Man, they'll try anything to hack your system...

[Ben Scott]

On 1/25/06, Paul Lussier <p.lussier at comcast.net> wrote:
> I almost never look at my apache logs.  I probably should, but I
> don't.

  You're supposed to look at the logs?

> Tonight I was perusing them and noticing the activity in the
> access.log and was amazed at the things these people try:

  Yah, these days, the Internet is pretty much under constant attack. 
The firewall at work is being probed constantly on all manner of ports
for all manner of services.  SMTP, SSH (complete with account/password
guessing), HTTP, SMB, MS RPC, MS SQL, MySQL.  They sweep the entire
range, too, so our block of several IPs often gets probed all at once,
for the same probe on each IP.  When I was running a webserver, the
logs were full of attempted exploits.  Usually blind ones -- e.g., we
saw tons of IIS probes on our Apache/Linux webservers.  When I was
doing turn ups of new systems all the time, I usually saw the first
probes within minutes.

  Apparently, these days, a lot of spammers use active attacks in an
effort to find new zombies to relay their spam for them.

> The thing I find most amusing is that according to these logs, the
> majority of attempts are from systems running ancient versions of IE
> on NT 5.1.

  FWIW and FYI: MSIE 6.0 (plus various patches and updates) is the
current release.  NT 5.1 is Windows XP.

-- Ben