Apache Friends Support Forum

[taustin]

I've just discovered a 3.4 megabyte error log for my default web site. 16 hours of continuous probing for vulnerabilities, all from one of four adjacent IP addresses in Maryland (our of a single /24).

Now, I can understand script kiddies using automated software they don't understand to scan IP addresses at random, but I mean, really! 16 *hours*? What part of "access denied" don't they understand?

(I am absolutely convinved that, even if you have only a single web site on your serer, you should configure it with virtual hosts, and set the default web site up with a "deny all" directive. This stops the automated IP address scans cold, and 99.99% of the script kiddies simply don't understand why they can't even connect.)

[taustin]

OK, this turns out to have been a "non-intrusive" security scan by some halfwits in Maryland who claim to be an "online security analyst," hired by a credit card company we have a merchant account with.

First, you halfwits, sixteen hours of probing so intense it interferes with anti-virus scans isn't a non-intrusive scan, it's an attack.

Second, most of what you were looking for were bad scripting vulernatiblities, and you were scanning by IP address. That means, you halfwits, that you were scanning the wrong web site, and it was an invalid scan to begin with, because the default virtual host is set to reject all connections period.

Morons. And they get pay a lot of money to do nothing worth doing.