Odd (alarming) http log exerpt
Jacob S
stormspotter at 6Texans.net
Fri Jan 14 08:52:25 PST 2005
On Fri, 14 Jan 2005 11:36:36 -0500
Louis LeBlanc <FreeBSD at keyslapper.org> wrote:
> On 01/14/05 10:17 AM, Jacob S sat at the `puter and typed:
> > On Fri, 14 Jan 2005 07:00:30 -0900
> > Andy Firman <andy at firman.us> wrote:
> >
> > > On Fri, Jan 14, 2005 at 02:08:20PM +0100, Colin J. Raven wrote:
> > > > What is this person doing? or attempting to do? I'm guessing
> > > > nothing
> > > >
> > > > good.
> > > > Is there anything within...say httpd.conf..that I could do to
> > > > prevent
> > > > this..or curtail it before it grows to such an enormous size.
> > >
> > > Looks like a WebDAV exploit. You can run conditional logging in
> > > your apache server to ignore it.
> >
> > If I'm not mistaken, you can also do something fun, like use
> > mod_rewrite to redirect them to fbi.com whenever they try an attack
> > like that.
>
> I like that idea. Reminds me of the day we discovered
> http://www.taliban.org/ There was a Careers page - seriously -
> apparently trying to recruit suicide bombers. One of my coworkers
> (thick Russian accent, which makes it a little more amusing) actually
> called the number to see if it was real.
>
> "Thank you for calling the National Offices for the Federal Bureau of
> Investigation . . ."
>
> . . . at which point she panicked and hung up.
lol
> And of course we all fell about the place laughing ourselves silly.
>
> The question is whether the Bureau would log the referrer URL.
>
> BTW, I think it would be FBI.gov, yes?
You didn't try going to fbi.com, did you? :-) It comes up with a blank
page - leaves more to the imagination. Whois seems to indicate it's
unrelated to fbi.gov, but then, you never know.
Jacob
More information about the freebsd-questions
mailing list