17

These script kiddies fuck with my error metrics! I want 0 !

I swear I'll find them! Even enabled IP log for every request contain “.php”.

Needless to say, app is not even in PHP and PHP isn’t even present on server

Comments
  • 4
    This never gets old
  • 9
    I get like 100 of those a day. 🙄
    Fail2ban is your friend!
  • 4
    @Root Most of them are super basic (like these), but sometimes I see some elaborate shit. I don’t have example right now, but next time I get one I’ll post

    @asgs the fun part is : We have env in Canada and one in Europe. Europeen server NEVER got one of these
  • 1
    I got a lot of them on my personal vps. It's boring, but I got used to them.
  • 3
    @NoToJavaScript on our server in Switzerland I get a ton of these Wordpresslogin fuckers. Thought about adding a PHP script that just sleeps for 5 sec. or so on a post request...
  • 2
    @Wack wouldn't sleeping be counter productive to your server? Assume the attacker thinks their script is not working and then decides to bombard even more? Now your server is running more threads doing nothing and could lead to starvation, unless I misread what you mean by sleeping
  • 3
    Just write a rewrite rule that redirects them to two girls one cup
  • 3
    @asgs well probably, on the other hand, I kind of would like a honeypot...
  • 1
    @asgs The overwhelming majority of attacks are automated, so a 30sec threaded sleep would throttle the botnet, if ever so slightly. Ultimately pointless, but you may as well just to spite them.

    If they're trying to steal information instead, I would happily oblige and give them garbage data.
  • 1
    @Root I totally get that. I liked the idea that somebody proposed - redirect them to 127.0.0.1 or something
  • 4
    @asgs Amusingly, most botnet attackers aren't hardened -- because they were infected, too. So you could return the favor and gain access to them instead, and more than likely pretty easily. It's like an invitation. 😊

    It would be fun to write counter-malware that kills malware. I'd name it Dexter!
  • 1
    @Root You are a genius
Add Comment