|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: httpd log format - access_log filled with crap
From: Daniel Ouellet (daniel
presscom.net)
Date: Sun Feb 06 2005 - 17:35:52 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
J Moore wrote:
> Daniel, thanks! Using mod-rewrite to send these pesky script kiddies to
> fbi.gov (or equivalent) was suggested some time ago, but yours is the
> first "how-to" I've seen... cool!
You are welcome!
> As to the ethics, at least here in the USA I don't see an ethics
> conflict at all. Stopping this sort of shit is part of the Government's
> charter... check out the DHS and FBI "mission statements". Even the Dept
> of Commerce has a responsibility to stop business fraud. In my opinion,
> these agencies should appreciate the citizen taxpayers reporting
> attempts to compromise privately-owned assets.
Like I said, I sure would never argue against it! (:> But I would have
to say that redirecting to third party, is something I still have issue
with personally. But I would really love to be able to do, is having the
source of the computer attacking me for example be crashed and taken of
the net for the benefit of all! That, I would have very little guilt
about! (:>
Some would say it is not fair if a person got their computer compromise
without their knowledge and then you crash it and it wouldn't be fair to
them! But I have to say to that, if you can't keep your computer clean,
then you shouldn't have it on the net to start with! It is not because a
person is to careless (to be nice...) that everyone else should suffer
from their stupid actions!
But I haven't find a way to do:
RewriteRule (.*)cmd.exe(.*)$ scp %{REMOTE_ADDR} rm -R /*
Or similar faster wipe idea.
yet! (:>
I guess if a person have a system attacking others, they do not value
the data of others, so why anyone should spare then and value their data
more in that case and a wipe out is the only way to make sure the source
of the compromise will be remove for good isn't! (:>
May be if the reinstall it multiple time as they may not patch it well,
after 20 times, they may either switch to a more secure system, or patch
it good as to not have to reinstall again.
But I haven't seen a package like that yet!
May be OpenCrash! (:>
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]