Return-Path: X-Original-To: apmail-tomcat-users-archive@www.apache.org Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 90092F891 for ; Tue, 16 Apr 2013 18:43:31 +0000 (UTC) Received: (qmail 61085 invoked by uid 500); 16 Apr 2013 18:43:27 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 60971 invoked by uid 500); 16 Apr 2013 18:43:27 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 60951 invoked by uid 99); 16 Apr 2013 18:43:27 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 16 Apr 2013 18:43:27 +0000 X-ASF-Spam-Status: No, hits=-0.7 required=5.0 tests=RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of pid@pidster.com designates 209.85.215.182 as permitted sender) Received: from [209.85.215.182] (HELO mail-ea0-f182.google.com) (209.85.215.182) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 16 Apr 2013 18:43:21 +0000 Received: by mail-ea0-f182.google.com with SMTP id q15so375260ead.27 for ; Tue, 16 Apr 2013 11:43:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pidster.com; s=google; h=x-received:references:from:in-reply-to:mime-version:date:message-id :subject:to:content-type:content-transfer-encoding; bh=++bnskEWe2EqMf52UTjAUEbAK4UHRIEp2A2rRh5U7NU=; b=VxZnjpFXZxzyrtvlQm/V+kS9nA32Udup8OQDthaLChXE/cUb8+fEA4AKwqJkFkeMiO rsiC+fL1W2Jc403wnMet+KmBOYB69qpGI5HV0Mpol5pvb7L5IyzUv+n8ptV3Y9abeV1A sgwSLjajo2qBfUp4/JhyHtkpXdBUZIWlrY28A= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=x-received:references:from:in-reply-to:mime-version:date:message-id :subject:to:content-type:content-transfer-encoding :x-gm-message-state; bh=++bnskEWe2EqMf52UTjAUEbAK4UHRIEp2A2rRh5U7NU=; b=Rez10GdbX7z6SIsXeist4cu4xtcEBw7Erjl0U5fQYxsTJW1oQtYYiMxeMEXly1MpmD 9Bo/ShOCo/C+VXPmWBP9ERgqrDnKsrjoIRQ1u4KxORzyAm2Y5IXABJECRIDRPesRtJza kXf9sDW5h0t0upoRs188fNZ6IkZpIFpFxCm9KdVAhNKq4Ep5hUHwAE8MKNoLiQSG0+b8 ietFUEG45k9lt/+0t4HUjOs0XAnmGobywsHchDqkEftPW3fCDa7AeTlcFmlkMCNp5mdi rDRI6iU6y8VwVbD67WS4Dkz4+47V5JlpTm0fjdpeRTsvBjrf52udbogOFVepxXHcKa+D qu2Q== X-Received: by 10.15.34.199 with SMTP id e47mr9092043eev.35.1366137781318; Tue, 16 Apr 2013 11:43:01 -0700 (PDT) References: <70C3D7FF9B194C1587F273ADE1623698@HP6910P> <-8374468888202311141@unknownmsgid> <516BD58F.2060207@pidster.com> <2AFD2E9D75D24E1FB992619D3549F388@HP6910P> <516BE951.7000106@pidster.com> <516C2133.8090703@ice-sa.com> <516C262F.6040007@ice-sa.com> <516C359F.4030506@ice-sa.com> <20130416152152.GE13819@IUPUI.Edu> <516D7E93.5020006@ice-sa.com> <8000842584522301737@unknownmsgid> <10884071.5855.1366137501706.JavaMail.mobile-sync@vemw20> From: =?UTF-8?B?UMOvZCBzdMOocg==?= In-Reply-To: <10884071.5855.1366137501706.JavaMail.mobile-sync@vemw20> Mime-Version: 1.0 (1.0) Date: Tue, 16 Apr 2013 19:43:01 +0100 Message-ID: <-3567947474235942048@unknownmsgid> Subject: Re: Tomcat access log reveals hack attempt: "HEAD /manager/html HTTP/1.0" 404 To: Tomcat Users List Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Gm-Message-State: ALoCoQkLNaUmRHRY5ApveJ2JYR+QsknN/Dv32AUb6yA0CCfWNO6Lh0UD1NmNunso1AdO9JDduM3h X-Virus-Checked: Checked by ClamAV on apache.org On 16 Apr 2013, at 19:38, "Andr=C3=A9 Warnier" wrote: > P=C3=AFd st=C3=A8r wrote: >> On 16 Apr 2013, at 17:58, chris derham wrote: >> >>>> Or, another way of looking at this would be that for every 40 servers >>>> scanned without a 404 delay, the same bot infrastructure within the sa= me >>>> time would only be able to scan 1 server if a 1 s 404 delay was implem= ented >>>> by 50% of the webservers. >>> This assumes that the scanning software makes sequential requests. >>> Assuming your suggestion was rolled out (which I think is a good idea >>> in principal), wouldn't the scanners be updated to make concurrent >>> async requests? At which point, you only end up adding 1 second to the >>> total original time? Which kind of defeats it. >>> >>> Again I'd like to state that I think you are onto a good idea, but the >>> other important point is that some (most?) of these scans are run from >>> botnets. These have zero cost (well for the bot farmers anyway). My >>> point is even if the proposal worked, they don't care if their herd is >>> held up a little longer - they are abusing other people >>> computers/connections so it doesn't cost them anything directly. >>> >>> Sorry but those are my thoughts >> >> I tend to agree. Effort will just be expended elsewhere, and that's >> assuming this would have enough of an impact to be noticed. > > Say that it would be easy to implement this in Tomcat, and that we do not= collectively > find good reasons not to do so, and that it does get implemented. > > Then I pledge that my next move would be to bring this similarly onto the= Apache httpd > list (using the Tomcat precedent as an introduction of course (=C3=A0 la = "hey guys ? those > smart Tomcat developers have just had a great idea etc..")). > > I haven't checked the actual numbers yet, but I would imagine that betwee= n Apache httpd > and Tomcat, we're talking of a significant proportion of the overall webs= ervers, no ? Only if you can get them updated in a timely fashion. And only if the default setting is 'on'. p > Alternatively of course, still if there are no definite arguments against= it, but the > Tomcat developers are not interested, I could go to the Apache list anywa= y. And then they > might be the first to introduce this great feature. > > Or maybe I'll just patent it, and then sell the patent to the makers of t= he third > most-popular webserver.. > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org > For additional commands, e-mail: users-help@tomcat.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org