Re: "suspicious" apache log entries
On Thu, Sep 12, 2002 at 09:22:43AM +0200, Marcel Weber wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Something that would be totally legal would be to send an email to the
> webmaster@infected-domain.vir, in the hope, that they have such an email
> address. Of course one has to pay attention, that this email address
> does not get flooded, when thousands of the
> call-attention-to-your-infected-nimda-machine-script would answer the
> attempted nimda attack in such a way. This would mean, a kind of central
> database, where those infected machines would get registered.
>
> A step further would be to ask the webmaster to reply to this email. If
> he does not within a given timeframe, one could try to let his server's
> speakers beep or whatever-not-to-harmful-option there is.
>
> I think after sending emails and trying to reach the responsable person
> (after the RFC there has to be such an email address), the second step
> would be legally okay in most countries.
>
> Marcel
I can see that sending an email is an approriate legal, and
responsible course of action.
However to make his servers beep, you still need to perform an illegal
act of cracking into his box. Regardless of what you intend to do when
you get in there, it is still unauthorized access to the computer. If
it is legal to crack a box for 'good' reasons, what do you think the
real crackers will say there were doing if they get caught?
Unless we could popularise running a 'alert-me-if-my-box-is-screwy'
daemon, which when it receives a message it beeps, displays a message,
and keeps beeping until an operator acks the message.
Of course, this would probably just become another vehicle for spam.
(Unless there was some sort of hashcash thing used that I read about on
./)
Cheers
Geoff
Reply to: