So I cleaned up some malicious php scripts from a client's site and I've been monitoring for follow up connections to the scripts. Of course, I've found ALOT of IP's requesting the files. Too many to try and blacklist and too many different netblocks to block at a high level.
I'm thinking about redirecting all subsequent requests for the files to some kind of blackhole/tarpit/honeypot/badguy reporting system, but I'm not sure if such a thing exists for HTTP traffic.
Ideally, I could redirect these IP's to the Internet police and they would be subject to investigation and stern talking to's, but I doubt a system like that exists due to it's potential for abuse
Aucun commentaire:
Enregistrer un commentaire