Problem

Site error logs showed multiple attempts to find certain files (e.g. profile.php, wp-content) that were known to be vulernable, and yet were never in use on the impacted site. This was clearly a bot looking to identify sites that could be compromised.

Solution

A 404 page script could unobtrusively block bad bots don't respect robots.txt directives and bots / scanners looking for know vulnerabilities. Basically, it would include a list of files checked by bad bots (not including files used by RavenNuke, for example). It would not rely on potentially-spoofed user agents or IP addresses.

Announcing nukeERROR™, featuring ZB Block, to provide several features for any website that supports PHP, including, but not limited to, PHP-Nuke and RavenNuke-based sites.  nukeERROR™ planned features include:

• 404 page integration with ZB Block and a custom signature to detect and block vulnerability scanners
• File-based configuration and logging to reduce resources (compared with database access)
• Configurable use of Internet Storm Center (ISC) Collaborative 404 reporting (not currently working)
• Configurable delay to reduce impact of mass attacks (currently fixed)
• Configurable template, including samples (planned), supporting 403, 404, 405, 408, 500, 502 and 504 error pages with a configurable, single-language message
• Configurable use of Google Webmaster Tools 404 page search (also depends upon template

If you're interested in participating in a Beta test or have comments or suggestions regarding nukeERROR™, please provide them here.