Daily Archives: March 16, 2017

Under attack

Yesterday morning I woke up to several hundred (or was it thousand?) messages from the online contact form on my website.  They came from what was clearly an automated dumb probe: all within a few minutes just before 4 a.m.  The probe had tried filling different fields with all kinds of payloads: fishing Unix paths, fishing Windows paths, escaped and unescaped commandline sequences including shellshock, SQL injection attacks, Javascript/XSS fragments, attempts to send mail or proxy HTTP.  Oh, and some fragments whose potential purpose eludes me.

OK, no big deal: just a few minutes of my time.  Dumb bots attack websites all the time.  Whatever vulnerabilities my server has (and I’m sure there are some), that kind of bot probing my contact form is no threat – except insofar as it could become a DoS.

This morning, another 740 messages.  From an even briefer probe: all at 03:59 and 04:00.  Checked the IP they all came from, and firewalled it off.  With a DROP rule, of course.  If it recurs from elsewhere, I’ll have to take a view on whether this approach can be extended or is useless.

If I can be arsed, maybe I’ll stay up and tail the log tonight, starting 03:50 or so.  Wonder if the perpetrator can be pwned while in action?  On second thoughts, maybe not at that hour, doubly not after the couple of pints I regularly enjoy on a Thursday evening.