[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: "suspicious" apache log entries

On Thu, Sep 12, 2002 at 09:22:43AM +0200, Marcel Weber wrote:
> Hash: SHA1
> Something that would be totally legal would be to send an email to the 
> webmaster@infected-domain.vir, in the hope, that they have such an email 
> address. Of course one has to pay attention, that this email address 
> does not get flooded, when thousands of the 
> call-attention-to-your-infected-nimda-machine-script would answer the 
> attempted nimda attack in such a way. This would mean, a kind of central 
> database, where those infected machines would get registered.
> A step further would be to ask the webmaster to reply to this email. If 
> he does not within a given timeframe, one could try to let his server's 
> speakers beep or whatever-not-to-harmful-option there is.
> I think after sending emails and trying to reach the responsable person 
> (after the RFC there has to be such an email address), the second step 
> would be legally okay in most countries.
> Marcel

  I can see that sending an email is an approriate legal, and
  responsible course of action.
  However to make his servers beep, you still need to perform an illegal
  act of cracking into his box. Regardless of what you intend to do when
  you get in there, it is still unauthorized access to the computer. If
  it is legal to crack a box for 'good' reasons, what do you think the
  real crackers will say there were doing if they get caught?

  Unless we could popularise running a 'alert-me-if-my-box-is-screwy'
  daemon, which when it receives a message it beeps, displays a message,
  and keeps beeping until an operator acks the message.
  Of course, this would probably just become another vehicle for spam.
  (Unless there was some sort of hashcash thing used that I read about on 


Reply to: