On Sun, Jun 12, 2011 at 1:49 PM, ken <gebser at mousecar.com> wrote: > That's interesting and useful in its way. But I'd prefer to use the > same scripts used by the actual crackers/bots. Not only would I be able > to test my sites with them, but I'd be able to recognize the > probes/attacks when they appear in logs as they did for Jason. There are many different scripts out there. I never bothered trying to find the scripts, just keep an eye on the web server logs, /var/log/secure and the syslog. When you see attempts to fetch things that are not installed on your system it is usually someone up to no good. Mike