Wednesday, December 28, 2005
Security is Important
A few days back I configured apache on one of the machines and made it visible to outside world. No content was uploaded and I expected no one to visit the page. Today, when I was checking the access_log for apache (just out of curiosity), I noticed repeated requests for xmlrpc.php (although there was no such file on my machine). There were atleast 12 different machines (in just 3 days) scanning the host for xmlrpc.php. A quick google search revealed the vulnerability in xmlrpc which these machines were trying to exploit.
I always ignored security advisories, and considered them only for paranoids. But similar incidents in last few days have made me realize that security is a real problem. There are so many "bad" machines out there, scanning every other machine for some vulnerability. There is a whole economy behind these viruses and spam. It is therefore important to be cautious.
Look for failed ssh logins with usernames like root,admin,guest etc.
All brute-force attemps. Whats interesing is these attacks come from zombie machines, ones which have been successfully brute-forced.
Links to this post: