I published the following diary on isc.sans.org: “Bots Searching for Keys & Config Files“.
If youÂ donâ€™t know our “404”Â project, I would definitively recommend having a look at it! The idea is to track HTTP 404 errors returned by your web servers. I like to compare the value of 404 errors found in web sites log files to â€œdroppedâ€ events in firewall logs. They can have a huge value to detect ongoing attacks or attackers performing some reconnaissance… [Read more]