[Dylan Reinhardt]
I'm sure we've all seen our servers get scanned repeatedly for vulnerabilities in other systems. A quick check through the error logs show some obvious examples of this, including requests for:
/_vti_bin /scripts /MSADC /MSOFFICE
Etc, etc.
Almost inevitably, these requests come in bursts, typically from the same IP.
All of these calls are currently getting the customary 404, but I wonder if there's anything more intelligent or proactive to be done. I've thought about building myself a hosts-deny kind of solution using external methods, but I'm not sure that's necessarily going to save me very many cycles in the long run.
Trouble is, the same infected computer does not usually return to your server all that often, and there are a lot of infected computers out there. I do not think it is normally much of a problem. You get a little burst, then later another little burst. Not that much traffic, at least as things stand now. No worse than serving a page with a haalf a dozen images in it, which lots of people do. Of course, a new worm could change the picture tomorrow... Cheers, Tom p