Go Back   Professional Soldiers ® > Technical FAQ Forum > KnuckleDragger Questions
Reload this Page Need some IP help/explaination
Register FAQ Calendar

Reply
 
Thread Tools Display Modes
Old 12-27-2010, 13:23   #1
perdurabo
Guerrilla
 
perdurabo's Avatar
 
Join Date: Nov 2008
Location: Pacific Northwest
Posts: 356
In this specific example, it's just harmless indexing bots.

You should also see a number of entries in your logs with legitimate attack attempts for various web software. This is unfortunately a normal part of being a web server, these days.

The key is to keep your software updated and analyze your logs (which it looks like you're already doing) for entries that relate to software you have installed.

Vulnerability scans for Wordpress (blogging software), IIS (Microsoft's web server, which is reasonably secure by default these days) and Cacti (network monitoring) are two web apps I see hundreds of thousands of hits from every day.
perdurabo is offline   Reply With Quote
Old 03-25-2011, 14:27   #2
Irishsquid
Guerrilla
 
Irishsquid's Avatar
 
Join Date: Apr 2006
Location: Phoenix, AZ
Posts: 312
Quote:
Originally Posted by perdurabo View Post
IIS (Microsoft's web server, which is reasonably secure by default these days)

Only if you keep it patched. Right out of the box, it's still vulnerable to a LOT of stuff. This brings us to our next lesson:

Don't take too long to patch stuff. Here's how a zero-day exploit works (for the non-techies):

1) MS releases a patch.
2) hacker downloads the patch
3) hacker reverse engineers the patch (takes it apart to see how it works, and what it does)
4) If he can find what the patch fixes, he knows the vulnerability.
5) Write an exploit to attack that vulnerability

If he can do this within a few days after patch release, he can own millions of boxes, since most users are lazy with patching. Corporate networks take a long time to patch for a different reason, which brings us to another lesson:

Test patches before you install them on a production server. I use virtual machines for patch testing. Install the patch on a machine that doesn't affect business. Make sure it works. DON'T TAKE TOO LONG TESTING PATCHES. While you're testing it, hackers are writing exploits, and if you take too long, they win.

(My response is a bit of a ramble, and for that, I apologize. I'm tired, and running on nothing but coffee. I'm trying to get information on the screen before I lose my train of thought. If anyone has questions, feel free to ask.)
Irishsquid is offline   Reply With Quote
Old 03-25-2011, 20:34   #3
Kit Carson
Asset
 
Join Date: Apr 2005
Location: Vine Grove, Kaintuckee
Posts: 56
I'm just a DAT and knifemaker but have learned quite a bit about tracking IPs and spammers on our knife and gun forum.

Here are some of the sites that can help find out about IPs and email addresses.

http://www.projecthoneypot.org/home.php

http://www.stopforumspam.com/spamdomainsandips

http://www.botscout.com/

Hope it's ok to post these sites. If I screwed up posting them, please delete.
Kit Carson is offline   Reply With Quote
Reply

« Previous Thread | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Forum Jump



All times are GMT -6. The time now is 07:13.
Mark Forums Read | View Forum Leaders
Contact Us - Professional Soldiers ® - Archive - Top



Copyright 2004-2022 by Professional Soldiers ®
Site Designed, Maintained, & Hosted by Hilliker Technologies