On Tue, 9 Aug 2005, Gunther Herzog wrote:
HI Gunther!
Ever since installing Drupal, my log seems to be bombarded daily with requests for (in order of frequency:
_vti_bin/_vti_aut/fp30reg.dll stat-cgi/awstats.pl
and just lately...
scripts/..\..//winnt/system32/cmd.exe
Luckily none of these accessible (or even installed) on my reasonably-secure Linux/Apache box.
Are these well-known security loopholes? I've
Yes, probably from virus/trojan infected windows machines.
This seems to have done the trick thus far, at least when it comes to keeping my Drupal log from clogging up. Hopefully the "Gone" header result will prevent repetitive attempts as well.
I doubt it.
Though I am seriously contemplating more aggressive tactics, such as:
- Auto-redirecting them to their own IP address.
- Auto-reporting them on appropriate abuse
groups on USENET
Well, the latter would probably cause some unwelcome results. I used to create scripts in place of the requested files that servered their answers v e r y slowly in the hope to slow the requstign machine down.
Cheers, Gerhard