💾 Archived View for station.martinrue.com › sarmun › 84f3be60a7744cc585ebbe7b181a248a captured on 2024-08-25 at 06:22:37. Gemini links have been rewritten to link to archived content

View Raw

More Information

⬅️ Previous capture (2024-05-12)

-=-=-=-=-=-=-

👽 sarmun

I just looked - out of pure curiosity - to my http server logs. That's somewhat scary. MOST of the requests were hacking attempts. Not very sophisticated - just checking for some obvious errors, like letting the GET arguments to be executed or leaving some php-related stuff installation scripts hanging around. Even though... Hey! Why would someone even bother hacking a really small server of a regular guy? And... why people do such things? Ok... I know, why, but still - that's sad.

BTW I have also a gemini capsule: gemini://0x00ff.pl You can visit if if you like ;)

1 year ago · 👍 innerteapot, warpengineer, jo, ivanodin

Links

gemini://0x00ff.pl

Actions

👋 Join Station

6 Replies

👽 ivanodin

I work for a company where our system is in .NET but I also have seen requests for this bot scanning for PHP vulnerabilities. · 1 year ago

👽 justyb

I'm pretty sure it wasn't "someone" and just some bot that does scans. But finding unsecure nodes is a first step for getting machines in a botnet. · 1 year ago

👽 remy

The requests l get look like this: GET /upl.php HTTP/1.1. There are programs scanning the whole internet all the time. · 1 year ago

👽 remy

I have been monitoring the kind of activity on port 80 of my gemini server. So far I have seen scans from about 100 asns. When it comes from an ISP, I consider that someone is running malware and when it comes from a data center, I block it. · 1 year ago

👽 jo

yup ive noticed this too its very annoying. i recommend putting up some fail2ban stuff if you haven't already. unfortunately every ip or domain on the web is subjected to this and there's not much you can do about it but to make sure your server isnt easily hackable and setting something up that blocks those who try · 1 year ago

👽 drh3xx

Unfortunately the modern internet is more wild west than the wild west ever was :'( I usually have a block list of around 4000 unique IPs a day generated from my firewall traffic. that's in addition to usiing several other public blocklists that these were not on. · 1 year ago