[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: weird http probes



On Monday 28 June 2004 20.56, Joris wrote:

> I noticed the following just now in my apache logs:
[...]
> Notice the very uncool double reverse resolve of that ip:
AFAIK such double reverse resolves are, while uncommon, perfectly legal.

> I don't know what's the dominant feeling on this right now...
> I'm concerned this meight be some kind of security scan (not worried
> about that machine, but just about a new attack in general).

Best guess is a script kiddie looking for vulnerable host. Whether it's 
for an old or a new attack is anybody's guess. Just be sure your 
installation is current.

> I'm a little angry because I meight be used into online statistics
> without my permission, and I fear for my privacy if I've ended up on
> some "probe these hosts" list.

Well, you shouldn't be worried about your privacy - you *do* off er a 
web server, so anybody can query it. If you don't want that, don't run 
a webserver, or don't have it open to the public.

Also, you seem to have a phpinfo.php in your home - do you really want 
to publish that information? I'm sorry to tell you, but if you don't 
want to publish that information, why do you offer that file?

As for statistics: put in a robots.txt file (User-Agent: *\nDisallow: /) 
in your web home. Legitimate companies will respect that. Other than 
that, you can't really do much about it, except making access 
inconvenient for automated web-spidering - but this will also make it 
invonventient for human users...

greetings
-- vbi


-- 
Hail Eris!

Attachment: pgpm6iWmVsVAV.pgp
Description: signature


Reply to: