Wild West
tail -f
on my server's log file and watch as the hits to my site scroll ((very) slowly) by. It relaxes me.
I'm not sure if it's because my blog runs on Tomcat, but thecorneroffice.org's logs are clean. Traffic is legit. Every now and then I look at the logs for my 'home page', colinpretorius.org, which runs on Apache (httpd), and it's a different story altogether. It's like the Wild West with Herpes, crazy-ass outlaws and unsavoury types throwing stuff at the server, and they keep coming back. I get hits trying to exploit nearly ever perl, php and cgi-based site vulnerability known to man, and then some. It doesn't seem worthwhile trying to ban IP addresses, so I guess the best is to be glad that it's just a dumb http server with the bells and whistles turned off, and stay on top of security updates.
I do think it would be cool if Apache had a mod_fyou extension that linked in to a subscription service. For a small monthly fee, the extension forwards details of the untoward 'prod' to a tracking service, who'll indentify who's scanning you, get their home address, then send someone round to the perp's house, and bash their knees in with a baseball bat. For an additional fee (and indemnity waiver), they'll forego the baseball bat and just rip out the skiddie's entrails with a rusty fish knife. If you go for the deluxe service, Skiddies Removals, Inc will even give you access to their operatives in far-flung places like Korea and China.
Of course, people will say that many of the scan attempts are coming from home Windows users who don't even know that their PCs have been trojanned. I think most people will agree though, that in the great battle against people who have the nerve to scan decent god-fearing web servers, sacrifices will need to be made. Besides, I don't think anything that Microsoft can do would encourage people to keep their XP boxes patched and trojan-free as much as a few well-publicised stories about entrails and rusty fish knives.
{2006.05.01 10:17}