One of the things you have to pay attention to when you move your website to another host is correct redirection to pages, and ensuring you're not giving 404 errors to legitimate requests. This morning I was checking my error logs and noticed a lot of pathetic attempts from script kiddies looking for an easy security hole to exploit :
-
[client 212.67.208.152] File does not exist: /home/ozh/planetozh.com//admin/plugins/NP_UserSharing.php
-
(...)
-
[client 216.193.194.224] File does not exist: /home/ozh/planetozh.com/admin/doeditconfig.php
-
(...)
-
[client 203.187.132.50] File does not exist: /home/ozh/planetozh.com/_vti_bin/owssvr.dll
-
[client 203.187.132.50] File does not exist: /home/ozh/planetozh.com/MSOffice/cltreq.asp
The most popular attempt seems to be the doeditconfig.php one, with roughly a request every 5 minutes.
I honestly don't give a sh*t about those things, but why not try to have some fun with them in return ?
First, I looked for the biggest file I could find on the internet. A 4.4 Gb Debian DVD image seemed to be big enough.
Then, time for a little mod_rewrite prank, in the .htaccess file sitting in my root I added the following lines :
-
RewriteEngine on
-
RewriteBase /
-
RewriteRule ^admin/doeditconfig.php$ /exit/bigfile [L]
-
RewriteRule ^MSOffice/cltreq.asp$ /exit/bigfile [L]
-
RewriteRule ^/_vti_bin/owssvr.dll$ /exit/bigfile [L]
-
RewriteRule ^/admin/plugins/NP_UserSharing.php$ /exit/bigfile [L]
-
RewriteRule ^/phorum/plugin/replace/plugin.php$ /exit/bigfile [L]
File /exit/bigfile is just a log-then-redirect-to-big-DVD-iso PHP script.
I'm not sure how effective this will be : maybe script kiddie tools don't follow redirections, or look for particular header responses. But hopefully I will waste a few megabytes of some morons' bandwidth :)
thought, on 03/May/07 at 4:36 pm # :
a best way to avoid bandwidth consumption would be to redirect these request directly to an external URL (i.e. Redirect permanent MSOffice/cltreq.asp http://debian.mirror.ac.za/debian-cd/4.0_r0/i386/iso-dvd/debian-40r0-i386-DVD-1.iso)
said, on 03/May/07 at 5:57 pm # :
i don't care about bandwidth, and i want to log my pranks :)
commented, on 04/May/07 at 11:52 pm # :
ha ha ha, crazy idea but kewl. I tried this sometime back on some kiddies trying to break in, but I redirected them straightaway via .htaccess, didn't log their details! ;)
commented, on 28/Jul/07 at 2:56 am # :
Nice... script kiddies suuuuuck. Im not sure.... i would think most would follow redirects. Even bots follow redirects.
I believe it might crash there browser or window to say the least.
Very funny Kudos
hehehe
commented, on 10/Sep/07 at 3:26 pm # :
I don't see how wasting bandwidth of others makes you better than those script kiddies attacking you.
Maybe you should update your post and apologize to the nice debian people, who provide http access to such huge files for the convenience of everyone.
This is just an bad idea.
commented, on 10/Sep/07 at 8:56 pm # :
Henryk » hmmm, you could actually make a valid point. Not sure how much a few redirects would really disturb a serious web server, though.
replied, on 21/Sep/07 at 9:06 pm # :
I redirect script kiddies to http://www.fbi.gov/
You can imagin the look on their faces when that comes up. They probably turn off their computers, thinking they have given away their information to the FBI.