Re: [Httpbl-beta] Server+Mod running, tests incomplete?

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Sounds nice.
> To give you some sneak previews:
>
> - Authenticate with Project Honey Pot RBL
> Checks that your Access Key is valid. Currently this check is not  
> enabled.
>
> - Submit 404 Data
> One of the ways that "script kiddies" look for exploits is by trying  
> random URLs on your server and seeing if you have vulnerable software  
> installed. For the most part, this results in 404 (page not found)  
> errors. By recording these 404 errors we can look for patterns and  
> add the IPs that are clearly out to find exploits to the http:BL. If  
> you'd prefer to not share this data with us, you can turn it off  
> through a directive.
>
> - Submit POST data to server
> Checks that we can POST to a remote server and receive a response.  
> Critical for a number of functions, including virtual honey pots.  
> We're still testing this internally, but expect to release a copy of  
> the code with it enabled soon.
>
> - Query for Honey Pot
> Checks to see if you can enable a virtual honey pot. This allows you  
> to define a URL that will act as a honey pot. The honey pot receives  
> data from our central servers, including, potentially, specially  
> tagged email addresses, trap forms, and other tests of bots. Data  
> from the honey pot is then transmitted back to Project Honey Pot to,  
> where appropriate, be included in http:BL.
>   
Have you made plans about using the output of mod_security to find those 
hosts that scan for known security-holes?
That might be a nice feature, too.

Phillip