While looking around for unfinished business, I looked at the errorlog
from the ZMI. It works fine, but seems to be indicating an ongoing
attack by some kind of bot:
The log shows a new entry every few seconds!
-aside from recent entry: googlebot, there seems to be a slew from
220.181.19.83 (or 220.181.19.XXX)
-thes requests seem quite suspicious:
such as access http://www.kernel-panic.org/wiki/XFree86/wikipage
the /wikipage suffix seems out-of-place
or http://www.kernel-panic.org/wiki/LanBarnes/diffform
where /diffform is unexpected
**********************************************************************
==> it seems that someone (besides google) is scanning all our pages and
tacking on suffices of some sort -- some known exploit?
**********************************************************************
I'm intend to look around some more for unfinished business, but I
thought I should announce the ongoing attack.
Josh?, anyone? C/Should we try to do anything about this.
How hard is it to interpose some (smart) request throttling?
Regards,
..jim
--
[email protected]
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-steer
