Also, <3 autoblacklisting features and honeypots. All this vunrability canvasing and bot/worm/proxy/spam crap is a total waste of internet capacity. Yet, nobody puts pressure on either countries to tackle it. Half of it is from China or Russia, the other half of it is from compromised/proxy boxes, probably originating from China or Russia. Jeg har en server med apache, og jeg har for nylig installeret modsecurity2, fordi jeg bliver angrebet meget af dette: Min apache-version er apache v2.2.3, og jeg bruger modsecurity2. It seems to occur when a system is scanned by script kiddies using the DFind vulnerability scanner. But last night the apache server restarted and the log files showed some strange requests: Sun Oct 22 00:43:41 2006 error client. GET/w00tw00t.at. :) HTTP/1.1 GET/HTTP/1.1 Accept: application. Tue Mar 24 10:56:43 2009 error client 193.167.100.161 client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /w00tw00t.at. Click to expand. Just people scanning to see if there are unprotected administration files on my server I guessed. The solution is to keep OS and applications up to date, and to monitor logs for specific directed activity.Yup, you hit the nail squarely on the head here. The following log shows the part of request carried out by Dfind scanner. If i block the port for 5 minutes or so, they stop, but they return some hours or days later. I also get malformed SMTP requests in an attempt to break my mailserver.ĪFIK I'm not specifically targeted, but at some time there is a port scan of my IP addresses, the open ports are noted and that triggers some attacks. My server gets probed each and every day - some are malformed requests, some are requests for 'speculative' pages (like looking for phpmyadmin, others probe and try to log in through SSH (on one night I had 50,000 attempts. It isn't his computer/system that is being scanned specifically - his just happens to be in range.
0 kommentar(er)
