Dylan> I'm sure we've all seen our servers get scanned repeatedly for Dylan> vulnerabilities in other systems.... Dylan> All of these calls are currently getting the customary 404, but I Dylan> wonder if there's anything more intelligent or proactive to be Dylan> done. You might be able to slow them down. Depending what sort of control you have over the HTTP bits stuffed on the wire, when you encounter requests for such pages, you can have the thread serving the connection slow its responses to a crawl, issue "100 Continue" responses, etc. In the mail spam world this is generally called "teergrubing". The challenge of identifying suspect clients is easier with HTTP than with SMTP. HTTP clients have to ask for a page you recognize as clearly a scan for holes in your system. In SMTP you have to infer the other end is a bad guy based upon the remote IP address. It should be fairly easy to extend the httplib module to crawl when asked. -- Skip Montanaro - skip@pobox.com http://www.mojam.com/ http://www.musi-cal.com/