Re: PHP injection attempt from 200.222.244.154

From: Barrie Dempster (barrie_at_reboot-robot.net)
Date: 12/07/04

  • Next message: Andreas Putzo: "ftp warez server snake ?" 
    To: incidents@securityfocus.com
Date: Tue, 07 Dec 2004 19:24:09 +0000

    On Sun, 2004-12-05 at 00:00 +0000, Jez Han*** wrote:
    <snip>
    > I'd thought about doing something similar to KEM Hosting's script
    > above regarding turning tables or automating in some how an abuse
    > complaint procedure. For a while I started to notify the owners of
    > domains that were hosting the injection scripts that they possibly had
    > a problem, but this got tedious quite quickly. Automating the
    > procedure by intercepting the requests for bad URIs and redirecting
    > them to a script that drafts together an abuse report might be
    > interesting and save some time though.
    >

    I'm not a real fan of automated action against intruders, it's often too
    easy to abuse it for nefarious purposes.

    However you might want to look at mod_security
    ( http://www.modsecurity.org/ ) as a possible product to achieve your
    purpose, it's designed to do exactly what you want and a bit more.
    With Regards..
    Barrie Dempster (zeedo) - Fortiter et Strenue

      http://www.bsrf.org.uk

    [ gpg --recv-keys --keyserver www.keyserver.net 0x96025FD0 ]

  • Next message: Andreas Putzo: "ftp warez server snake ?"
    • Quantcast