[Owasp-board] OWASP.org down?
matt.tesauro at owasp.org
Fri Jan 25 15:54:31 UTC 2013
It looks like, perhaps, someone in Norway (or at least traffic originating
from there) was doing some odd stuff with the website by POSTing to / over
HTTP - there's a ton of these in the logs:
188.8.131.52 - - [25/Jan/2013:14:29:38 +0000] "POST / HTTP/1.1" 301 497
ARIN for this IP:
Maybe a variant of the slow post attacks. Not 100% sure but seeing those
requests at ~30/second for 2 minutes straight sure stood out.
After that there's some HTTP 408's (Request timed out) so, yeah, that was
-- Matt Tesauro
OWASP WTE Project Lead
http://AppSecLive.org - Community and Download site
On Fri, Jan 25, 2013 at 9:44 AM, Sarah Baso <sarah.baso at owasp.org> wrote:
> Thanks Matt.
> On Fri, Jan 25, 2013 at 9:43 AM, Matt Tesauro <matt.tesauro at owasp.org>wrote:
>> Its back now. Looking at the logs currently. Notices that China's
>> largest search engine is indexing us if the user-agent below can be
>> 184.108.40.206 - - [25/Jan/2013:14:27:07 +0000] "GET / HTTP/1.1" 301 525
>> "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +
>> I could SSH to the box and 80 and 443 showed as responding locally. May
>> have been a network burp. I'm going to dig a bit more and see what I find.
>> -- Matt Tesauro
>> OWASP WTE Project Lead
>> http://AppSecLive.org - Community and Download site
>> On Fri, Jan 25, 2013 at 8:51 AM, Sarah Baso <sarah.baso at owasp.org> wrote:
>>> Matt- can you look onto this?
>>> *psiinon (@psiinon <https://twitter.com/psiinon>)*
>>> 1/25/13, 8:45 AM <https://twitter.com/psiinon/status/294818245146460160>
>>> @owasp <https://twitter.com/@owasp> looks like owasp.org<http://t.co/P0gTESR9>is down :(
>>> downforeveryoneorjustme.com/owasp.org <http://t.co/q5rs3yTU>
>>> Download the official Twitter app here<https://twitter.com/download?ref_src=MailTweet-iOS>
> OWASP Foundation
> sarah.baso at owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-board