Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 2 subscribers
  • Views 941 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Getting 100's of these messages a day??

unkfrank12
Hi all,
Correct me if I'm wrong, but don't I want the Search Engines spiders coming through the firewall to index my site?
Here's the message. Typically the dns points to Looksmart, Yahoo, or Google.

A packet was identified that may be part of an intrusion attempt. 
The packet was detected by the Intrusion Detection system. The matching 
rule classified this as medium priority level. The packet properties 
and the alert reason are:

[1:1852:0] A WEB-MISC robots.txt access [Classification: access to a potentially vulnerable web application] [Priority: 2]:  {PROTO006} 68.142.251.159:59400 -> 192.168.1.200:80

200 is my webserver.
68.142.251.159 points to Yahoo!.

Any suggestions, is there a way to allow these??
Thanks,
Frank


This thread was automatically locked due to age.
Parents
  • 0
    Do I understand you right, and you do NOT want to allow spiders to read your robots.txt?
    To block this with your IPS, set the action of the following rules to block:
    Web-Misc >>  WEB-MISC robots.txt access  (ID 1852 and 1857).
    This will block the access of search engines to the file robots.txt on your webserver.
    Hope this helps,
    /bagira
Reply
  • 0
    Do I understand you right, and you do NOT want to allow spiders to read your robots.txt?
    To block this with your IPS, set the action of the following rules to block:
    Web-Misc >>  WEB-MISC robots.txt access  (ID 1852 and 1857).
    This will block the access of search engines to the file robots.txt on your webserver.
    Hope this helps,
    /bagira
Children
No Data