404 error in the log

0
Hi, From time to time someone tries to access pages that doesn’t exist and I guess that it is good that the administrator can be told that something might be missing. But when the user is obviously up to no good then I deffinetly don’t regard  it as an error Timestamp Jul 04, 2020 03:04:34.658 Level Error Node Connector Message 404 - file not found for file: \..\..\..\..\..\..\..\etc/passwd Other examples: 404 - file not found for file: zabbix/ 404 - file not found for file: cacti/ 404 - file not found for file: flex2gateway/httpsecure 404 - file not found for file: PSIA/Custom/SelfExt/userCheck 404 - file not found for file: axis2/axis2-admin/ 404 - file not found for file: dana-na/nc/nc_gina_ver.txt 404 - file not found for file: /cmdownloads/CMDsearch=".base64_decode("dHdxZW5reG51a2J5dmd6")." 404 - file not found for file: CFIDE/administrator/enter.cfm 404 - file not found for file: \..\..\..\..\..\..\..\boot.ini 404 - file not found for file: ..\..\..\..\\..\..\\..\..\\\boot.ini 404 - file not found for file: \../\../\../boot.ini 404 - file not found for file: À.À.\À.À.\À.À.\boot.ini How do you handle this? I don’t want my log to be cluttered by false errors Why is this IP and session not automatically blocked after 100+ attempt within ~2 min? Kind regards Johan
asked
1 answers
0

This way you know at least that somebody is trying to find holes in the system. And indeed it would be nice if system blocked this IP automaticly. It would be nice if somebody from Mendix could give some comments on what the platform does with such vulnerability scans.

Regards,

Ronald

 

answered