Return-Path: 
 <users-return-241383-apmail-tomcat-users-archive=tomcat.apache.org@tomcat.apache.org>
X-Original-To: apmail-tomcat-users-archive@www.apache.org
Delivered-To: apmail-tomcat-users-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 1EA9110D0C
	for <apmail-tomcat-users-archive@www.apache.org>;
 Mon, 22 Apr 2013 21:18:35 +0000 (UTC)
Received: (qmail 85820 invoked by uid 500); 22 Apr 2013 21:18:31 -0000
Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org
Received: (qmail 85750 invoked by uid 500); 22 Apr 2013 21:18:31 -0000
Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:users-help@tomcat.apache.org>
List-Unsubscribe: <mailto:users-unsubscribe@tomcat.apache.org>
List-Post: <mailto:users@tomcat.apache.org>
List-Id: <users.tomcat.apache.org>
Reply-To: "Tomcat Users List" <users@tomcat.apache.org>
Delivered-To: mailing list users@tomcat.apache.org
Received: (qmail 85741 invoked by uid 99); 22 Apr 2013 21:18:31 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 22 Apr 2013 21:18:31 +0000
X-ASF-Spam-Status: No, hits=0.0 required=5.0
	tests=RCVD_IN_DNSWL_NONE
X-Spam-Check-By: apache.org
Received-SPF: error (nike.apache.org: local policy)
Received: from [76.96.62.24] (HELO qmta02.westchester.pa.mail.comcast.net)
 (76.96.62.24)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 22 Apr 2013 21:18:25 +0000
Received: from omta03.westchester.pa.mail.comcast.net ([76.96.62.27])
	by qmta02.westchester.pa.mail.comcast.net with comcast
	id Sz6x1l0040bG4ec519Hj7h; Mon, 22 Apr 2013 21:17:43 +0000
Received: from Christophers-MacBook-Pro.local ([69.143.109.145])
	by omta03.westchester.pa.mail.comcast.net with comcast
	id T9Hj1l00J38FjT13P9HjTs; Mon, 22 Apr 2013 21:17:43 +0000
Message-ID: <5175A8F7.5050503@christopherschultz.net>
Date: Mon, 22 Apr 2013 17:17:43 -0400
From: Christopher Schultz <chris@christopherschultz.net>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8;
 rv:17.0) Gecko/20130328 Thunderbird/17.0.5
MIME-Version: 1.0
To: Tomcat Users List <users@tomcat.apache.org>
Subject: Re: Tomcat access log reveals hack attempt: "HEAD /manager/html
 HTTP/1.0"
 404
References: <20130416152152.GE13819@IUPUI.Edu> <516D7E93.5020006@ice-sa.com>
 <CAG6aRdWapRh+WDwH926Q8FxV7-o-k1cWA8UKyFS2UGHe452Fag@mail.gmail.com>
 <8000842584522301737@unknownmsgid>
 <10884071.5855.1366137501706.JavaMail.mobile-sync@vemw20>
 <-3567947474235942048@unknownmsgid> <516DB043.2080409@ice-sa.com>
 <D72C174D3CAC0A4E812FAD012D646E9F25107124D3@CMS1.enterprise.maricopa.gov>
 <516EDB9B.7030700@ice-sa.com> <516EDFB2.6030103@christopherschultz.net>
 <20130419154221.GC30307@IUPUI.Edu> <51727A68.9080508@ice-sa.com>
 <CAG6aRdXdj+VQvdHtZHYMp28Oq5+35Zi8wDPrmxvYrXxsRKv_-Q@mail.gmail.com>
In-Reply-To: 
 <CAG6aRdXdj+VQvdHtZHYMp28Oq5+35Zi8wDPrmxvYrXxsRKv_-Q@mail.gmail.com>
X-Enigmail-Version: 1.5.1
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcast.net;
	s=q20121106; t=1366665463;
	bh=PRAN5cPrnjFffp53yOY23vsHE+D0rYdpvYS8kwkwSEs=;
	h=Received:Received:Message-ID:Date:From:MIME-Version:To:Subject:
	 Content-Type;
	b=ZSv3n+hiohSuVc/kqDvjK12oLynHDTIiOFG3B7yQFbPSmE6Q4SBMRTYof+YYLMzIJ
	 rK78hRS/C1ZMArsPAZemCpn5RFFYei0IPjhiNa2QVtpBzwkZ5fD0uy8DSd12kFAmCM
	 /zstSHrxUhK5SUpAFCAwhzjWdhcNapWUNxhnszR+UwDc/odN6w+FjO/3QG64JCVIwt
	 0pONil+AUlybLZbZCEr/CphHMLy6y9OpYlAgmkq3cvnFrYJMcb2i2FIE8wXcFJoXbP
	 PRPNf7iOoGVkvHb08lh4rVIHqf1PKo1Bu6T79NPleXF14GFsF/g/+e9W3kuRmLylxS
	 41YkQCNgztwYQ==
X-Virus-Checked: Checked by ClamAV on apache.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Chris,

On 4/20/13 6:08 PM, chris derham wrote:
> I think that you have articulated your suggestion very well. I
> think you have weighed the pros well and been open to debate.
> Personally I just don't think what you propose will have the effect
> that you desire.

I agree. Most of these scanners only scan a few URLs every few seconds
in order to avoid being branded as vulnerability-scanners, so adding a
delay to them won't really change anything.

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJRdaj2AAoJEBzwKT+lPKRY/GYP/2N0gjRMkbwiHJBWtRQQUulG
h4+/c5hGJLUIGx6FZuxQ9VYEz36bU65PecmMSXsxTx1fjkiVDUCb8j4BtBlZrxX8
rWIe8e/GcPaG0XLKBfzq47tFuIwP5F93faSLNQg8BDR3Db2kgpPj6DGfq1XO4r1a
km8GevkCWtCsoSXdYcCyTZcZFZ4YtlJ2gUM7UvTDL8f1Hm+AwTFOuXUXark2Zcsg
d2Gz2i7b49Qtr4on9e+iaNLI87NdyOiKBUOK8qM3suDY1+431cHEhPdfNMCtTcKI
3PEf7qZJaM6DqgjOwuwJGJxgNNPiwyfjYusIfYNHTuC5rnUFHpHW4XhbEghsM+Wi
qKEbAb6JFXo9RGi4ths6h/1EeN76PX3Kjs9cO0ZnOTvEOEsUuI5siKbxFPskqYMS
v4uicF5QmFoVOh1HE7hC2jV1hmpegVGLOmQ+ocpf3ZmDzZPsOkDn9iFtaGBIV51q
FVH6WO3voJ484N6vyFGlUOJy3trSOl+QpzWKRJwPIqcRg4+ugriLSOvFV7PgDley
ICoBZ+VxQwvjtUVe0DsVPLqfpMnslxELg5hDYoAGQh29nhojUzT/l75+hDBLvXt9
WIqD+8oGnpu6p4/8BJTg4fV122m6pPbc/GEn1VvuCwYk0gad1bxeyIvV4UoB6bUm
g+NTExtExQqLKfGsl657
=4chQ
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org