[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] script kiddies are a pain RaQ4

>Hi,
>
>	I have noticed that some stupid little pain is trying for many hours now to get into a password protected directory on our server. The logs show that they are trying to get access by brute force. But, the IP address is different for every single attempt! I know it is the same person because it is a sequential alpha numeric user name used over nad over and over and over. They try once every minute or so. Not as bad as 10 times per second as some of those scripts do.
>
>Any how. I have tried to search the archives but came up empty handed. Perhaps I am searching the wrong thing. If any one has any suggestions, I am all ears. Is there a way to track the person down?
>
>Here is a sample log just in case it helps.
>
>[Thu Mar  8 22:13:17 2001] [error] [client 200.210.150.3] user jimi not found: /members/
>[Thu Mar  8 22:14:22 2001] [error] [client 210.226.44.105] Client sent malformed Host header
>[snip]

Take a look at the access logs for the domain in question and see if there is a referer in the inbound request, or a user-agent, or SOMETHING to help you find out if it was some script, or a posting to a newgroup or some ffa page or something?!?...

HTH

Greg


>--
>James Riordon
>President of Riordon Digital Imaging
>System Administrator for Amigo-3 Interactive Inc.
>1515 Carson Ave., Dorval Quebec   H9S 1N1
>Tel. 514.422.9905  -  Fax. 514.422.9906
>
>For unbeatable prices on toner, inkjet and ribbon supplies...http://www.riordon.ca/
>For your all your hosting and domain registrations...http://www.amigo-3.com/
>
>_______________________________________________
>cobalt-users mailing list
>cobalt-users@xxxxxxxxxxxxxxx
>To Subscribe or Unsubscribe, please go to:
>http://list.cobalt.com/mailman/listinfo/cobalt-users

-- 
http://www.webyourbusiness.com/
Providers of E-Commerce Software &
Web Design Consultancy and Services.
PH: (970)266-0195 FAX: (970)266-0158