Nah, because the only ones who receive the file are those attempting to do harm to my system. Granted I could make it go to a warning page, which after a few seconds dumps them to the other page, thereby giving them a warning before I fire the shot, just like a trespasser in my house. Do I shoot first when they are in MY house in the middle of the night, or do I give them enough time to shoot me? They are trespassing on my system. Normal use of the system does NOT require access to cmd.exe or other files they are looking for to use to exploit the system. Normal use laws apply, and you CAN and folks DO take steps to secure their system from others.
Securing your system from someone is different than firing back. And your house analogy is really dumb, it has predefined borders that are very distinct. Your webserver is open and you are inviting someone to look at anything on it, for the same reason that you can't shoot me for walking on the sidewalk in front of your house (assuming you lived where such things exist).... If you want to use the analogy shutdown port 80, then if someone tries to enter though port 80 then fire back. You are actually causing more problem for those of us that have to deal with the problems, by only helping yourself. What is to stop a spammer or script kiddie finding out about your ruse, possibly even listening in on the conversation, and rather than trying to hack your system starts sending out mass emails to people with a URL in it that directs them to your system and that URL, all of a sudden your victims become his victims and he has used you in a scheme to haunt the very users you wished to defend.
Legally I checked with lawyers and the ones in my area say as long as I keep a log of the accesses I am fine. I took this step after sending over 200 messages to ISPs to halt their users and receiving no response to any of the inquiries even though I provided the ISPs with log files and everything. I did the same with ISPs with spammers and open relays. Multiple emails to their main offices and local branches with the spammers email addresses, full headers, and no word back. If the ISP was not even willing to answer multiple emails they were sent another email with how to contact me directly and then their entire domain was added to the server kill file. Cut down on the spam in MY inbox.
Lawyers... right, I am sure they will be happy to take your money while they attempt to defend you in a court where a judge is going to tell them they are as dumb as your stunt for trying to defend you...
Like I said, script kiddies aren't worth the time.......
http://danconia.org
-- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] <http://learn.perl.org/> <http://learn.perl.org/first-response>
