From owner-freebsd-questions@FreeBSD.ORG Fri Jan 14 17:34:24 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C184416A4CE for ; Fri, 14 Jan 2005 17:34:24 +0000 (GMT) Received: from t-x.dignus.nl (t-x.dignus.nl [83.219.88.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id 535C443D39 for ; Fri, 14 Jan 2005 17:34:24 +0000 (GMT) (envelope-from colin@kenmore.kozy-kabin.nl) Received: from localhost (localhost.dignus.nl [127.0.0.1]) by t-x.dignus.nl (Safehouse) with ESMTP id 82060285F1; Fri, 14 Jan 2005 18:34:39 +0100 (CET) Received: from kenmore.kozy-kabin.nl (cjr-home [62.251.72.148]) by t-x.dignus.nl (Safehouse) with ESMTP id DC6A828617; Fri, 14 Jan 2005 17:17:28 +0100 (CET) Received: from kenmore.kozy-kabin.nl (localhost.kozy-kabin.nl [127.0.0.1]) by kenmore.kozy-kabin.nl (Postfix) with ESMTP id 38BF76230; Fri, 14 Jan 2005 17:17:12 +0100 (CET) Received: from localhost (colin@localhost)j0EGH7jd058730; Fri, 14 Jan 2005 17:17:11 +0100 (CET) (envelope-from colin@kenmore.kozy-kabin.nl) Date: Fri, 14 Jan 2005 17:17:05 +0100 From: "Colin J. Raven" To: Jacob S In-Reply-To: <20050114101747.1304c5e7@jacob.6texans.net> Message-ID: <20050114171619.H802@kenmore.kozy-kabin.nl> References: <20050114140441.G802@kenmore.kozy-kabin.nl> <20050114160030.GB9164@akroteq.com> <20050114101747.1304c5e7@jacob.6texans.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Virus-Scanned: by RemSPAMd at ph230.plushosting.nl cc: freebsd-questions@freebsd.org Subject: Re: Odd (alarming) http log exerpt X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 Jan 2005 17:34:24 -0000 On Jan 14 at 10:17, Jacob S launched this into the bitstream: > On Fri, 14 Jan 2005 07:00:30 -0900 > Andy Firman wrote: > >> On Fri, Jan 14, 2005 at 02:08:20PM +0100, Colin J. Raven wrote: >>> What is this person doing? or attempting to do? I'm guessing nothing >>> >>> good. >>> Is there anything within...say httpd.conf..that I could do to >>> prevent >>> this..or curtail it before it grows to such an enormous size. >> >> Looks like a WebDAV exploit. You can run conditional logging in >> your apache server to ignore it. > > If I'm not mistaken, you can also do something fun, like use mod_rewrite > to redirect them to fbi.com whenever they try an attack like that. > Oh now that *would* be a fun thing to do!! What a hilarious idea!!