April 04, 2003
exploit reporter?
I'm not one to pay much attention to referral or web access logs. But recently I've had to delve into some and was unpleasantly surprised to find a fair amount of requests for various security exploits. Like looking for formmail.pl, default.ida and a host of others. The hacks don't work, of course, but the people running these searches should be exposed.
Why not deploy some sort of service that collects the IP addresses and uses them during future page deliveries?
Basically, when someone runs exploit searches like this keep track of it. Then when they try reading other, legitimate pages, stuff a warning box of some kind that says "someone from your IP address has been running a exploit search" and give them links to a report page. Basically 'out' them and their ISP. Shame them, if such a thing is possible, into ceasing this behavior. Couple it with geographic lookups so others in their area can start 'applying pressure' to them. Pitchforks and torches, wielded by angry mobs, are often mighty fine ways to apply said pressure.
And even when some poor soul is using a dial-up number that some spammer used before, give them the same error message with a link that says something to the effect of 'hey, if this isn't you then it's someone else your ISP is dumb enough to let onto the Internet'.
Just a thought, oh lazy web...
