Mailing List Archive

   tlug.jp -> Mailing List -> tlug archive -> tlug Mailing List Archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tlug] Script Kiddy Defence Script

--Signature_Thu__9_Jun_2005_19_07_45_+0900_njj1ZG7VrbIuV0nM
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: quoted-printable

Hi!

On Thu, 9 Jun 2005 18:02:47 +0900 (JST)
Joe Larabell <larabell@?jp> wrote:

> > Yes, I'm planning to do that. Not sure yet which other attacks are
> > worth considering...  maybe port scans, exploit tests via http...
> > well, if someone has ideas, let me know.
> I wrote a short perl script to scan a weblog in real-time looking for
> the typical IIS exploits. In my case, I was less forgiving, in that I
> blocked the IP until the following midnight (just because I didn't
> want to have to deal with counting down timeouts and the like -- just
> run a cronjob to clear out the SHITLIST chain at midnight every day.
> It cut down on a lot of crud in the web logs. I'll send you the
> script if you're interested.

Yes, sounds interesting (even though I don't like perl at all ;-).

--=20
  Michael Reinsch <mr@example.com>                      http://mr.uue.org/
------------------------------------------------------------------------

--Signature_Thu__9_Jun_2005_19_07_45_+0900_njj1ZG7VrbIuV0nM
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)

iD8DBQFCqBTxt65wZuOiwM0RAv9FAKCaWq7mh2IOyONfAeXCy6nQEhFYPwCgqk6O
P/Z4DHf8ZoYG4GRR4fYX9fo=
=bmRp
-----END PGP SIGNATURE-----

--Signature_Thu__9_Jun_2005_19_07_45_+0900_njj1ZG7VrbIuV0nM--
Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links