We just found out that someone is trying to hack one of our boxes. Initial research indicates that the attack is coming from a security consulting firm. The box runs apache and mod_perl. Naturally, this fact is listed in the headers (though admittedly, they can be spoofed). The attacker is using an ISS exploit. Hmm...
On the off chance that this has been officially sanctioned, I will be rather irritated. I told management a long time ago (and they agreed) that a basic risk analysis needs to be performed. We already know some issues. To have them quietly go out and hire a security consulting firm before we've had a chance to batten down hatches that we know are open is rather annoying.
