One of the things you have to pay attention to when you move your website to another host is correct redirection to pages, and ensuring you're not giving 404 errors to legitimate requests. This morning I was checking my error logs and noticed a lot of pathetic attempts from script kiddies looking for an easy security hole to exploit :
- [client 18.104.22.168] File does not exist: /home/ozh/planetozh.com//admin/plugins/NP_UserSharing.php
- [client 22.214.171.124] File does not exist: /home/ozh/planetozh.com/admin/doeditconfig.php
- [client 126.96.36.199] File does not exist: /home/ozh/planetozh.com/_vti_bin/owssvr.dll
- [client 188.8.131.52] File does not exist: /home/ozh/planetozh.com/MSOffice/cltreq.asp
The most popular attempt seems to be the doeditconfig.php one, with roughly a request every 5 minutes.
I honestly don't give a sh*t about those things, but why not try to have some fun with them in return ?
First, I looked for the biggest file I could find on the internet. A 4.4 Gb Debian DVD image seemed to be big enough.
Then, time for a little mod_rewrite prank, in the .htaccess file sitting in my root I added the following lines :
- RewriteEngine on
- RewriteBase /
- RewriteRule ^admin/doeditconfig.php$ /exit/bigfile [L]
- RewriteRule ^MSOffice/cltreq.asp$ /exit/bigfile [L]
- RewriteRule ^/_vti_bin/owssvr.dll$ /exit/bigfile [L]
- RewriteRule ^/admin/plugins/NP_UserSharing.php$ /exit/bigfile [L]
- RewriteRule ^/phorum/plugin/replace/plugin.php$ /exit/bigfile [L]
File /exit/bigfile is just a log-then-redirect-to-big-DVD-iso PHP script.
I'm not sure how effective this will be : maybe script kiddie tools don't follow redirections, or look for particular header responses. But hopefully I will waste a few megabytes of some morons' bandwidth :)
Want to share or tweet this post? Please use this short URL: http://ozh.in/ed