Author |
Topic |
|
The Balance Of Judgement
Senior Member
Ivory Coast
1006 Posts |
Posted - 19 Jul 2003 : 07:01:00
Yah, some script kiddie is running attacks on my server so if it's slow or something, that's why.Oddly enough the person is using the same ISP as me so I just sent a report in with the log from the server so that should get his sorry ass booted. He tried sending WebDAV requests, corrupted characters and tonne sof the scripts to get access to cmd.exe. Well I don't use stupid MSooser products so at least his attacks will be anythig ng but serious. Just damn annoying because he's clogging up my server logs. |
maclover5
LC Doctor/Hot Rodder
Australia
5830 Posts |
Posted - 19 Jul 2003 : 07:14:29
Great to hear that he can't attack you...yet another reason to use Macs as servers! But yes, it would be nice to see his sorry ass get kicked."**** em" - Jobs in regards to customers Warrior maclover5 68kMLA Official 68kMLA Detective Number of 68ks Liberated: 7 Number of Contraband (PPC) Liberated from the Dumpster: 1 |
The Balance Of Judgement
Senior Member
Ivory Coast
1006 Posts |
Posted - 19 Jul 2003 : 07:19:32
The recent challenge hackers had for hacking sites, not one was a mac that they busted into.AIX, Solaris UNIX, Windows, but no Mac.
|
markie
Starting Member
Netherlands
38 Posts |
Posted - 19 Jul 2003 : 09:37:13
Well, these 'worms' clog up serverlogs as well... Code Red, Nimda, those kind... they're not necissarily hackers, most of the time just ignorant people setting up a MS IIS-server and don't patch it... Just a random example out of my logs... 217.199.104.130 - - [18/Jul/2003:20:09:34 +0200] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 849 217.199.104.130 - - [18/Jul/2003:20:09:34 +0200] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 849 "-" "-" 217.199.104.130 - - [18/Jul/2003:20:09:35 +0200] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 849 217.199.104.130 - - [18/Jul/2003:20:09:35 +0200] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 849 "-" "-" 217.199.104.130 - - [18/Jul/2003:20:09:35 +0200] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 849 217.199.104.130 - - [18/Jul/2003:20:09:35 +0200] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 849 "-" "-" 217.199.104.130 - - [18/Jul/2003:20:09:36 +0200] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 849 217.199.104.130 - - [18/Jul/2003:20:09:36 +0200] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 849 "-" "-" 217.199.104.130 - - [18/Jul/2003:20:09:37 +0200] "GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 290 217.199.104.130 - - [18/Jul/2003:20:09:37 +0200] "GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 290 "-" "-" 217.199.104.130 - - [18/Jul/2003:20:09:38 +0200] "GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 290 217.199.104.130 - - [18/Jul/2003:20:09:38 +0200] "GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 290 "-" " ************************* http://mark.is-a-geek.org/ a Classic II, a LC475, a Quadra 800 and some other hardware :-) almost finished... http://geektechnique.org/ :-) ************************* |
~tl
Junior Member
United Kingdom
312 Posts |
Posted - 19 Jul 2003 : 10:16:29
i hate hackers ... since they f***ed with fmboard (now MacBoard) i really couldnt care less if they burn in hacker hellOrcadian MLA Division 68ks Liberated: 2 |
Commodore64
Starting Member
Sweden
47 Posts |
Posted - 19 Jul 2003 : 18:35:43
`grep cmd.exe httpd-error.log` returns about 257 lines for me. Should be a bit lower if people could just patch their servers properly..
|
cory5412
68KMLA Comrade-in-Arms
USA
4679 Posts |
Posted - 19 Jul 2003 : 20:05:41
WOW...I'm glad that I never sent an intrikit Weaver running Windows out into the world!!! I'm even scared of sending linux machines out now??? Mac OS X server to the rescue!!! Official 68k videographer Official MLA TourGuide "I'm just a normal computer geek who somehow landed a social life" I have alot of posts... if you don't like it than I don't know what to say. |
The Balance Of Judgement
Senior Member
Ivory Coast
1006 Posts |
Posted - 19 Jul 2003 : 21:49:24
Most of these hacks cory are meant for IIS, so most of the web software is safe from these specific hacks. This hack uses malformed URLS to gain access to the command prompt via a web interface, using the cmd.exe as a cgi/script program.There are a few places you can learn about it. The other server software are suseptible to other more intense hacks that only experienced hackers use. So, most Windows platforms that use IIS get hit by what they call "script kiddies" because there are automated programs that do it. Oh well.
|
cory5412
68KMLA Comrade-in-Arms
USA
4679 Posts |
Posted - 19 Jul 2003 : 22:25:30
yes tBoJ...I know my way around server software... yeah... the problem with my IW and server software was that I was using IIS... I never really had intended to use the IW with windows... but it almost happened :! anyway... I do know what you're talking about and I have seen that kind of stuff before... there's threads about that all over the MLA. Official 68k videographer Official MLA TourGuide "I'm just a normal computer geek who somehow landed a social life" I have alot of posts... if you don't like it than I don't know what to say. |
The Balance Of Judgement
Senior Member
Ivory Coast
1006 Posts |
Posted - 20 Jul 2003 : 01:14:38
eepI never wanna hear **S mentioned again! This is a Mac place, name that name and you be mutilated and dismembered for life! Viva la 68K!
|
maclover5
LC Doctor/Hot Rodder
Australia
5830 Posts |
Posted - 20 Jul 2003 : 04:41:06
HAR!™I know IIS is evil, but remember guys, this place runs off it! "**** em" - Jobs in regards to customers Warrior maclover5 68kMLA Official 68kMLA Detective Number of 68ks Liberated: 7 Number of Contraband (PPC) Liberated from the Dumpster: 1 |
The Balance Of Judgement
Senior Member
Ivory Coast
1006 Posts |
Posted - 20 Jul 2003 : 11:18:48
I'll be lenient on you Mac Lover, but say it again and dismembered you will be! It runs in my blood ya know.
|
thequietman
Junior Member
Canada
127 Posts |
Posted - 20 Jul 2003 : 16:44:34
What, leniency or dismemberment? --------------------------------------------- I want to be unique just like everybody else.
|
maclover5
LC Doctor/Hot Rodder
Australia
5830 Posts |
Posted - 20 Jul 2003 : 17:51:35
HAR!™ How dare you be responsible for the dismemberment of a highly respected moderator! *Gets out LC/Performa Stick of Justice, stands, and waits patiently*"**** em" - Jobs in regards to customers Warrior maclover5 68kMLA Official 68kMLA Detective Number of 68ks Liberated: 7 Number of Contraband (PPC) Liberated from the Dumpster: 1 |
The Balance Of Judgement
Senior Member
Ivory Coast
1006 Posts |
Posted - 20 Jul 2003 : 19:52:22
Unless that's a boomerang you can't touch me, I'm in Canada your across the globe.Boomerangs are cool, only thing is you gotta watch out it doesn't swat ya on the way back.
|
cory5412
68KMLA Comrade-in-Arms
USA
4679 Posts |
Posted - 20 Jul 2003 : 20:35:23
heh... I'm happy with Apache in OSX... or MacHTTP if I really need to use it on an older mac Official 68k videographer Official MLA TourGuide "I'm just a normal computer geek who somehow landed a social life" I have alot of posts... if you don't like it than I don't know what to say. |
The Balance Of Judgement
Senior Member
Ivory Coast
1006 Posts |
Posted - 20 Jul 2003 : 21:43:20
machhtp is a horrible program. It doesn't fully support aliases, which Quid Pro and StarNine do, plus even the other free ones like NetPrezence and Pictorius.machttp requires each individual file to be aliased. So if you had a root folder of 50 items you want to mirror temp., you have to make 50 aliases in a folder. One of the products like Quid Pro did have a free version, not sure what version.
|
cory5412
68KMLA Comrade-in-Arms
USA
4679 Posts |
Posted - 20 Jul 2003 : 21:52:38
eyah... well the reason I'm not using my iisi with MacHTTP is because I need to run a forum... which makes a more modern OS than OS7/8/9 and software like php, mySQL and apache more effective....My plan is to run Mac OS X 10.2 Server on a Blue/White G3... it'll have php, mysql, apache and "whateverelse" OSX server has. Official 68k videographer Official MLA TourGuide "I'm just a normal computer geek who somehow landed a social life" I have alot of posts... if you don't like it than I don't know what to say. |
The Balance Of Judgement
Senior Member
Ivory Coast
1006 Posts |
Posted - 21 Jul 2003 : 00:23:08
Well AUX can run a server software capable of forums. Just that if you get too many hits on the server or database requests it could slow down, but 32bitwonder.org is running sweet as pie on a LC III and it has php and all the bells and whistles. So, nothing is out of the question just yet.
|
markie
Starting Member
Netherlands
38 Posts |
Posted - 21 Jul 2003 : 03:04:03
Well, I *really* don't think you want to run a forum on a 68k... Don't get me wrong, I have 2 running projects, netBSD on a chipped LC475 and A/UX on a Q800, both 68040/33. The plan is to make the LC475 a 'webserver' but only for fun and very light tasks. As for 32bitwonder.org, that indeed is very impressive, but a lot is done in your browser (no offense) and it doesn't run off A/UX, but Linux if I'm not mistaken. But I don't believe you could run anything like a forum on there (or on a 68040 for instance).As a proper 'obsolete' webserver I use a SGI Challenge S R5000SC 180mhz with 192mb and Apache, MySQL, PHP, the whole lot and that runs beautifully :-) Anyway, I think going with Apache, MySQL and PHP is fine and then it doesn't matter on what kinda machine. My votes go to a non-x86-architecture machine. (I ran NetBSD on a 32bit Sparc before, runs great!). ************************* http://mark.is-a-geek.org/ a Classic II, a LC475, a Quadra 800 and some other hardware :-) almost finished... http://geektechnique.org/ :-) ************************* |
maclover5
LC Doctor/Hot Rodder
Australia
5830 Posts |
Posted - 21 Jul 2003 : 03:06:48
Heh, it's hard to find something an old LC can't serve over the net. "**** em" - Jobs in regards to customers Warrior maclover5 68kMLA Official 68kMLA Detective Number of 68ks Liberated: 7 Number of Contraband (PPC) Liberated from the Dumpster: 1 |
The Balance Of Judgement
Senior Member
Ivory Coast
1006 Posts |
Posted - 21 Jul 2003 : 04:00:15
No, you wouldn't but technically it can be done, but as soon as you have too many people going online then it gets really slow.But it can be done.
|
maclover5
LC Doctor/Hot Rodder
Australia
5830 Posts |
Posted - 21 Jul 2003 : 05:41:26
Good point. You'd never have one hosting, say, apple.com. But for the smaller stuff, it's fine. "**** em" - Jobs in regards to customers Warrior maclover5 68kMLA Official 68kMLA Detective Number of 68ks Liberated: 7 Number of Contraband (PPC) Liberated from the Dumpster: 1 |
cory5412
68KMLA Comrade-in-Arms
USA
4679 Posts |
Posted - 21 Jul 2003 : 09:03:26
yeah... for something like Genecomp.NET I'm sure that a 68k would be fine... and even MacHTTP if it weren't for the fact that i want to run a forum on my 68k...I've been told that MacHTTP will run a forum... but I'd need a little bit of help with this.. if I could find my Mac IIsi I might also need some guiding light in getting that to run "whatever" a BSD, or A/UX with php and/or mySQL.. and... like everyone has said... it'd be able to do it... but it'd be really slow... even under a "light" user load.. but with me... nothing is a light load if I could have a forum hosted NOT on my TiBook (I run a thing cccalled "PersonalForyum" on my PowerBook)(it's PHPbb) I'd probably be accessing it from 3 different computers... and like 3 different browsers just on this one that's one of the reasons that a G3/G4 computer makes sense as my server... even the 7300 strained being a CLIENT to my TiBook... how would that work out if it were to be my server? Official 68k videographer Official MLA TourGuide "I'm just a normal computer geek who somehow landed a social life" I have alot of posts... if you don't like it than I don't know what to say. |
maclover5
LC Doctor/Hot Rodder
Australia
5830 Posts |
Posted - 21 Jul 2003 : 16:24:23
More RAM? "**** em" - Jobs in regards to customers Warrior maclover5 68kMLA Official 68kMLA Detective Number of 68ks Liberated: 7 Number of Contraband (PPC) Liberated from the Dumpster: 1 |
Macinrock
Starting Member
USA
13 Posts |
Posted - 24 Jul 2003 : 22:11:08
being a "hacker" is the most retarded thing ever. hacking died in the eighties, and it was even stupid back then.-=-=-=-=-=-=- x mac-core x |
cory5412
68KMLA Comrade-in-Arms
USA
4679 Posts |
Posted - 24 Jul 2003 : 23:06:59
I consider myself to be a curios system administrator... partially because that's what I am... I manage my and my brothers' computers... remind me to fix his computer tomrrow Official 68k videographer Official MLA TourGuide "I'm just a normal computer geek who somehow landed a social life" I have alot of posts... if you don't like it than I don't know what to say. |
The Balance Of Judgement
Senior Member
Ivory Coast
1006 Posts |
Posted - 25 Jul 2003 : 00:15:36
Hacker is slang and a stereotype.Actually for a moment it makes me think of those spchyco killers that uses axes and hack people. Perhaps a more proper title is at hand? Like how the correct term for Zombies is "Living Impaired"
|
maclover5
LC Doctor/Hot Rodder
Australia
5830 Posts |
Posted - 25 Jul 2003 : 01:21:02
quote:
being a "hacker" is the most retarded thing ever. hacking died in the eighties, and it was even stupid back then.-=-=-=-=-=-=- x mac-core x
Agreed. These days it seems that anyone with a good working knowledge about computers is classified as a "hacker", and geeze it pisses me off! "**** em" - Jobs in regards to customers Warrior maclover5 68kMLA Official 68kMLA Detective Number of 68ks Liberated: 7 Number of Contraband (PPC) Liberated from the Dumpster: 1 |
G4from128k
Full Member
USA
873 Posts |
Posted - 25 Jul 2003 : 03:59:20
quote:
Yah, some script kiddie is running attacks on my server so if it's slow or something, that's why.He tried sending WebDAV requests, corrupted characters and tonne sof the scripts to get access to cmd.exe.
It is too bad you can't give that haker faked access to cmd.exe and send back a corrupt bit of code that gives his machine a hardcrash. I say honeypot him in acid.G4From128k by Day: Mild-Mannered Engineer and Trapeze(tm) Artist by Night: Colonel of Truth, Justice, and the Macintosh Way Reserve Officer in 68kMLA Cantankerous Coot Contingent
|
The Balance Of Judgement
Senior Member
Ivory Coast
1006 Posts |
Posted - 25 Jul 2003 : 04:48:40
Sadly I can't since my server software knows this is a known attack and in the log it states that the access method is not allowed.So, I can't give him a falsie. If I could, I'd give him one of those fake Dos programs, one of the older shell scripts you could run in dos. I'd limit it to user privledges and watch him fussle over it.
|
cory5412
68KMLA Comrade-in-Arms
USA
4679 Posts |
Posted - 25 Jul 2003 : 10:35:15
hmm.... that sounds like something I'd like to setup on my server... hard-crash hackers in their tracks!Cory5412 - The HackerTracker would MacOSX' apache work with that? Official 68k videographer Official MLA TourGuide "I'm just a normal computer geek who somehow landed a social life" I have alot of posts... if you don't like it than I don't know what to say. |
The Balance Of Judgement
Senior Member
Ivory Coast
1006 Posts |
Posted - 25 Jul 2003 : 10:54:36
On a sidenote after sending an abuse report to my ISp the attacks have stopped. I would love to see the look on his face when he turns on his computer and finds out he has no net and has the dreaded "lock" signal red on his modem.There is an online program where you can have automated transmission of firewall/server logs for analysis, and they contact ISP's and generate reports as to where attacks come from etc. Sadly I lost that site a while ago, but it was neat how at any time of the day you could see the country where most attacks came from and the cities it was narrowed down to.
|
cory5412
68KMLA Comrade-in-Arms
USA
4679 Posts |
Posted - 25 Jul 2003 : 11:06:06
lol... I forgot, where was the 'internet speedometor' ? I remember the night that MSSQL was having problems with hackers... virtually the whole internet went down... MLA included, My server however! was running fantastically! debian linux is great it was in january I'm certain... that was the monthy my server was up Official 68k videographer Official MLA TourGuide "I'm just a normal computer geek who somehow landed a social life" I have alot of posts... if you don't like it than I don't know what to say. |