On Aug 13, 2004, at 9:15 AM, Josh Trutwin wrote: > On Fri, 13 Aug 2004 08:31:05 -0500 > "John T. Hoffoss" <john.t.hoffoss at gmail.com> wrote: > >> The answer! >> >> Visit >> http://216.239.59.104/search?q=cache:rwdycvp0zwoJ:www.geocities.com/ >> tomhudson411/log_breakin_attempts/+&hl=en > > Thanks! > > <snip> > >> RewriteEngine on >> RedirectMatch permanent (.*)command.com(.*)$ >> "http://REPLACE_WITH_YOUR_SERVERS_IP/goaway.php?cmd=command.com" > > This guys script shows the attacker a list of other machines that have attacked your box. IIRC (and feel free to correct me), a lot of these attacks (default.ida?) are coming not from script kiddies but automatically from machines that have been compromised. So in effect, you're giving the attacker a ready made list of boxes that may already have backdoors on them that they may be able to exploit. That's like telling a burglar 'I know you're there," and then adding, "but my neighbor's house is unlocked." Steve _______________________________________________ TCLUG Mailing List - Minneapolis/St. Paul, Minnesota Help beta test TCLUG's potential new home: http://plone.mn-linux.org Got pictures for TCLUG? Beta test http://plone.mn-linux.org/gallery tclug-list at mn-linux.org https://mailman.real-time.com/mailman/listinfo/tclug-list