Hi Peter, Thanks for that - looking into it now, but running off for a curry later!! Have grabbed all the logs to look at properly over the weekend.
Cheers, Ross ------------------------------------------------------- OUR NEW SITE IS NOW LIVE Visit our new website at http://www.rawnet.com and race around the beautiful Bracknell streets at http://xmas.rawnet.com ------------------------------------------------------- Ross Williams Managing Director, Rawnet Limited Direct Phone : +44 (0) 1344 393 440 Switchboard : +44 (0) 1344 393 040 ------------------------------------------------------- This message may contain information which is legally privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any unauthorised disclosure, copying, distribution or use of this information is strictly prohibited. Such notification notwithstanding, any comments, opinions, information or conclusions expressed in this message are those of the originator, not of rawnet limited, unless otherwise explicitly and independently indicated by an authorised representative of rawnet limited. ------------------------------------------------------- > -----Original Message----- > From: Peter Harrison [mailto:[EMAIL PROTECTED]] > Sent: 27 December 2002 13:55 > To: [EMAIL PROTECTED] > Subject: RE: [ cf-dev ] Not in the Christmas spirit - what's he up to? > > damn, I just re-read my response and am appalled at the English mistakes! > *notes to self: type slower, think more* > > -----Original Message----- > From: Peter Harrison [mailto:[EMAIL PROTECTED]] > Sent: 27 December 2002 13:53 > To: [EMAIL PROTECTED] > Subject: RE: [ cf-dev ] Not in the Christmas spirit - what's he up to? > > > Hi > > Well, go through the logs and see who was a foreign (uninvited) user of > that > web site. See if they left any tell-tale footprints by dipping their toes > into docs directories. They could have later added the site to a spider to > do further discovery (still assuming it was a spider). > > The missing refer and agent - is that because you are not logging that > detail, or is it being logged and other sufers left those details but this > one didn't? The suppression of an agent string might suggestion an > intentional (and not very bright) attempt at stealth. > > - Peter > > -----Original Message----- > From: Ross Williams [mailto:[EMAIL PROTECTED]] > Sent: 27 December 2002 13:51 > To: [EMAIL PROTECTED] > Subject: RE: [ cf-dev ] Not in the Christmas spirit - what's he up to? > > > Hi Peter, > > No user agent or referrer listed - I thought of spiders, but then how > would they known found that directory in the first place? It's not > linked from anywhere - I thought earlier that the directory doesn't > exist, but it looks like it did (deleted it now). > > The box isn't a production server, and was waiting for an upgrade so is > unused. But it's a bit of a worry that it would be targetted anyway. > > Just concerned that there might be an automated tools that targets > ColdFusion? > > All the best, > > Ross > > > -----Original Message----- > > From: Peter Harrison [mailto:[EMAIL PROTECTED]] > > Sent: 27 December 2002 13:44 > > To: [EMAIL PROTECTED] > > Subject: RE: [ cf-dev ] Not in the Christmas spirit - what's he up to? > > > > not checked it out yet, but perhaps it was a spider (search engines > use > > these) or a bot gathering e-mail addresses (for example). no clues in > the > > "user agent" field in the log file? any referers? > > > > Peter H. > > > > -----Original Message----- > > From: Ross Williams [mailto:[EMAIL PROTECTED]] > > Sent: 27 December 2002 13:08 > > To: [EMAIL PROTECTED] > > Subject: [ cf-dev ] Not in the Christmas spirit - what's he up to? > > > > > > Morning all, > > > > Just came in to the office today to check on things, and our logs are > > looking very strange indeed. > > > > It looks like someone has attempted to browse all the sample > > applications, documentation, etc, that ships with CFMX. We'd already > > removed all that, naturally, but the fact that they're trying to > browse > > it is worrying. > > > > The timing suggest that this was carried out automatically, as there's > a > > douzen or so every minute. > > > > The IP recorded was 213.39.2.132 - this resolves to something called > > "Eagle" as far as I can make out. Does this mean anything to anyone? > > > > Does anyone know of an automated tool that targets ColdFusion in this > > way? > > > > All the best, > > > > Ross > > > > > > > > -- > > ** Archive: http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/ > > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > For human help, e-mail: [EMAIL PROTECTED] > > > > > > -- > > ** Archive: http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/ > > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > For human help, e-mail: [EMAIL PROTECTED] > > > > > > > -- > ** Archive: http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/ > > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > For human help, e-mail: [EMAIL PROTECTED] > > > -- > ** Archive: http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/ > > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > For human help, e-mail: [EMAIL PROTECTED] > > > -- > ** Archive: http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/ > > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > For human help, e-mail: [EMAIL PROTECTED] > -- ** Archive: http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For human help, e-mail: [EMAIL PROTECTED]
