Is this a hack attempt...

RawAlex · 2004-09-09, 11:17 PM

Opti, those scans are VERY common, I get them on almost every domain I own that appears in DMOZ, YAHOO, or Google.

they are looking for certain scripts, especially things with either default passwords or known issues. They catalog the whole pile, and when they need a server to use, they go back through the pile and start more agressive hack attempts.

What they truly want is access to something that will either allow them to mail, allow them to spread a virus, or run a denial or service attack from.

You should treat these sorts of attempts seriously if you have any of that stuff on your servers. If you really find yourself getting hit hard, you can just have a cgi reply to them with an ENDLESS stream of characters, which should overload their system after a while.

Basically, they are rattling doorknobs to see if anything is unlocked.

Alex

2004-09-09, 11:17 PM	#1
RawAlex Took the hint. Join Date: Mar 2003 Posts: 5,597	Opti, those scans are VERY common, I get them on almost every domain I own that appears in DMOZ, YAHOO, or Google. they are looking for certain scripts, especially things with either default passwords or known issues. They catalog the whole pile, and when they need a server to use, they go back through the pile and start more agressive hack attempts. What they truly want is access to something that will either allow them to mail, allow them to spread a virus, or run a denial or service attack from. You should treat these sorts of attempts seriously if you have any of that stuff on your servers. If you really find yourself getting hit hard, you can just have a cgi reply to them with an ENDLESS stream of characters, which should overload their system after a while. Basically, they are rattling doorknobs to see if anything is unlocked. Alex