[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: "suspicious" apache log entries

On Tue, Sep 10, 2002 at 10:00:13AM -0700, Vineet Kumar wrote:
> I understand that the tools exist, but I'd be very cautious before
> donning your white hat and becoming the next Internet vigilante.  Of
> course the admin of the site may be grateful for your pointing out that
> something is wrong, but more likely they'll blame you for any damage
> they find (no matter how they were originally infected) and be very
> angry about any change you make to their site.  Remember, if they had a
> clue, they'd already know and be working on fixing the problem (or never
> have been running IIS in the first place).

 Nobody said anything about changing the web site, or anything on their hard
drive.  The suggestion was to pop up a window on the desktop.  (This makes
sense because I suppose even servers that are running an MS OS usually have
a desktop that someone will look at when something goes wrong.)

 Taking down the TCP stack is of questionable legality, and it would be nice
if there was an easier way to call attention to the machine.  Maybe beeping
the PC speaker in morse code for S.O.S. would work.  (Do rackmount servers
have a PC speaker?) Some people disable the PC speaker, but if they have a
sound card, you could use that.  (Then you could say make their computer say
"I'm infected, help me"...)

#define X(x,y) x##y
Peter Cordes ;  e-mail: X(peter@llama.nslug. , ns.ca)

"The gods confound the man who first found out how to distinguish the hours!
 Confound him, too, who in this place set up a sundial, to cut and hack
 my day so wretchedly into small pieces!" -- Plautus, 200 BC

Reply to: