Journal frozencesium's Journal: script kiddies ATTACK!!! 4
Ok...this is really damn annoying.
for the past 5 days or so some idiot with a bunch of zombies has been pounding my poor little server. to make matters worse, the attack is a winblowz IIS attack. duh...like the idiot couldn't bother with fingerprinting my os (which of course will return my router's os) or even checking to see which webserver i run.
of course i'm running linux with apache in a chroot jail (as non-root user), so i'm not that worried (IIS attacks agains linux/apache...amature...), but he's still eating up my bandwidth...that in and of itself deserves death. if i drop the packets, that doesn't do anything but relieve my poor apache server from processing the bad requests...meanwhile they are still eating my bandwidth...gggrrr...
you would think that any decent script kiddie (if there is such a thing) would be less obtrusive and at LEAST quit after a few attempts with the same attack over and over again faild misserably...
of course these are zombie boxes and i am only one person, so tracing is an almost impossible task...
you know...if it was someone with skill and they actually got in, i would probably be less mad because they at least have skill. this is some dickhead with his mommies 'puter trying to pretend he's l337.
asshole...
-frozen
for the past 5 days or so some idiot with a bunch of zombies has been pounding my poor little server. to make matters worse, the attack is a winblowz IIS attack. duh...like the idiot couldn't bother with fingerprinting my os (which of course will return my router's os) or even checking to see which webserver i run.
of course i'm running linux with apache in a chroot jail (as non-root user), so i'm not that worried (IIS attacks agains linux/apache...amature...), but he's still eating up my bandwidth...that in and of itself deserves death. if i drop the packets, that doesn't do anything but relieve my poor apache server from processing the bad requests...meanwhile they are still eating my bandwidth...gggrrr...
you would think that any decent script kiddie (if there is such a thing) would be less obtrusive and at LEAST quit after a few attempts with the same attack over and over again faild misserably...
of course these are zombie boxes and i am only one person, so tracing is an almost impossible task...
you know...if it was someone with skill and they actually got in, i would probably be less mad because they at least have skill. this is some dickhead with his mommies 'puter trying to pretend he's l337.
asshole...
-frozen
Uhm... (Score:1)
Once I found someone who was running a Redhat and his sendmail was wide open. I just left a message for "root", to ask what all this stuff was about. That must have been a script kiddie. Oh, well, I've been lucky so far. My apache logs show a lot of scripted attacks (as I say, most of which
Re:Uhm... (Score:2)
th eproblem has been finding the punk. the attacks seem to be automated, so trying to back trace these attacks is too time consuming for me at the moment. of course i'm working on it...b
Re:Uhm... (Score:1)
I just checked my logs: on average I get one worm-hit per 3 hours. (Assuming it are worms) So really you must be under attack. Since I don't know the nature of your line, why don't you just change your IP address? (renew the DHCP lease) Of course, if they're attacking based on your domain name, it's not going to help.
Did you piss off someone on slashdot or so? That would be a likely source from attackers
Re:Uhm... (Score:2)
i would change ip's, but it very well may be an attack against a block of ip's...not good if i stay with the same isp. i have to stay with my current isp if i want broadband...so...
the other problem is that i'm running my own domain including DNS. since my friends and i do primary and backup dns for eachother, both of our domains would go down for a bit until our changes propagated through the DNS system (not only would the records have to