On 5/9/2011 11:09 AM, Scott Silva wrote:
> on 5/8/2011 10:46 AM Jason spake the following:
>> Hi All,
>>
>> I want to know thoughts on if I am being to paranoid/security conscious.
>>
> <snip>
> You know what they say;
> "Just because you are paranoid does not mean that some one is NOT out to get you!"
I think the currently fashionable way to probe for vulnerabilities is to
send URLs that will execute something that will contact a central server
if they succeed, so it doesn't really matter what you do in the way of
blocking/redirecting, etc. They are probably going to ignore the return
status and are already running on distributed compromised hosts. At
least that's the sort of thing I see regularly trying to exploit a
struts vulnerability in our java web server's logs.
--
Les Mikesell
lesmikesell at gmail.com