The OIT Security Team has begun implementing periodic scans of all hosts connected to the UCI network for the most common and high impact network and web security vulnerabilities.
The purpose to these scans is to find unprotected systems before hackers do. We can then work with system owners to better protect their computers and data.
Since these scans are benign versions of the attacks hackers use, you may notice certain behaviors in your computer:
- Your log files may show attempts to login from strange addresses or multiple failures in a row that you don’t expect. Web access logs may show many requests from the same IP including strange URLs.
- If you allow anonymous updates to your websites (i.e. no login required), junk data or what looks like spam may be inserted into your application’s database or email forms.
- If web application uses a database and vulnerable to input injection, regular database queries with altered SQL could take longer to run, connection pools may fill up and requests hang waiting for new connections.
If you observe any of these behaviors, treat it as you would any security breach. This may include contacting OIT’s IT security team. If these scans discover a vulnerability, IT Security will contact you with advice. More information can be found on the Security Vulnerability Scans web site.