damn, I just re-read my response and am appalled at the English mistakes! *notes to self: type slower, think more*
-----Original Message----- From: Peter Harrison [mailto:[EMAIL PROTECTED]] Sent: 27 December 2002 13:53 To: [EMAIL PROTECTED] Subject: RE: [ cf-dev ] Not in the Christmas spirit - what's he up to? Hi Well, go through the logs and see who was a foreign (uninvited) user of that web site. See if they left any tell-tale footprints by dipping their toes into docs directories. They could have later added the site to a spider to do further discovery (still assuming it was a spider). The missing refer and agent - is that because you are not logging that detail, or is it being logged and other sufers left those details but this one didn't? The suppression of an agent string might suggestion an intentional (and not very bright) attempt at stealth. - Peter -----Original Message----- From: Ross Williams [mailto:[EMAIL PROTECTED]] Sent: 27 December 2002 13:51 To: [EMAIL PROTECTED] Subject: RE: [ cf-dev ] Not in the Christmas spirit - what's he up to? Hi Peter, No user agent or referrer listed - I thought of spiders, but then how would they known found that directory in the first place? It's not linked from anywhere - I thought earlier that the directory doesn't exist, but it looks like it did (deleted it now). The box isn't a production server, and was waiting for an upgrade so is unused. But it's a bit of a worry that it would be targetted anyway. Just concerned that there might be an automated tools that targets ColdFusion? All the best, Ross > -----Original Message----- > From: Peter Harrison [mailto:[EMAIL PROTECTED]] > Sent: 27 December 2002 13:44 > To: [EMAIL PROTECTED] > Subject: RE: [ cf-dev ] Not in the Christmas spirit - what's he up to? > > not checked it out yet, but perhaps it was a spider (search engines use > these) or a bot gathering e-mail addresses (for example). no clues in the > "user agent" field in the log file? any referers? > > Peter H. > > -----Original Message----- > From: Ross Williams [mailto:[EMAIL PROTECTED]] > Sent: 27 December 2002 13:08 > To: [EMAIL PROTECTED] > Subject: [ cf-dev ] Not in the Christmas spirit - what's he up to? > > > Morning all, > > Just came in to the office today to check on things, and our logs are > looking very strange indeed. > > It looks like someone has attempted to browse all the sample > applications, documentation, etc, that ships with CFMX. We'd already > removed all that, naturally, but the fact that they're trying to browse > it is worrying. > > The timing suggest that this was carried out automatically, as there's a > douzen or so every minute. > > The IP recorded was 213.39.2.132 - this resolves to something called > "Eagle" as far as I can make out. Does this mean anything to anyone? > > Does anyone know of an automated tool that targets ColdFusion in this > way? > > All the best, > > Ross > > > > -- > ** Archive: http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/ > > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > For human help, e-mail: [EMAIL PROTECTED] > > > -- > ** Archive: http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/ > > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > For human help, e-mail: [EMAIL PROTECTED] > -- ** Archive: http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For human help, e-mail: [EMAIL PROTECTED] -- ** Archive: http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For human help, e-mail: [EMAIL PROTECTED] -- ** Archive: http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For human help, e-mail: [EMAIL PROTECTED]
