Mulling Security

I'm sure my site will be DDoS'd soon by the same person that searched for "remote exploit 127.0.0.1" yesterday. It seems they decided to do some follow up research on my site after yesterdays post.

From today's apache logs I have a number of hits from a Greek Internet cafe address 87.101.90.49 using a web crawling tool with the user-agent set to "Windows 98". Very interesting given that the amount of "random" traffic I get from Greece is near zero.

Of course I guess I could just set www to 127.0.0.1 and take care of that problem. :)

Apparently my pun with LUPH was a bit to subtle. The posting discusses the "Login URL Policy Framework" aka LUPF but instead I chose the acronym LUPH.

The "PH" was intended as a pun on the tendency to use "ph" for everything related to phishing.

From yesterdays apache logs. Look at the search term "howto remote exploit 127.0.01". Even better the search came from a host named smarsmtp02.cosmote.gr. Interesting....

Wonder how many pages this guy visited? For the record mullingsecurity.com is hit #14 in google.

195.167.65.19 - - [13/Jun/2007:07:21:46 -0400]
"GET /2006/01/howto-getting-remote-access-to-windows.html HTTP/1.0" 200 20478 "http://www.google.com/search?q=howto+remote+exploit+127.0.0.1&rls=com.microsoft:el&ie=UTF-8&oe=UTF-8&startIndex=&startPage=1"
"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)"