Am 08.01.2012 23:16, schrieb Nathanael Noblet:
So from my logs. Not a probe first, just plain trying to get data
using a hopeful exploit. They don't care what
version of anything I'm running.
I realize it looks like they got the files they wanted, but in reality it ignored the
request and sent the data it
always does...
In any case, I still get tons of requests for Default.aspx, as well as a whole host of
requests for IIS
vulnerabilities. Even though I run Linux and Apache. Hiding the version changes nothing.
The software doing all
this scanning simply *tries* to exploit, not find out exploitable machines so it can tell
some random human to then
run a script against it....
and you think that some random examples prove anything?
some webserver logs are showing nothing about real exploits
there was and there will be exploits you will never see
in your webserver-log because if they worked CODE was
executed in the context of your webserver
fact is that nobody out there needs to know your software-version
for something useful and one of the most important rules in
server-administration disable and disclose ANYTHING which is not
explicit needed to prevent exploit-cases you can not imagine
while configure your machine