Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 14 Jan 2005 10:54:35 -0600
From:      Jacob S <stormspotter@6Texans.net>
To:        freebsd-questions@FreeBSD.org
Subject:   Re: Odd (alarming) http log exerpt
Message-ID:  <20050114105435.1d4fd06a@jacob.6texans.net>
In-Reply-To: <20050114163636.GD79199@keyslapper.org>
References:  <20050114140441.G802@kenmore.kozy-kabin.nl> <20050114160030.GB9164@akroteq.com> <20050114101747.1304c5e7@jacob.6texans.net> <20050114163636.GD79199@keyslapper.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Fri, 14 Jan 2005 11:36:36 -0500
Louis LeBlanc <FreeBSD@keyslapper.org> wrote:

> On 01/14/05 10:17 AM, Jacob S sat at the `puter and typed:
> > On Fri, 14 Jan 2005 07:00:30 -0900
> > Andy Firman <andy@firman.us> wrote:
> > 
> > > On Fri, Jan 14, 2005 at 02:08:20PM +0100, Colin J. Raven wrote:
> > > > What is this person doing? or attempting to do? I'm guessing
> > > > nothing
> > > > 
> > > > good.
> > > >   Is there anything within...say httpd.conf..that I could do to
> > > >   prevent 
> > > > this..or curtail it before it grows to such an enormous size.
> > > 
> > > Looks like a WebDAV exploit.  You can run conditional logging in 
> > > your apache server to ignore it.
> > 
> > If I'm not mistaken, you can also do something fun, like use
> > mod_rewrite to redirect them to fbi.com whenever they try an attack
> > like that.
> 
> I like that idea.  Reminds me of the day we discovered
> http://www.taliban.org/  There was a Careers page - seriously -
> apparently trying to recruit suicide bombers.  One of my coworkers
> (thick Russian accent, which makes it a little more amusing) actually
> called the number to see if it was real.
> 
> "Thank you for calling the National Offices for the Federal Bureau of
> Investigation . . ."
> 
>  . . . at which point she panicked and hung up.

lol
 
> And of course we all fell about the place laughing ourselves silly.
> 
> The question is whether the Bureau would log the referrer URL.
> 
> BTW, I think it would be FBI.gov, yes?

You didn't try going to fbi.com, did you? :-) It comes up with a blank
page - leaves more to the imagination. Whois seems to indicate it's
unrelated to fbi.gov, but then, you never know.

Jacob

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050114105435.1d4fd06a>