[TriLUG] so you think you've been rooted...

Barry Gaskins barry.gaskins at gmail.com
Wed Mar 11 09:58:04 EDT 2009


   Well I don't think the bots have feelings or anything but many of
them do start with a list of compters to scan instead of randomly
picking IP addresses to scan.

   In this example of looking for roundcube servers to scan the bot
could do a google search for
welcome roundcube webmail username password
That will get you a list of servers running roundcube to try to break
into.  And since google will sort your list by popularity, the more
popular sites are more likely to get broken into...


   - Barry Gaskins



On Wed, Mar 11, 2009 at 9:48 AM, David McDowell <turnpike420 at gmail.com> wrote:
> I was curious if anyone knew if a bot had feelings or discriminated
> from one site to the next? If you are out there, you should be
> prepared. You can't expexct to wave your Jedi hand and say "you don't
> really see us b/c we are small and insignificant"
>
>
> On 3/11/09, Jarod Watkins <jarod at jxxtech.net> wrote:
>> On Tue, 10 Mar 2009 17:13:07 -0400, Alan Porter <porter at trilug.org> wrote:
>>>> Ouch, and to think I was going to install roundcube on my server this
>>>> summer.
>>>
>>> I have roundcube on my personal server, but I hide it behind HTTP
>>> authentication.  That means I can get to it when I need to, but it
>>> is not open to Joe Random H4X0r to probe.
>>>
>>> Add a couple of lines to your apache config file, and continue to
>>> use it.
>>>
>>> Alan
>>
>> I also run roundcube, however only on https. So far no script kiddies have
>> tried to attack it. I believe most of their tools do not have tls support
>> compiled in, so very few scan on https. Or maybe its just because I am so
>> small no one cares.
>> --
>> TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
>> TriLUG FAQ  : http://www.trilug.org/wiki/Frequently_Asked_Questions
>>
>
> --
> Sent from my mobile device
> --
> TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG FAQ  : http://www.trilug.org/wiki/Frequently_Asked_Questions
>



More information about the TriLUG mailing list