Hi, for quite some time someone is fireing on one of my customers WebObjects applications, that very much looks like a bot net.
The firing occurs always on the same instance and the same WO action for each request, its trying another session id. So this looks like someone is doing a brute force attack to guess a valid session id. So I am wondering: is there a known weakness in the randomness of generated session ids, that is making this (guessing a valid session id) possible at all? Regards, Markus PS: the attacker is using this user agent: "Mozilla/5.0+(compatible;+AhrefsBot/5.0;++http://ahrefs.com/robot/)“ they are obviously not respecting the robots.txt and the observed behaviour does not match the expected behaviour for a crawler/bot
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Do not post admin requests to the list. They will be ignored. Webobjects-dev mailing list ([email protected]) Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/webobjects-dev/archive%40mail-archive.com This email sent to [email protected]
