Monday, May 09, 2005

Checking the locks

There were quite a vulnerability exploit attempts on our server. Fortunately, the attempts failed for a number of reasons.
  1. We do a fairly good job of maintaining the security of our server software and applications.
  2. The attempts appeared to be the work of a worm that attacked a software program called ModernBill (which we do not use).
  3. The exploit used a URL which, even if we had the application installed, would not have worked.
  4. ModernBill is a PHP-based application and we do not have PHP installed.
All in all a pretty amateurish exploit attempt. I notified a few organizations from where the exploit attempts originated, but quickly realized that the source of the attempts seemed to be at ISPs and hosting companies that utilitzed the software. The likely response from the owner organizations (as determined based on either ARIN or domain regiatration) would be fairly innefective and I've all but given up on contacting larger companies.