As long as the webapp is reporting 404's - you're in good shape and probably not exposing hints of new vectors for attack. (Sometimes 500's errors can provide hints for tweaking parameters)
But this is really a case study for why people may want to run a web application firewall. (I do not have a recommended vendor / solution) Conversely, this is a good time for the developers to review their server logging and tune it to be less verbose for these normal exceptions. As well as implementing logging frameworks and logging at the appropriate level (fatal through debug) -Tim On Mon, Jun 24, 2024 at 12:29 PM James H. H. Lampert <jam...@touchtonecorp.com.invalid> wrote: > Over the weekend, one of our customers got hit with what appears to have > been either a penetration attempt or a DOS attack (or both). > > Their catalina.out file contains tens of thousands (probably over 100k) > of lines reporting that our webapp received a request for a nonexistent > server object, and issued a 404. > > I suggested that the customer ask their network people to check their > firewall logs, to see if they can find a source, and plug it up, but of > course that only stops it from the known source IP(s). > > Any suggestions on what else can be done? Anything that I should pass on > to the customer or to our webapp developers? > >
