News:

The anti-spam plugins have stopped being effective. Registration is back to requiring approval. After registering, you must ALSO email me with your username, so that I can manually approve your account.

Main Menu

Hacked! (Or "Why I Hate People")

Started by Xepher, September 11, 2005, 12:47:47 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Rindesei

Xepher thanks for getting the system back as quick as you did!

Xepher

Frack... there's still an entire botnet attacking the server. I'm starting to wonder if the reason this all looked so odd was that there's more than just one person/group trying to get in. Did I mention I hate people?

Gwyn

Pizza party! Pizza for everyone!....who has money?

trekkie1701c

Quote from: XepherFrack... there's still an entire botnet attacking the server. I'm starting to wonder if the reason this all looked so odd was that there's more than just one person/group trying to get in. Did I mention I hate people?
Write a file in the server's root directory (where most hackers land after they get in), titled "Xepher's Bank Password".  Have it set so that anyone who accesses it has the unfortunate consequence of their computer deciding to shut down on them.

Well... I don't know if it could be done, but it's an interesting form of revenge...
What are you looking here for?

Xepher

Computer's don't work that way... I wish they did sometimes though.

I'm not still getting "hacked" per-say, as there doesn't seem to be anyone who has access, but there are dozens of computers trying to login continually and trying all sorts of likely names and passwords. In other words, the barbarian hordes are at the gates and pounding against them repeatedly.

Here, take a look at a snippit of the log file.
QuoteSep 11 18:16:10 [sshd] Invalid user gitane from 67.15.28.13
Sep 11 18:16:10 [sshd] Invalid user godeffroy from 67.15.28.13
Sep 11 18:16:10 [sshd] Invalid user gracien from 67.15.28.13
Sep 11 18:16:11 [sshd] Invalid user grant from 67.15.28.13
Sep 11 18:16:11 [sshd] Invalid user granville from 67.15.28.13
Sep 11 18:16:12 [sshd] Invalid user grazieele from 67.15.28.13
Sep 11 18:16:12 [sshd] Invalid user gregoire from 67.15.28.13
Sep 11 18:16:13 [sshd] Invalid user gr351gory from 67.15.28.13
Sep 11 18:16:13 [sshd] Invalid user gucci from 67.15.28.13
Sep 11 18:16:13 [sshd] Invalid user guerin from 67.15.28.13
Sep 11 18:16:14 [sshd] Invalid user guerinet from 67.15.28.13
Sep 11 18:16:14 [sshd] Invalid user guibert from 67.15.28.13
Sep 11 18:16:14 [sshd] Invalid user guilette from 67.15.28.13
Sep 11 18:16:15 [sshd] Invalid user guillaume from 67.15.28.13
Sep 11 18:16:15 [sshd] Invalid user guillemin from 67.15.28.13
Sep 11 18:16:16 [sshd] Invalid user guillemot from 67.15.28.13
Sep 11 18:16:16 [sshd] Invalid user guillot from 67.15.28.13
Sep 11 18:16:20 [sshd] Invalid user guimart from 67.15.28.13
Sep 11 18:16:20 [sshd] Invalid user guiot from 67.15.28.13
Sep 11 18:16:20 [sshd] Invalid user guiote from 67.15.28.13
Sep 11 18:16:21 [sshd] Invalid user gunter from 67.15.28.13
Sep 11 18:16:21 [sshd] Invalid user gustav from 67.15.28.13
Sep 11 18:16:22 [sshd] Invalid user guy from 67.15.28.13
Sep 11 18:16:22 [sshd] Invalid user gwendoline from 67.15.28.13
Sep 11 18:16:22 [sshd] Invalid user gwenna353lle from 67.15.28.13
And that's just in those 12 seconds!

Anyway, this sort of thing happens semi-regularly over the past few years. Usually they don't keep it up this long though. This has been pretty much steady for the past week. I'm working on getting a program installed that will watch for repeated attempts and then ban that IP address for an hour or so. Actually, I'm thinking I might not ban it, but use a nifty tarpit thing... The analogy would be that instead of just not answering the requests, or just hanging up on them, it'd put them on indefinite hold, until THEY hang up. It would tie up their system resources somewhat and slow down any attacks they're also running against other people. Problem is, I have to reboot the system to implement some of the kernel features needed for it, and that always makes me nervous.

For now, I just hope none of ya'll have easy to guess passwords!

RoxorFuxor

Need to change my password...  :p

Gwyn

Pizza party! Pizza for everyone!....who has money?

maniac_wolfman

J'accuse!

Heh, good job on fixing it so fast Xeph. Although I have no idea why anyone would be trying to hack our humble sites :/

Ashley_Rose

*gets creople peepy pimples* Gah. People are so grodie. I really sometimes wonder who can manage to be such an asshat.
I am sick. I am sick, sick, sick of your shit. And when I'm not sick, I'm tired. I am sick and tired!

Kahootz... I've been... *kahooted*.

Databits

Any chance that you could report this system trying to hack you?
(\_/)    ~Relakuyae D'Selemae
(o.O)    
(")_(")  [Libre Office] [Chrome]

griever

Thanks for getting it fixed fast, Xepher!  It sucks that people want to do that kind of thing though...we're not Microsoft!
"You can get all A's and still flunk life." (Walker Percy)

Databits

(\_/)    ~Relakuyae D'Selemae
(o.O)    
(")_(")  [Libre Office] [Chrome]

Kaspalian

Hiya, I may just be being completely stupid here (and this may not be the right place to post this - should be in technical section?) but I've been having problems getting my homepage back up. I had two saved versions in two different places (both recent), and I have tried uploading both in turn, but I can't actually get them to work. As in, I upload them, but each time I just get an Internal Sever Error message on the net instead of my homepage.
Am I being dumb - in which case, someone please tell me what I'm doing wrong before I nut the screen - or is there something else messing it up? The code seems to be exactly as it has always been.
So, yeah...

Xepher

File permissions? If it's a php file it needs to be set securely. Read the "Help & Info" page section on file permissions.

Xepher

Quote from: DatabitsAny chance that you could report this system trying to hack you?
I'm not sure if you caught everything I said, but it's being attacked by dozens of systems all over the world. This is a botnet... Most likely a bunch of infected machines whose owners have no idea what's going on. It'd be about as useful as trying to report every machine that ever sends you spam.