Nice info for sure...
On the defensive of your site:
You can do a lot with htaccess.
FI: I use htaccess to stop hotlinking, put a redirect to a goatsie in it...
Barry, as promised on icq:
to "help" with scriptkiddies with scanning, i came across this:
!you can ZIP bomb a vuln scanner!
ZIP compression is really good with repetitive data so if you have a really huge text file which consists of repetitive data like all zeroes, it will compress it really good.
It can compress a 4.5 peta byte (4.500.000 giga bytes) file down to 42 kilo bytes.
When a browser/scanner extracts or decompresses the content it will most likely run out of disk space or RAM.
So firstly create a 10 giga byte GZIP file, or bigger, filled with zeroes.
And secondly a PHP script that will deliver it to a client.
Code:
<?php
$agent = filter_input(INPUT_SERVER, 'HTTP_USER_AGENT');
//check for nikto, sql map or "bad" subfolders which only exist on wordpress
if (strpos($agent, 'nikto') !== false || strpos($agent, 'sqlmap') !== false || startswith($url,'wp-') || startswith($url,'wordpress') || startswith($url,'wp/'))
{
sendBomb();
exit();
}
function sendBomb(){
//prepare the client to recieve GZIP data. This will not be suspicious
//since most web servers use GZIP by default
header("Content-Encoding: gzip");
header("Content-Length: ".filesize('10G.gzip'));
//Turn off output buffering
if (ob_get_level()) ob_end_clean();
//send the gzipped file to the client
readfile('10G.gzip');
}
function startsWith($a, $b) {
return strpos($a, $b) === 0;
}
source:
https://blog.haschek.at/post/f2fda