Jump to content

Welcome to Ain't No God
Register now to gain access to all of our features. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. If you already have an account, login here - otherwise create an account for free today!
Photo

Looking for sumthin?

- - - - -

  • Please log in to reply
3 replies to this topic

#1
Ungodly

Ungodly

    Has Equal Rights

  • Administrators
  • 20,712 posts
  • LocationInland Empire, California
One type of low grade attack used against this server several times per day relies on a script widely used by script-kiddie junior criminals and spammer felons. The script performs what is called a vulnerability scan by walking through every domain on a server looking for specific files or scripts that the evildoer knows how to exploit.

The most widely used of these kiddie scripts starts out by asking a server for a file it expects not to exist so that it can see how the server responds when a file is not found.  Since these dumbass script kiddies always start by asking for the same file they expect not to exist, it gives me an opportunity to perform certain behaviors based on that initial request.  The script in question always asks for a file named sumthin in the document root of a site, that's like the home directory of the webserver instance for that domain.

Once the script looks at the response to a request for sumthin it then compares this response to what it gets when it asks for the files it hopes you have so they can be exploited.

I decided to give them something for sumthin.  So now, any malevolent request for sumthin will receive a paragraph of text about the late George Harrison's song "Something".  They won't see the 404 response (404 is the HTTP response code when a requested file is not found), their script will not function as desired, and fuck them very much.

Try it:  http://aintnogod.com/sumthin

As Nelson Muntz of The Simpsons might say, "Ha Ha".

#2
FlatEarth1024

FlatEarth1024

    Advanced Member

  • Members
  • PipPipPip
  • 661 posts
So what do you think, Ungodly?  Are these parry-and-thrust endeavors into 'our' server the work of religious vandals bent on disabling your most excellent works of Ungodliness?  Or are they simply the work of acne-scarred nerdy teenage ne'er-do-wells who have nothing better to do than destroy everything they touch?

Have you researched this?  Do you think you are under specific attack due to your religious/political leanings?

#3
Ungodly

Ungodly

    Has Equal Rights

  • Administrators
  • 20,712 posts
  • LocationInland Empire, California
I'm absolutely certain that over 90% of these events are purely random.  They usually are searching for scripts that have never been here and which anyone familiar with the sites hosted here would not expect to be present.

There is one malicious individual in the EU who hates the operators of one of the sites we host here gratis, this person frequently attacks that site specifically, usually attacking an installation of phpBB software that I really, really, really, really wish the owner of that site would get rid of.   These attacks have often taken down this server and required me to reboot the machine remotely.  I'd love to prosecute the mother fucker, but the crimes he is committing are so minor that nobody would ever bother going after him, even if I did know who or where he is.

Typically this individual exploits computers he has hacked into, thus gaining control of those machines.  There are a nearly infinite number of vulnerable Windows PCs connected to the Internet.  I'll be long dead and buried before the day comes when there are no more Microsoft operating systems that can be hacked in under a minute.

One of the security enhancements I have added to deal with this attacker has thwarted his last few attacks.  I won't go into specific details in case the unit is reading this forum, but a process now running on this server is able to differentiate between normal usage and an attack, and it will stop the attack before I know it has started.  I've tweaked it based on the pattern of attacks coming from this person, and it has been very helpful.

I have never seen any indication that any attack here is based on animus toward myself or my websites, and I do not think that is the case.  I'm an extremely unimportant individual, few are less famous or notable than myself.

Among the sites hosted here are a number of Amazon Associate stores.  I do sometimes see attempted attacks that are based on the assumption I'm using a particular software script to run those stores, but the script I'm using is not the one these attackers assume it is, so these attacks  are always laughable failures.  I've also taken steps so that if a person did know what store software I'm using, they would not be able to access the administration interface because if they ask for the name of that page, it will not be found.  Nobody knows how I did that.

All in all, except for that one person who hates one of our guests, I feel confident I'm only being exposed to normal, everyday random scans for vulnerabilities.

In many ways I am actually running a real web hosting company here.  I perform all the same tasks as the owner of a real web hosting company would.  The major difference is that nobody has ever paid me one thin dime for hosting.  All of the sites hosted on this server that are not mine are hosted 100% free.  This is my choice.  I can afford it, and I want to do my part to help promote critical thinking and oppose all forms of religious affliction, especially Repugnicanism.

Now before you get all sappy and say "Wow, that's nice" or something like that, keep in mind, it's my hobby/avocation/calling.

Last night this server was subjected to a very intense vulnerability scan from another server in the same data center.  Because the attacking machine was hosted in the same building it did not have to traverse any Internet connection, allowing it to blast at full Ethernet speed, so it created a noticeable load on the server.  Within 2 minutes I had reported the event to the company from whom this server is rented.  Then the "Legal department" of Steve's Web Hosting sent a warning of possible federal prosecution to the owner of the other server. It was tongue in cheek, but it was fun.  That server will never connect to this server on any port using any protocol again. I made sure of that.  Have not heard back from them either.  Come to think of it, if they tried to reply to my message their SMTP server would fail to connect here.  Ha ha.

#4
lady

lady

    Advanced Member

  • Members
  • PipPipPip
  • 820 posts
Posted Image Go get 'em, ungodly.

I think what you are doing is soooo nice!! Posted ImagePosted Imagesap sap..


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users