Forgot your password?
typodupeerror
Linux

frozencesium's Journal: script kiddies ATTACK!!! 4

Journal by frozencesium
Ok...this is really damn annoying.

for the past 5 days or so some idiot with a bunch of zombies has been pounding my poor little server. to make matters worse, the attack is a winblowz IIS attack. duh...like the idiot couldn't bother with fingerprinting my os (which of course will return my router's os) or even checking to see which webserver i run.

of course i'm running linux with apache in a chroot jail (as non-root user), so i'm not that worried (IIS attacks agains linux/apache...amature...), but he's still eating up my bandwidth...that in and of itself deserves death. if i drop the packets, that doesn't do anything but relieve my poor apache server from processing the bad requests...meanwhile they are still eating my bandwidth...gggrrr...

you would think that any decent script kiddie (if there is such a thing) would be less obtrusive and at LEAST quit after a few attempts with the same attack over and over again faild misserably...

of course these are zombie boxes and i am only one person, so tracing is an almost impossible task...

you know...if it was someone with skill and they actually got in, i would probably be less mad because they at least have skill. this is some dickhead with his mommies 'puter trying to pretend he's l337.

asshole...

-frozen
This discussion has been archived. No new comments can be posted.

script kiddies ATTACK!!!

Comments Filter:
  • Sure it isn't some infected IIS server? I still get Nimda and the likes battering on my server dayly. Mostly -if I even bother- when doing a lynx -head http://offending-ip it's just a poor chump with a IIS server.

    Once I found someone who was running a Redhat and his sendmail was wide open. I just left a message for "root", to ask what all this stuff was about. That must have been a script kiddie. Oh, well, I've been lucky so far. My apache logs show a lot of scripted attacks (as I say, most of which

    • these machines are comming in from all over the world and were probably wormed. i haven't checked to see if it's home users (with IIS enabled) or corperate IIS stuff. to be honest, i just don't have the time. i guess i could try a few of the MANY ip's tonight and see... the attack is looking for any of 17 holes in IIS.

      th eproblem has been finding the punk. the attacks seem to be automated, so trying to back trace these attacks is too time consuming for me at the moment. of course i'm working on it...b
      • I can understand your pain.
        I just checked my logs: on average I get one worm-hit per 3 hours. (Assuming it are worms) So really you must be under attack. Since I don't know the nature of your line, why don't you just change your IP address? (renew the DHCP lease) Of course, if they're attacking based on your domain name, it's not going to help.
        Did you piss off someone on slashdot or so? That would be a likely source from attackers ;-)
        • I certianly don't know if i pissed off anyone...but who knows?

          i would change ip's, but it very well may be an attack against a block of ip's...not good if i stay with the same isp. i have to stay with my current isp if i want broadband...so...

          the other problem is that i'm running my own domain including DNS. since my friends and i do primary and backup dns for eachother, both of our domains would go down for a bit until our changes propagated through the DNS system (not only would the records have to

"Those who will be able to conquer software will be able to conquer the world." -- Tadahiro Sekimoto, president, NEC Corp.

Working...