[CentOS] Am I being to paranoid?
Benjamin Franz
jfranz at freerun.com
Sun May 8 18:24:47 UTC 2011
On 05/08/2011 10:46 AM, Jason wrote:
> 4. Why does LogWatch show this to me as a 404 , when a rewrite rule is hit and they are re-directed back to themselves? My rules seem to be working, if I try and hit /scripts right now, it does what I expect.
[...]
Because the remote loader is a robot, not a web browser. It is throwing
stuff at the wall and seeing what sticks. It flat out doesn't care if
you send back a redirect - it is just looking for a response that
indicates a vulnerability and anything else is ignored by it.
Redirects are largely ineffective in combating bots hunting for
exploitable scripts and programs. You would be better off using
something like Fail2Ban to dynamically update firewall rules against
detected attackers.
--
Benjamin Franz
More information about the CentOS
mailing list