[H-GEN] weird web server logs
Marco Grigull
kni501ss at optushome.com.au
Sun Feb 23 08:38:39 EST 2003
[ Humbug *General* list - semi-serious discussions about Humbug and ]
[ Unix-related topics. Posts from non-subscribed addresses will vanish. ]
On Sun, 23 Feb 2003 20:29:03 +1000
Stuart Longland <stuartl at longlandclan.hopto.org> wrote:
>
> It makes me wonder if I should confuse their hacking utility by making
> a smart-arsed CGI script called cmd.exe... They'll try just about every
> conceivable combination which makes me wonder if this is a utility doing
> this, not a raw telnet terminal. The lack of a HTTP User Agent here
> seems to support this theory.
>
<a lot of stuff cut>
>
> Yes, we've actually had someone in Thailand attempt over 300 times
> along with hundreds of others (much to my amusement), to get into our
> server, without success. As far as blocking this sort of thing, I did
> manage to make a perl script which watches the apache logs and uses the
> iptables command under Linux to block people after 5 attempts.
>
Daniel, one of the pf authors, devised a method of stalling spammers by wasting their time.
The details of how this is setup is on http://www.benzedrine.cx/relaydb.html
I figure that something similar could be done with a web server, an outward accellerating
squid setup or even honeypots. So, if a script kiddie is detected, allow only one
concurrent connection, and make sure it is dead slow.
just my 2c
Marco
--
* This is list (humbug) general handled by majordomo at lists.humbug.org.au .
* Postings to this list are only accepted from subscribed addresses of
* lists 'general' or 'general-post'. See http://www.humbug.org.au/
More information about the General
mailing list