[Zope] VHM probing?

Dylan Reinhardt zope@dylanreinhardt.com
Sat, 15 Mar 2003 10:13:07 -0800


Hey all,

Looking over the logs this morning, I'm seeing a large number of Not Found 
errors for requests of the form:

http://www.myvirtualhost.com/vhm//

(Requests included the trailing double slash... that's not a typo)

I'm still looking into what else may have gone on, but it would appear that 
*something* is attempting to find VHM setups.

This probing doesn't look like it was done by hand... there were 14 
simultaneous requests at a time to different hosts, spaced about an hour 
apart.  I got probed at least four different times.   The requests were 
repeated in similar patterns.

Without knowing anything else, it seems prudent to suggest that y'all might 
want to give your VHM objects a name other than the typical variants on 
"VHM".  Since it doesn't matter anyway, why not pick something a little 
less guessable?

I'll post more information if I dig anything up.  As it stands, it doesn't 
appear that anything has been compromised or defaced.

Is anyone else seeing this?

Dylan