💾 Archived View for station.martinrue.com › sarmun › 84f3be60a7744cc585ebbe7b181a248a captured on 2023-12-28 at 18:22:34. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2023-11-04)
-=-=-=-=-=-=-
I just looked - out of pure curiosity - to my http server logs. That's somewhat scary. MOST of the requests were hacking attempts. Not very sophisticated - just checking for some obvious errors, like letting the GET arguments to be executed or leaving some php-related stuff installation scripts hanging around. Even though... Hey! Why would someone even bother hacking a really small server of a regular guy? And... why people do such things? Ok... I know, why, but still - that's sad.
BTW I have also a gemini capsule: gemini://0x00ff.pl You can visit if if you like ;)
9 months ago · 👍 innerteapot, warpengineer, jo, ivanodin
I work for a company where our system is in .NET but I also have seen requests for this bot scanning for PHP vulnerabilities. · 8 months ago
I'm pretty sure it wasn't "someone" and just some bot that does scans. But finding unsecure nodes is a first step for getting machines in a botnet. · 9 months ago
The requests l get look like this: GET /upl.php HTTP/1.1. There are programs scanning the whole internet all the time. · 9 months ago
I have been monitoring the kind of activity on port 80 of my gemini server. So far I have seen scans from about 100 asns. When it comes from an ISP, I consider that someone is running malware and when it comes from a data center, I block it. · 9 months ago
yup ive noticed this too its very annoying. i recommend putting up some fail2ban stuff if you haven't already. unfortunately every ip or domain on the web is subjected to this and there's not much you can do about it but to make sure your server isnt easily hackable and setting something up that blocks those who try · 9 months ago
Unfortunately the modern internet is more wild west than the wild west ever was :'( I usually have a block list of around 4000 unique IPs a day generated from my firewall traffic. that's in addition to usiing several other public blocklists that these were not on. · 9 months ago