As you may have noticed, here at JoeDog Enterprises Incorporated Ltd ESQ Inc., we switched from http to https last weekend. Exciting!
We warned you that such a move could be accompanied by unintended consequences. But keep in mind, not all side effects are bad. Just like painkillers can provide a little glow along with relief, some changes can provide unintentional benefits. Here’s the story of one of them.
This morning we noticed skiddie activity. That’s not unusual. Every morning we notice skiddie activity. Some asshole from 220.127.116.11 in Williamsville, NY is running an attack right now. Our http logs are filling with this activity:
18.104.22.168 - - [20/Apr/2015:08:32:35 -0400] "POST /xmlrpc.php HTTP/1.1" 302 213 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
See that 302? That means our http virtual host is issuing a redirect to https. Here’s the thing: He doesn’t appear in the https logs. That means his stupid skiddie script is too dumb to follow the redirect. For the past hour he’s done nothing but causing meaningless redirects …
… and now he’s blocked.
UPDATE: Those 302s are now 301s as per Tim Funk’s recommendation. If skiddie can’t follow 302, he can’t follow 301 either….
UPDATE: That’s weird. My linky text is recommendation — as in “Tim Funk’s recommendation” — but magic is turning it into “Tim Funk’s 1 comment.”