[drupal-support] Problem (hacker attempt to access FrontPage
extensions--and then some)
Gerhard Killesreiter
killesreiter at physik.uni-freiburg.de
Tue Aug 9 16:32:18 UTC 2005
On Tue, 9 Aug 2005, Gunther Herzog wrote:
HI Gunther!
> Ever since installing Drupal, my log seems to be
> bombarded daily with requests for (in order of
> frequency:
>
> _vti_bin/_vti_aut/fp30reg.dll
> stat-cgi/awstats.pl
>
> and just lately...
>
> scripts/..\\..//winnt/system32/cmd.exe
>
> Luckily none of these accessible (or even
> installed) on my reasonably-secure Linux/Apache
> box.
> Are these well-known security loopholes? I've
Yes, probably from virus/trojan infected windows machines.
> This seems to have done the trick thus far, at
> least when it comes to keeping my Drupal log
> from clogging up. Hopefully the "Gone" header
> result will prevent repetitive attempts as well.
I doubt it.
> Though I am seriously contemplating more
> aggressive tactics, such as:
>
> * Auto-redirecting them to their own IP address.
> * Auto-reporting them on appropriate abuse
> groups on USENET
Well, the latter would probably cause some unwelcome results.
I used to create scripts in place of the requested files that servered
their answers v e r y slowly in the hope to slow the requstign machine
down.
Cheers,
Gerhard
More information about the drupal-support
mailing list