[thelist] How do I address hacking attempts recorded in my logs? (fwd)

Daniel J. Cody djc at members.evolt.org
Wed Sep 19 14:57:24 CDT 2001

---------- Forwarded message ----------
Date: Wed, 19 Sep 2001 13:31:39 -0600 (MDT)
From: found at warmonger.net
To: thelist at evolt.org
Subject: How do I address hacking attempts recorded in my logs?

I am so tired of this.  I have a little, out of the way, low volume server for my personal enjoyment.  I make a point of keeping it out of the search engines.  Yet I keep finding hacking attempts recorded in my Apache logs.  Nobody (that I don't want in) has broken in, but this nonsense is starting to eat into my meager server resources.

For example, I've been receiving a string of ISS exploit attacks for a day and a half from Verio's IP address block.  It starts with 

"GET /scripts/root.exe?/c+dir HTTP/1.0" 302 216 "-" "-", 

runs through a stack of similar hacking attempts, then jumps to another IP address and starts over again.  As soon as I saw it I changed my allow,deny to shut out Verio's address block, but now my error log is flooded with 403 errors.

What am I supposed to do if Verio doesn't do anything about this?  I have yet to hear a response to my e-mail report.

In the past, I've politely asked webmasters to clean up their own houses.  In the few cases where that didn't work, sending an invoice for my wasted resources elicited a frantic phone call followed by an apology (which was enough for me).  I can't afford the bandwidth and server time this continued attack is wasting.  If they don't respond quickly, do I really have no choice but to report them to the U.S. authorities for aiding in hacking attacks?

More information about the thelist mailing list