|
|
|
|
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Darren New wrote:
> andrel wrote:
>> Perhaps Ian should have consulted someone before acting so rash.
>
> Or at least before broadcasting his confession all over the world. ;-)
>
FWIW, I'd frequently get mounds and mounds of attempts against my system
when I was self-hosted... All I could really do was look at the logs and
smile. All of the attempts were directed toward IIS... :-D Fun...
I really couldn't be bothered to do much else. Way too many attempts to
compromise the system to ever get anything done if I reported all of
them, which were probably using other compromised systems anyway.
--
~Mike
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Mike Raiford wrote:
> FWIW, I'd frequently get mounds and mounds of attempts against my system
> when I was self-hosted... All I could really do was look at the logs and
> smile. All of the attempts were directed toward IIS... :-D Fun...
The ones I got while running a Linux cluster all seemed to be attacking
Apache and PHP, looking for things like phpadmin and such. Only about once
or twice a week or so, always the same pattern but not the same IP blocks.
--
Darren New, San Diego CA, USA (PST)
My fortune cookie said, "You will soon be
unable to read this, even at arm's length."
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On 17-3-2009 21:39, Darren New wrote:
> andrel wrote:
>> Perhaps Ian should have consulted someone before acting so rash.
>
> Or at least before broadcasting his confession all over the world. ;-)
Yes that is sort of what I mean. At least start next time with 'If I was
bothered by ... and I know the IP, would you think it is a good idea...'
even if you have already done it. In the end this is a somewhat
different audience than the usual newsgroup.
Next legal problem: we now know that we have probably a criminal amongst
us (at least that is how I feel about this) should we take action? My
feeling is that this is not severe enough to justify an action that
would result in invading the privacy of Ian. Nor can we tell anybody
that there is this guy (probably) that has erased a server somewhere on
this world or so he(?) says, probably sometime last week. Not really
specific if you ask me. Still, I would have preferred not to know.
Non-legal problem: how to react to ian within this newsgroup. Nothing
changed as far as I am concerned. Apart from noting the fact that he can
apparently behave like a hothead sometimes. And he has the knowledge and
tools to do nasty things with computers. At least he did not use a gun.
That reminds me: where is Ken?
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On Tue, 17 Mar 2009 21:17:29 +0100, andrel wrote:
> Some
> indication may be in how long it takes to get the system running again,
> if that is more than a few days, the owner was probably innocent.
That's not a very good indication; reinstalling an OS is easy. Suppose
the system were being used to do cancer research; that could be years of
work lost. Of course if it were, they'd *better* be running backups, too.
Jim
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On 17-3-2009 23:00, Jim Henderson wrote:
> On Tue, 17 Mar 2009 21:17:29 +0100, andrel wrote:
>
>> Some
>> indication may be in how long it takes to get the system running again,
>> if that is more than a few days, the owner was probably innocent.
>
> That's not a very good indication; reinstalling an OS is easy.
Indeed, that is what I was thinking, so if they take a long time they
are most probably amateurs who unknowingly left open a door to intruders
(they did, we know that) and let other use their system.
If they reinstall fast they have either good support or are knowing
themselves. I would not take a bet on that, so my guess was that only a
long time before the IP can be pinged would mean something.
Other theories welcome.
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
[GDS|Entropy] wrote:
>
> Haha...I hope they like their nicely wiped system. :-D
>
> I should have just flashed their BIOS with garbage, or upped thier proc and
> RAM voltage to absurd levels...but I'm not *that* mean...
>
So, that's why Google was down recently!
:-o
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Jim Henderson wrote:
> That's not a very good indication; reinstalling an OS is easy. Suppose
> the system were being used to do cancer research; that could be years of
> work lost. Of course if it were, they'd *better* be running backups, too.
Heh. I had one contract job I turned down after a day or two of looking at
it. Wistar institute, a famous cancer research place here, had all their
stuff in a DBaseII database on a CP/M machine - Osborne, IIRC. They had a
30meg drive, 29.75 meg full or so, and wanted me to add all kinds of
features. There was years of data in it, and most of the people were dead,
so it would be impossible to replicate.
I asked them when they'd made the last backup, and they said "We've never
managed to make a backup. The system is too unstable to make a whole backup."
OK. I'll just exit out this way, avoiding the rooms with people in full-body
leather coats using tongs to drop test-tubes into lead-lined containers.
--
Darren New, San Diego CA, USA (PST)
My fortune cookie said, "You will soon be
unable to read this, even at arm's length."
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
andrel wrote:
> Yes that is sort of what I mean. At least start next time with 'If I was
> bothered by ... and I know the IP, would you think it is a good idea...'
> even if you have already done it. In the end this is a somewhat
> different audience than the usual newsgroup.
>
> Next legal problem: we now know that we have probably a criminal amongst
> us (at least that is how I feel about this) should we take action?
Reminded me of:
http://imagechan.com/images/4256c6ebf2ec36d11ed68fc71fd34bfb.gif
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
I did act rashly; which probably wasn't a good idea. The presence of
malicious tools on the system and lack of much else was to me, a pretty good
indication that I had the right person.
I normally would never retaliate in such a way, and in fact I typically help
people lock their systems down, remove viruses, spyware, etc.. and educate
them as to the proper ways to protect themselves. I'm not exactly "black
hat", more white hat than anything.
I have learned certian things so that I might understand the ways in which I
or my clients may be attacked, so that I may more adequately protect against
such threats.
So such retaliation was pretty out of character for me. I'm not a "bad
person" nor do I engage in unwarranted malevolent behavior.
Looking back, I was wrong.
I will not retaliate in such a way again...apologies to all...
I do hope I can earn your collective trust/respect back.
ian
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
"andrel" <a_l### [at] hotmailcom> wrote in message
news:49C### [at] hotmailcom...
> Next legal problem: we now know that we have probably a criminal amongst
> us
Just one?
;)
~Steve~
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |