Return-Path: X-Original-To: apmail-httpd-dev-archive@www.apache.org Delivered-To: apmail-httpd-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id D618710692 for ; Fri, 3 May 2013 04:36:04 +0000 (UTC) Received: (qmail 89478 invoked by uid 500); 3 May 2013 04:36:03 -0000 Delivered-To: apmail-httpd-dev-archive@httpd.apache.org Received: (qmail 89382 invoked by uid 500); 3 May 2013 04:36:03 -0000 Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list dev@httpd.apache.org Received: (qmail 89361 invoked by uid 99); 3 May 2013 04:36:02 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 03 May 2013 04:36:02 +0000 X-ASF-Spam-Status: No, hits=-0.0 required=5.0 tests=SPF_HELO_PASS,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of ben@reser.org designates 50.197.89.41 as permitted sender) Received: from [50.197.89.41] (HELO mail.brain.org) (50.197.89.41) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 03 May 2013 04:35:57 +0000 Received: from localhost (localhost [127.0.0.1]) by mail.brain.org (Postfix) with ESMTP id 8E55B179E28A for ; Thu, 2 May 2013 21:35:36 -0700 (PDT) X-Virus-Scanned: Debian amavisd-new at fornix.brain.org Received: from mail.brain.org ([127.0.0.1]) by localhost (fornix.brain.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TdvZTHeOJdM4 for ; Thu, 2 May 2013 21:35:34 -0700 (PDT) Received: from mail-ob0-x234.google.com (mail-ob0-x234.google.com [IPv6:2607:f8b0:4003:c01::234]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by mail.brain.org (Postfix) with ESMTPSA id 38524179E10A for ; Thu, 2 May 2013 21:35:34 -0700 (PDT) Received: by mail-ob0-f180.google.com with SMTP id uk5so1094564obc.25 for ; Thu, 02 May 2013 21:35:33 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-received:in-reply-to:references:date:message-id :subject:from:to:content-type; bh=85hx+DE/sT1+OIkW+Z1iRGeJy1J0mtdJyr3Nz3zan/g=; b=ItPayfUoa7uGk8JYKBRqGdO6gRM0JYWA7im3vcuZZjTLjPbqPaVw8dKK1h1cRIPNSz VZdxR2ah8EZQL7bFAmRyFcgcdkveOxsQZUA/hDp9tHEqS8YA6HRaFEmyQzT7ztcClpgh aR7cJuP3qmIOOvjusYZzfaQQVGENlLGfwUNEJDXTGg3ERCm16jG+o4FzILFu/s7YeamC E6Q0ZZxVtYON4TYQe3OOxBiQUnQ2g6o4w+u44Ny4ya3NhLoh2FpZMQmIJudyIHRcT/Ul HJjtwhA/08OiBOUxYuFQt3PWkvNtSxdeSThw8nUWfrbNAP5RZvd87i7AivU3hbrDz+0L tdcg== MIME-Version: 1.0 X-Received: by 10.182.171.8 with SMTP id aq8mr2578531obc.27.1367555733056; Thu, 02 May 2013 21:35:33 -0700 (PDT) Received: by 10.60.132.51 with HTTP; Thu, 2 May 2013 21:35:32 -0700 (PDT) In-Reply-To: <5182FC5D.4050507@apache.org> References: <517F96F0.3090004@ice-sa.com> <20130430114945.GA23155@elias> <5180663B.2010001@ice-sa.com> <20130501191547.GA12678@elias> <5182225C.8070401@ice-sa.com> <5182FC5D.4050507@apache.org> Date: Thu, 2 May 2013 21:35:32 -0700 Message-ID: Subject: Re: URL scanning by bots From: Ben Reser To: dev Content-Type: text/plain; charset=ISO-8859-1 X-Virus-Checked: Checked by ClamAV on apache.org On Thu, May 2, 2013 at 4:53 PM, Guenter Knauf wrote: > isnt that one of the core issues - that folks who dont know what they do run > a webserver? And then, shouldnt these get punished with being hacked so that > they try to learn and finally *know* what they do, and do it right next > time? ;-) I have to say this is a horrible attitude. Nobody should be advocating that a lack of knowledge should result in getting hacked. Yes, it's the obvious result of the situation that exists today. But we should be striving to make things as easy for the inexperienced user as possible. Just the other day I saw someone saying pretty much that unless you're an Apache httpd expert you should just use nginx. That if you aren't an expert then you won't have Apache configured properly and when you get a heavy load your website will fall over. It's just disappointing to see this attitude coming from a httpd PMC member.