[Zope] Responding to hackers
Dylan Reinhardt
zope@dylanreinhardt.com
Fri, 25 Oct 2002 07:46:52 -0700
I'm sure we've all seen our servers get scanned repeatedly for
vulnerabilities in other systems. A quick check through the error logs
show some obvious examples of this, including requests for:
/_vti_bin
/scripts
/MSADC
/MSOFFICE
Etc, etc.
Almost inevitably, these requests come in bursts, typically from the same IP.
All of these calls are currently getting the customary 404, but I wonder if
there's anything more intelligent or proactive to be done. I've thought
about building myself a hosts-deny kind of solution using external methods,
but I'm not sure that's necessarily going to save me very many cycles in
the long run.
Has anybody thought of a better way to handle this kind of stuff?
TIA,
Dylan