From owner-freebsd-questions@FreeBSD.ORG Fri Jan 14 16:52:25 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9A63F16A4CE for ; Fri, 14 Jan 2005 16:52:25 +0000 (GMT) Received: from longbow.arroway.com (peppercornbooks.com [66.252.129.171]) by mx1.FreeBSD.org (Postfix) with SMTP id E3D5643D1D for ; Fri, 14 Jan 2005 16:52:24 +0000 (GMT) (envelope-from stormspotter@6Texans.net) Received: (qmail 31758 invoked by uid 1007); 14 Jan 2005 16:52:24 -0000 Received: from stormspotter@6Texans.net by longbow by uid 1004 with qmail-scanner-1.22-st-qms (clamdscan: 0.75.1. spamassassin: 2.64. Clear:RC:1(64.109.19.173):. Processed in 0.281068 secs); 14 Jan 2005 16:52:24 -0000 Received: from adsl-64-109-19-173.dsl.rcfril.ameritech.net (HELO jacob.6texans.net) (64.109.19.173) by longbow.arroway.com with SMTP; 14 Jan 2005 16:52:23 -0000 Date: Fri, 14 Jan 2005 10:54:35 -0600 From: Jacob S To: freebsd-questions@FreeBSD.org Message-ID: <20050114105435.1d4fd06a@jacob.6texans.net> In-Reply-To: <20050114163636.GD79199@keyslapper.org> References: <20050114140441.G802@kenmore.kozy-kabin.nl> <20050114160030.GB9164@akroteq.com> <20050114101747.1304c5e7@jacob.6texans.net> <20050114163636.GD79199@keyslapper.org> X-Mailer: Sylpheed-Claws 0.9.13 (GTK+ 1.2.10; i386-pc-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: Re: Odd (alarming) http log exerpt X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 Jan 2005 16:52:25 -0000 On Fri, 14 Jan 2005 11:36:36 -0500 Louis LeBlanc wrote: > On 01/14/05 10:17 AM, Jacob S sat at the `puter and typed: > > On Fri, 14 Jan 2005 07:00:30 -0900 > > Andy Firman wrote: > > > > > On Fri, Jan 14, 2005 at 02:08:20PM +0100, Colin J. Raven wrote: > > > > What is this person doing? or attempting to do? I'm guessing > > > > nothing > > > > > > > > good. > > > > Is there anything within...say httpd.conf..that I could do to > > > > prevent > > > > this..or curtail it before it grows to such an enormous size. > > > > > > Looks like a WebDAV exploit. You can run conditional logging in > > > your apache server to ignore it. > > > > If I'm not mistaken, you can also do something fun, like use > > mod_rewrite to redirect them to fbi.com whenever they try an attack > > like that. > > I like that idea. Reminds me of the day we discovered > http://www.taliban.org/ There was a Careers page - seriously - > apparently trying to recruit suicide bombers. One of my coworkers > (thick Russian accent, which makes it a little more amusing) actually > called the number to see if it was real. > > "Thank you for calling the National Offices for the Federal Bureau of > Investigation . . ." > > . . . at which point she panicked and hung up. lol > And of course we all fell about the place laughing ourselves silly. > > The question is whether the Bureau would log the referrer URL. > > BTW, I think it would be FBI.gov, yes? You didn't try going to fbi.com, did you? :-) It comes up with a blank page - leaves more to the imagination. Whois seems to indicate it's unrelated to fbi.gov, but then, you never know. Jacob