From owner-freebsd-questions@FreeBSD.ORG Fri Jan 14 16:36:39 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4350A16A4CE for ; Fri, 14 Jan 2005 16:36:39 +0000 (GMT) Received: from out004.verizon.net (out004pub.verizon.net [206.46.170.142]) by mx1.FreeBSD.org (Postfix) with ESMTP id C08D443D53 for ; Fri, 14 Jan 2005 16:36:38 +0000 (GMT) (envelope-from FreeBSD@keyslapper.org) Received: from keyslapper.org ([68.163.251.221]) by out004.verizon.net (InterMail vM.5.01.06.06 201-253-122-130-106-20030910) with ESMTP id <20050114163638.IKRE8290.out004.verizon.net@keyslapper.org> for ; Fri, 14 Jan 2005 10:36:38 -0600 Received: from localhost (localhost [127.0.0.1]) by keyslapper.org (Postfix) with ESMTP id 2BA08115CB for ; Fri, 14 Jan 2005 11:36:37 -0500 (EST) Received: from keyslapper.org ([127.0.0.1]) by localhost (keyslapper.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 79669-07 for ; Fri, 14 Jan 2005 11:36:37 -0500 (EST) Received: by keyslapper.org (Postfix, from userid 1001) id EF598115C9; Fri, 14 Jan 2005 11:36:36 -0500 (EST) Date: Fri, 14 Jan 2005 11:36:36 -0500 From: Louis LeBlanc To: freebsd-questions@freebsd.org Message-ID: <20050114163636.GD79199@keyslapper.org> Mail-Followup-To: freebsd-questions@freebsd.org References: <20050114140441.G802@kenmore.kozy-kabin.nl> <20050114160030.GB9164@akroteq.com> <20050114101747.1304c5e7@jacob.6texans.net> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <20050114101747.1304c5e7@jacob.6texans.net> User-Agent: Mutt/1.5.6i X-Virus-Scanned: amavisd-new at keyslapper.org X-Authentication-Info: Submitted using SMTP AUTH at out004.verizon.net from [68.163.251.221] at Fri, 14 Jan 2005 10:36:38 -0600 Subject: Re: Odd (alarming) http log exerpt X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: freebsd-questions@FreeBSD.org List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 Jan 2005 16:36:39 -0000 On 01/14/05 10:17 AM, Jacob S sat at the `puter and typed: > On Fri, 14 Jan 2005 07:00:30 -0900 > Andy Firman wrote: > > > On Fri, Jan 14, 2005 at 02:08:20PM +0100, Colin J. Raven wrote: > > > What is this person doing? or attempting to do? I'm guessing nothing > > > > > > good. > > > Is there anything within...say httpd.conf..that I could do to > > > prevent > > > this..or curtail it before it grows to such an enormous size. > > > > Looks like a WebDAV exploit. You can run conditional logging in > > your apache server to ignore it. > > If I'm not mistaken, you can also do something fun, like use mod_rewrite > to redirect them to fbi.com whenever they try an attack like that. I like that idea. Reminds me of the day we discovered http://www.taliban.org/ There was a Careers page - seriously - apparently trying to recruit suicide bombers. One of my coworkers (thick Russian accent, which makes it a little more amusing) actually called the number to see if it was real. "Thank you for calling the National Offices for the Federal Bureau of Investigation . . ." . . . at which point she panicked and hung up. And of course we all fell about the place laughing ourselves silly. The question is whether the Bureau would log the referrer URL. BTW, I think it would be FBI.gov, yes? L -- Louis LeBlanc FreeBSD@keyslapper.org Fully Funded Hobbyist, KeySlapper Extrordinaire :) http://www.keyslapper.org ԿԬ Bloom's Seventh Law of Litigation: The judge's jokes are always funny.