Sorry, I wasn't after you. I was just trying to catch a discussion that
could easily lose sight of the original question.
For the benefit of people on the list, curl can be use for good purposes
like downloading packages, a test of server status (e.g. in heart beat
script activating a backup when the primary dies), or to automatically
backup a website if you have a CMS package with a backup tool. Magnolia
CMS falls into that last category and I've used curl with a cron job to
backup the site nightly.
--David
Lyallex wrote:
On 8/23/07, David Smith <[EMAIL PROTECTED]> wrote:
Just to nip this one early before the discussion strays too far, curl is
NOT a hacking tool. It's just a command line http client useful in all
sorts of linux/unix OS scripts.
Yep, I understand what curl is now ... spent some time on the relevant
website reading up about it. I never actually suggested it was a
hacking tool, I was unsure what it was and was asking for relevant
exp' from the uses of this list, and as is often the case
users@tomcat.apache.org delivered the goods.
To determine if it's being used to probe your site, you need to pay
attention to WHAT is being requested. The brief sample offered by the
OP was actually very benign (no weird escape sequences or attempts to
access a binary executable).
Although ... depending on what you consider hacking it certainly seems
like it could easily be used to run a crude DOS attack (for example)
simply by writing a shell script with a loop in it, like many other
otherwise benign applications out there I'm sure.
Anyway, what this has taught me is to pay much more attention to the
logs over and above checking out the webalizer pages once a day and to
understand what is being requested as well as by what (and by whom)...
oh yes, and to dredge up what I used to know about iptables (or was
that ipchains) as well, good tip.
So, a success than, and none of this is EVER a waste of time IMHO.
Many thanks
Duncan
--David
Mark Deneen wrote:
Once you find them, you might be hard pressed to actually do anything
about it beyond getting in touch with their ISP.
It might be easier to just block them at the firewall or on the server
tomcat runs on with something like iptables.
Mark
On 8/23/07, Lyallex <[EMAIL PROTECTED]> wrote:
www.who.is
Much more info
...tracking the perpetrator down now ... this is fun.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
