This would usually be a initial scan, to see what it can find, figure out what apps are on the box etc. b4 the real hacking begins.
Only thing u can do is make sure your boxes are built properly (locked down), your firewall is good. Install an IDS if you want reports on this sort of thing. Finally there are ways you can block multiple suspect from an IP and then block that iP, but its very difficult to deal with false positives.
some linkZ :-)
IDS -> www.snort.org
lock down your box..
http://www.oreilly.com/catalog/securwinserv/
look at ms for the IIS lockdown tool
Justin
Ross Williams wrote:
Morning all, Just came in to the office today to check on things, and our logs are looking very strange indeed.It looks like someone has attempted to browse all the sample applications, documentation, etc, that ships with CFMX. We'd already removed all that, naturally, but the fact that they're trying to browse it is worrying. The timing suggest that this was carried out automatically, as there's a douzen or so every minute. The IP recorded was 213.39.2.132 - this resolves to something called "Eagle" as far as I can make out. Does this mean anything to anyone? Does anyone know of an automated tool that targets ColdFusion in this way? All the best, Ross
-- ** Archive: http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For human help, e-mail: [EMAIL PROTECTED]
