RE: [incidents] Bots hitting my web server?
From: zcat@bsd.co.nzDate: 08/30/02
- Previous message: David LeBlanc: "RE: Trojan? DDOS Bot?"
- In reply to: Marco A. Zamora Cunningham: "RE: [incidents] Bots hitting my web server?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 30 Aug 2002 18:48:19 +1200 (NZST) From: <zcat@bsd.co.nz>
> You're not seeing bots, you're seeing surfers in a misguided
> attempt to keep their "anonymity," or to defeat proxies
> that filter by domain/host in corporate/school environments
> (hence the porn site requests you see in your logs).
Here's another suggestion. Reconfigure apache so that every time someone
attempts to use it as a proxy it returns (in the appropriate format;
html, jpg, etc to match the request) a small message announcing that the
request and client IP are being logged to a publically accessable web
page. On that web page explain WHY you're doing this (cost of bandwidth
etc). That should get you off the end-user's proxy lists very quickly,
and will eventually help with the public lists too. And it'll educate a
few of the proxy-list users who are probably under the impression that all
proxies are run intentionally as a public service, like IRC servers and
MUD's.
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
- Previous message: David LeBlanc: "RE: Trojan? DDOS Bot?"
- In reply to: Marco A. Zamora Cunningham: "RE: [incidents] Bots hitting my web server?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
