Skip to main content

Every wondered how often your site gets scanned?

I run a demo instance of Atomic Lab’s Pion at home that I use for customer demonstrations and generally playing around.

I have been looking recently at the visitor session replay functionality and it’s fascinating to see how many people are out there just randomly scanning for vulnerabilities.

image

If we drill down into the headers we can see that in many cases the requests have spoofed headers, IP addresses etc

image 

GET http://www.eduju.com/proxyheader.php HTTP/1.1
Host: www.eduju.com
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Accept: */*
Accept-Language: zh-cn
Connection: Keep-Alive



The other common request string appears to be:




GET http://58.218.199.147:7182/judge.php HTTP/1.1



All of these requests use up your server resources, but standard analytics won’t show them up, so network-level analytics like Pion are the way to go!

Labels:

Comments

Post a Comment

Popular posts from this blog

So what else does Operations do? Well, there is a whole organisation run by the UK govermnent to help answer that question! ITIL , or the IT Infrastructure Library, is a library of best practice information that basically tells you everything you need to do to run an IT department. Similarly developers have development methodologies such as RAD, JAD, Agile/XP, and Project Managers have PM methodologies such as Prince 2, PMBok etc to cover off their areas in more specific detail. ITIL breaks it down into 7 key areas: Service Support - deals with the actual provision of IT services such as the service (help) desk, incident management, problem management, release management etc Service Delivery - deals with ensuring that you can continue to DELIVER the service support functions with things like contigency planning, capacity management, service levels etc The Business Perspective - helps to ensure that the IT function is aligned with the organisation's business strategy and that how to...
2 comments
Read more

Top 13 Website Crashes of 2010?

I was doing a bit of research for an article and I started compiling a list of high-profile website crashes in 2010. Pingdom have published a list here - http://www.readwriteweb.com/archives/major_internet_incidents_and_outages_of_2010.php as have Alertsite here - http://www.huffingtonpost.com/2010/12/29/the-biggest-web-outages-o_n_801943.html But I decided to compile my own list from a more UK-centric perspective and came up with my “baker’s dozen” below. # Site Date News Link 1 National Rail Jan-10 http://www.theregister.co.uk/2010/01/05/rail_chaos/ 2 Outnet Apr-10 http://www.guardian.co.uk/lifeandstyle/blog/2010/apr/16/outnet-sale-website-crash 3 Apple (iPhone 4 Launch) Jun-10 http://www.dailymail.co.uk/sciencetech/article-1286756/Apple-iPhone-4-pre-order-Website-crashes-new-iPhone-goes-sale.html 4 ITV.com (World C...
2 comments
Read more

Using Gmail aliases to create multiple test email accounts for QA

Came across this today when someone wanted to know how to create multiple email test accounts without involving their IT department (don’t ask!) or managing multiple free email accounts. Gmail allows you to create aliases for your email address automatically. For example, if your Gmail account is joe.bloggs@gmail.com then joe.bloggs+test.case01@gmail.com will work for your account – anything after the “+” sign can be used to create an alias.  These emails will be delivered to your normal Gmail inbox. So when you are testing you can use +test.case01, +test.case02, +test.case03 and so on as your test email addresses (assuming that your application doesn’t get upset at the use of the “+” in an email address. It shouldn’t, its a valid character in the RFC http://tools.ietf.org/html/rfc3696#page-5 ) So lets say you want to filter these test emails and label so they don’t get lost in your Inbox. Easy, just use a Gmail filter and search for a whatever common “stem” you used ...
2 comments
Read more