My online forums are visited by suspicious hosts quite regularly and some nasty visitors were trying to get in by the highlight exploit.
I am currently testing the reaction to a log experiment. Whenever a host sends an unwanted request, I am simply logging it and present it on a seperate page listing the host name, IP, IP port, date and time, the http agent as well as the actual http request URL.
http://www.ng-ethernet.com/ethernet_forum/phpBB_exploit.php
The log is steadily filling up and more importantly is visited by people, who have searched google for (their ?) IPs and host names.
What do you think about such a "means of defence" ?
The used script will get posted for download.
Regards,
Thomas

