Mailing List Archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tlug] Blocking unknown and unclear bots



On 02/23/2010 07:37 PM, Stephen J. Turnbull wrote:
Curt Sampson writes:

  >  I don't understand. So if a "good" bot and a "bad" bot swop IP
  >  addresses, you start blocking the (presumably ex-) "good" bot, and now
  >  allow the (presumably ex-) "bad" bot?

Yup.  I have a couple of correspondents with addresses in the
163.com domain. :-)  And of course there's always the potential issue
with new ISPs that their IP block used to harbor spammers, and once it
was blacklisted enough, the spammers sold it on.


So with that in mind,
What we are saying is a good bot is looking for content, a bad bot is looking for exploits.

How would one sensor a bot based on these kind of queries it makes?

A brief example is all I am looking for. Frequently Drupal becomes vulnerable to Cross Site Scripting attacks, and if I found a bot that was searching for that, how would I stop, delay or other wise thwart their evil.

The obvious answer is patch the system, but with zero day exploits, a patch may not yet be available.

E./


Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links