WEB is it ethical for me to redirect vulnerability probers to a crash site?

Discussion in 'OT Technology' started by pharmokan, Aug 3, 2009.

  1. pharmokan

    pharmokan OT Supporter

    Joined:
    Oct 18, 2002
    Messages:
    102,125
    Likes Received:
    423
    Location:
    L.A.
    i get a lot of vulnerability probes on one of my clients e-commerce site.

    i see a pattern emerging from these probes from the code they run through search queries to pick up unsanitized inputs

    magento has a csv logfile of all these vul commands

    most of them are

    /boot.ini
    "'><%= 1234567890*27 %>
    "'><!--#printenv -->
    x' waitfor delay '0:0:20'--
    x';",)`
    ../../../../../../boot.ini
    /etc/passwd
    ../../../../../../etc/passwd
    ASPTEST<%=Date%>
    "'><?php print(1234567890*27);?>
    "'><cfoutput>#(1234567890*27)#</cfoutput>
    "Xx<XaXaXXaXaX>xX

    should i redirect these search terms to an endless loop which causes the probes to crash or it wouldnt make a difference?

    would it be ethical :noes:
     
  2. dazmanultra

    dazmanultra New Member

    Joined:
    Jun 17, 2002
    Messages:
    34,795
    Likes Received:
    0
    Location:
    English Countryside
    Leave it... just make your shit's locked down and they'll move on.

    You really don't want to piss off the wrong people or they'll make you a target.
     
  3. pharmokan

    pharmokan OT Supporter

    Joined:
    Oct 18, 2002
    Messages:
    102,125
    Likes Received:
    423
    Location:
    L.A.
    true.dat
     
  4. Insert Tokens

    Insert Tokens Making Cancer My Bitch OT Supporter

    Joined:
    Jan 12, 2006
    Messages:
    8,322
    Likes Received:
    70
    Location:
    Tasmania
    This.
     
  5. pharmokan

    pharmokan OT Supporter

    Joined:
    Oct 18, 2002
    Messages:
    102,125
    Likes Received:
    423
    Location:
    L.A.
    so basically live in fear your whole life and be scared of the hackers
     
  6. Yahdude

    Yahdude New Member

    Joined:
    Jun 21, 2006
    Messages:
    1,211
    Likes Received:
    0
    Location:
    PC, UT
    yup
     
  7. Insert Tokens

    Insert Tokens Making Cancer My Bitch OT Supporter

    Joined:
    Jan 12, 2006
    Messages:
    8,322
    Likes Received:
    70
    Location:
    Tasmania
    Unless you're good enough to counter them.
     
  8. Chris90210

    Chris90210 New Member

    Joined:
    Nov 7, 2004
    Messages:
    22,530
    Likes Received:
    0
    Location:
    Utah
    redirect it to meatspin :noes:
     
  9. hank85

    hank85 sudo shred /dev/sda -f -v -z --iterations=6

    Joined:
    Jul 23, 2008
    Messages:
    4,360
    Likes Received:
    0

    Yeah. Set up BFD along with APF or some sort of IPtables software firewall. Run a cron every 20 minutes to just drop packets from those ips.
     
  10. pharmokan

    pharmokan OT Supporter

    Joined:
    Oct 18, 2002
    Messages:
    102,125
    Likes Received:
    423
    Location:
    L.A.
    theres no point. those probes are run through proxy and i havent been probed by the same ip twice. they are just pass throughs :dunno:
     
  11. dazmanultra

    dazmanultra New Member

    Joined:
    Jun 17, 2002
    Messages:
    34,795
    Likes Received:
    0
    Location:
    English Countryside
    Script kiddies running automated scripts on your website you don't need to worry about so much, as long as you're all up to date and your system is secure.

    That said, you probably don't want to wind them up, since even a small botnet they've assembled can ddos your server very easily.
     

Share This Page