gt; Subject: Re: Security - Attack
>
>
> Hi all,
>
> thanks for your help. What do you suggest me to do?
>
> Whe you say :"So it makes some sense to change the configuration
> for apache", what do you mean?
>
> Laura
>
>
>
> - Origi
Everyone has their preference, but the reason I do it is because of
maintenance. I can think of other reasons why a person may want to
filter the traffic.
1. keep weblog clean
2. reduce bandwidth usage
There are lots of ways to filter out the stuff for weblog analysis, so
writing a filter isn't
List" <[EMAIL PROTECTED]>
Sent: Thursday, June 13, 2002 3:22 PM
Subject: AW: Security - Attack
I wouldn't say that they do no harm:
- They mess up your statistics
If you don't change your configuration it's not
possible to distinguish the 404 from the viruses
from others
Nachricht-
> Von: Tim Funk [mailto:[EMAIL PROTECTED]]
> Gesendet: Donnerstag, 13. Juni 2002 15:04
> An: Tomcat Users List
> Betreff: Re: Security - Attack
>
>
> Warning: this may start flame war - but its my opinion.
>
> What is the purpose of detecting and trying to pre
in error please notify the sender of
the delivery error by e-mail or call Park City Solutions Inc. corporate
offices at (435) 654-0621
-Original Message-
From: Tim Funk [mailto:[EMAIL PROTECTED]]
Sent: Thursday, June 13, 2002 8:04 AM
To: Tomcat Users List
Subject: Re: Security - Attack
Wa
what better
place to redirect them to than M$?
Mike
-Original Message-
From: Cato, Christopher [mailto:[EMAIL PROTECTED]]
Sent: Thursday, June 13, 2002 9:11 AM
To: 'Tomcat Users List'
Subject: RE: Security - Attack
a simple purpose - since it's my home machine, i did it j
r - a bored guy.
> -Original Message-
> From: Tim Funk [mailto:[EMAIL PROTECTED]]
> Sent: den 13 juni 2002 15:04
> To: Tomcat Users List
> Subject: Re: Security - Attack
>
>
> Warning: this may start flame war - but its my opinion.
>
> What is the pur
im Funk [mailto:[EMAIL PROTECTED]]
Sent: 13 June 2002 15:04
To: Tomcat Users List
Subject: Re: Security - Attack
Warning: this may start flame war - but its my opinion.
What is the purpose of detecting and trying to prevent these attacks? If
someone code reds (or similar) you - they get a 404 error
Warning: this may start flame war - but its my opinion.
What is the purpose of detecting and trying to prevent these attacks? If
someone code reds (or similar) you - they get a 404 error. Why waste the
extra processing power and extra config maintenance on something that
does "no harm". When
lin [mailto:[EMAIL PROTECTED]]
> > Gesendet: Donnerstag, 13. Juni 2002 14:32
> > An: Tomcat Users List
> > Betreff: Re: Security - Attack
> >
> > apache and tomcat aren't vulnerable, but putting up a
> > firewall to block the IP might be a good idea. For my
omcat Users List'
Subject: RE: Security - Attack
You should do what I did. For Code Red and similar exploits, create a bunch
of mod_rewrite filters (in httpd.conf - for Apache) that redirects all those
requests to www.microsoft.com instead. After all, they ARE responsible,
aren't they? :)
&g
ble to dos attack. As it is possible
to fake IP adresses an attacker can disable the acces to
your site for a ig amount of people
> -Ursprüngliche Nachricht-
> Von: peter lin [mailto:[EMAIL PROTECTED]]
> Gesendet: Donnerstag, 13. Juni 2002 14:32
> An: Tomcat Users List
&
mcat Users List
> Betreff: RE: Security - Attack
>
> For my part I chose not to answer at all this kind of
> requests and shut down the socket connexion.
>
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
apache and tomcat aren't vulnerable, but putting up a firewall to block
the IP might be a good idea. For my own server I zone alarm pro, which
will block IP trying this exact type of exploit.
peter
Laura wrote:
>
> Hi all,
>
> well I have, in my opinion, a very interesting question.
>
> Las
> > I prefer to to answer with a 400/403/406 (still will be logged)
> > or 204 (No log entry).
For my part I chose not to answer at all this kind of requests and shut down
the socket connexion.
(I had this problem while testing a home made web server).
Christophe
--
To unsubscribe, e-mail:
To: Tomcat Users List
> Subject: AW: Security - Attack
>
>
> I have doubts that the viruses will follow the redirect.
>
> I prefer to to answer with a 400/403/406 (still will be logged)
> or 204 (No log entry).
>
> I also have doubts that this is legal, so be carefull
[EMAIL PROTECTED]]
> Gesendet: Donnerstag, 13. Juni 2002 13:38
> An: 'Tomcat Users List'
> Betreff: RE: Security - Attack
>
>
> You should do what I did. For Code Red and similar exploits,
> create a bunch of mod_rewrite filters (in httpd.conf - for Apache)
&
art Stephen [mailto:[EMAIL PROTECTED]]
> Sent: den 13 juni 2002 10:43
> To: Tomcat Users List
> Subject: RE: Security - Attack
>
>
> I think they are code red attacks. These shouldn't be
> anything to worry
> about on a Tomcat server if I am correct in my thinking. They
o worry
>about on a Tomcat server if I am correct in my thinking. They only affect
>IIS.
>
>-Original Message-
>From: Laura [mailto:[EMAIL PROTECTED]]
>Sent: 13 June 2002 09:35
>To: Tomcat Users List
>Subject: Security - Attack
>
>
>Hi all,
>
>well I have
I think they are code red attacks. These shouldn't be anything to worry
about on a Tomcat server if I am correct in my thinking. They only affect
IIS.
-Original Message-
From: Laura [mailto:[EMAIL PROTECTED]]
Sent: 13 June 2002 09:35
To: Tomcat Users List
Subject: Security - Attack
Hi all,
well I have, in my opinion, a very interesting question.
Last week we went in a production enviroment: we have apache + tomcat with an
important web application xxx (http.conf has JkMount /xxx worker).
Well, this morning I have discovered that somebody has tried to attack my server: in
21 matches
Mail list logo