I published the following diary on isc.sans.org: “Bots Searching for Keys & Config Files“.
If you don’t know our “404” project, I would definitively recommend having a look at it! The idea is to track HTTP 404 errors returned by your web servers. I like to compare the value of 404 errors found in web sites log files to “dropped†events in firewall logs. They can have a huge value to detect ongoing attacks or attackers performing some reconnaissance… [Read more]
One comment