RE: [incidents] Bots hitting my web server?

From: zcatat_private
Date: Thu Aug 29 2002 - 23:48:19 PDT

  • Next message: Rob Keown: "RE: [incidents] Bots hitting my web server?"

    > You're not seeing bots, you're seeing surfers in a misguided
    > attempt to keep their "anonymity," or to defeat proxies
    > that filter by domain/host in corporate/school environments
    > (hence the porn site requests you see in your logs).
    
    Here's another suggestion. Reconfigure apache so that every time someone
    attempts to use it as a proxy it returns (in the appropriate format;
    html, jpg, etc to match the request) a small message announcing that the
    request and client IP are being logged to a publically accessable web
    page. On that web page explain WHY you're doing this (cost of bandwidth
    etc). That should get you off the end-user's proxy lists very quickly,
    and will eventually help with the public lists too. And it'll educate a
    few of the proxy-list users who are probably under the impression that all
    proxies are run intentionally as a public service, like IRC servers and
    MUD's.
    
    
    
    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see: http://aris.securityfocus.com
    



    This archive was generated by hypermail 2b30 : Fri Aug 30 2002 - 13:39:40 PDT