tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier ...@ice-sa.com>
Subject Re: Tomcat access log reveals hack attempt: "HEAD /manager/html HTTP/1.0" 404
Date Mon, 15 Apr 2013 16:09:19 GMT
In what I believe to be related anough to the subject of the original post, I would like 
to float a proposal, to make life a bit harder for these automated hackers.

By personal observation, I note that many such attempts (the large majority in fact) end 
up requesting URLs which do not exist on properly-configured servers, and thus ultimately

result in a "404 Not Found" response.
It is also the interest of these annoying tools to be able to scan as many IP addresses 
and ports as possible, within as short a time as possible, in order to locate vulnerable 
targets faster.
But nevertheless, they cannot use too short a timeout for each of these URLs that they 
request, otherwise they would end up neglecting a lot of juicy targets whenever their own

network connection (or the target's) is a bit slow.

On the other hand, I would suppose that legitimate well-written applications rarely 
deliver responses containing links that will, when used, result in 404 responses.

So why not insert an optional parameter into Tomcat somewhere, which would have the effect

of delaying any "404 Not Found" response by a few (configurable) seconds ?

I am quite sure that if this was done cleverly, its impact on the server's own load could

be minimised, and it would greatly annoy those miscreants, by forcing them to wait n times

longer for each unsuccesful attempt.  No ?


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message