Security Incidents mailing list archives
Re: PHP injection attempt from 200.222.244.154
From: Barrie Dempster <barrie () reboot-robot net>
Date: Tue, 07 Dec 2004 19:24:09 +0000
On Sun, 2004-12-05 at 00:00 +0000, Jez Hancock wrote: <snip>
I'd thought about doing something similar to KEM Hosting's script above regarding turning tables or automating in some how an abuse complaint procedure. For a while I started to notify the owners of domains that were hosting the injection scripts that they possibly had a problem, but this got tedious quite quickly. Automating the procedure by intercepting the requests for bad URIs and redirecting them to a script that drafts together an abuse report might be interesting and save some time though.
I'm not a real fan of automated action against intruders, it's often too easy to abuse it for nefarious purposes. However you might want to look at mod_security ( http://www.modsecurity.org/ ) as a possible product to achieve your purpose, it's designed to do exactly what you want and a bit more. With Regards.. Barrie Dempster (zeedo) - Fortiter et Strenue http://www.bsrf.org.uk [ gpg --recv-keys --keyserver www.keyserver.net 0x96025FD0 ]
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Re: PHP injection attempt from 200.222.244.154 Jez Hancock (Dec 06)
- Re: PHP injection attempt from 200.222.244.154 Barrie Dempster (Dec 07)
- Re: PHP injection attempt from 200.222.244.154 Jez Hancock (Dec 08)
- Re: PHP injection attempt from 200.222.244.154 Jez Hancock (Dec 09)
- Re: PHP injection attempt from 200.222.244.154 James Eaton-Lee (Dec 17)
- Re: PHP injection attempt from 200.222.244.154 Jez Hancock (Dec 08)
- Re: PHP injection attempt from 200.222.244.154 Barrie Dempster (Dec 07)