Just had to harden my server some more. I have now set up an account with an easily guessable username and password who’s login shell is a script which:
A. Sends me an email with the IP the attacker is from
B. Drops the attacker into a chrooted shell.
Anyway, a recent script kiddie left behind some files, most of which were long lists of usernames and passwords, while others were lists of IPs which had been portscanned on port 22. A few files were executables, which were apparently used to hack more machines. One of them was called “ssh”, and when I ran ./ssh, I got this:
./ssh <cate pizde sa incerc…>
I thought this must be some internationalized version of SSH. But when I tried to run ./ssh localhost, I got this:
Toata dragostea mea pentru diavola!!!!!!
I had seen this message before, in my apache logs:
72.252.209.134 – - [10/Jan/2009:04:27:44 -0800] “GET HTTP/1.1 HTTP/1.1″ 400 344 “-” “Toata dragostea mea pentru diavola”
72.252.209.134 – - [10/Jan/2009:04:27:45 -0800] “GET /roundcube//bin/msgimport HTTP/1.1″ 404 340 “-” “Toata dragostea mea pentru diavola”
And this:
147.83.113.228 – - [13/Jan/2009:23:50:47 -0800] “GET HTTP/1.1 HTTP/1.1″ 400 344 “-” “Toata dragostea mea pentru diavola”
147.83.113.228 – - [13/Jan/2009:23:50:48 -0800] “GET /mantisbt/login_page.php HTTP/1.1″ 404 339 “-” “Toata dragostea mea pentru diavola”
147.83.113.228 – - [13/Jan/2009:23:50:48 -0800] “GET /tracker/login_page.php HTTP/1.1″ 404 338 “-” “Toata dragostea mea pentru diavola”
147.83.113.228 – - [13/Jan/2009:23:50:49 -0800] “GET /bugtracker/login_page.php HTTP/1.1″ 404 341 “-” “Toata dragostea mea pentru diavola”
147.83.113.228 – - [13/Jan/2009:23:50:49 -0800] “GET /bugtrack/login_page.php HTTP/1.1″ 404 339 “-” “Toata dragostea mea pentru diavola”
147.83.113.228 – - [13/Jan/2009:23:50:50 -0800] “GET /support/login_page.php HTTP/1.1″ 404 338 “-” “Toata dragostea mea pentru diavola”
147.83.113.228 – - [13/Jan/2009:23:50:50 -0800] “GET /bug/login_page.php HTTP/1.1″ 404 334 “-” “Toata dragostea mea pentru diavola”
147.83.113.228 – - [13/Jan/2009:23:50:50 -0800] “GET /bugs/login_page.php HTTP/1.1″ 404 335 “-” “Toata dragostea mea pentru diavola”
147.83.113.228 – - [13/Jan/2009:23:50:51 -0800] “GET /mantis/login_page.php HTTP/1.1″ 404 337 “-” “Toata dragostea mea pentru diavola”
147.83.113.228 – - [13/Jan/2009:23:50:51 -0800] “GET /login_page.php HTTP/1.1″ 404 330 “-” “Toata dragostea mea pentru diavola”
Great. Now I have script kiddies trying to crack things that I don’t have installed, and they are using my server to portscan and hack other servers. Seriously, script kiddies, I know you’re not reading this, but GTFO my server.
Update: to see how script kiddies operate, I recommend you read this.
Posted
May 17th, 2009 in Uncategorized |
No Comments »
The server is currently at 85 days, 10mins of uptime as of this post. I am going for 100. Hopefully, there will not be a >1hour power failure, or a software crash (there never has been). I will be going for 200 days of uptime after this. I’d also like to thank the Debian team for a rock-solid OS.
Update: A live tracker is up: http://mattventura.net/uptime
Also, mattventura.net has a folding@home team (team 161515). The team will hit 100,000 points in a few days. I hope to pick up a few members to speed up the team. The team, in it’s current state, will hit 1,000,000 points in about six months. Anyone who wants to join is welcome. If you contribute, I will give you a link back to your site on a page on this site that will list all the contributors to the team (currently only me).
Tags: debian, server, uptime
Posted
May 10th, 2009 in Uncategorized |
No Comments »
Posted
May 3rd, 2009 in Uncategorized |
4 Comments »
If you want to install Debian on an external drive, you can follow these instructions. THis has the advantage of being portable and persistent, and works for hard drives and flash drives.
Read the rest of this entry »
Tags: debian, linux
Posted
April 4th, 2009 in Uncategorized |
No Comments »
Just Installed Debian on my laptop again a few days ago. Already upgraded to sid repos. I like the new network-manager. I’ll post if anything new comes up.
Tags: debian, linux
Posted
April 2nd, 2009 in Uncategorized |
No Comments »
The server, over the past two weeks or so, has gone through some upgrades. First of all, it now has a third hard drive in its RAID 1 array. Secondly, it now has a third ethernet card, an Intel Pro/1000. This card is connected directly to the NAS used for backups and it is a Gigabit card while the other two cards are only 100mbit cards, so backups should be much faster. Third, it has been upgraded from SDRAM DDR 333 non-ECC RAM to SDRAM DDR 400 ECC. This should provide for extra speed and reliability. Lastly, the server now has backup power. It is powered by a 2U APC Smart-UPS, which is 1400VA/1050W. It also powers some network equipment, including a switch, a router, and a NAS.
The next upgrades are increasing the capacity of the RAM, getting another Gig-e NIC, getting some SATA drives, and a new PSU (I really don’t think 290W is going to cut it after many more upgrades).
Posted
February 18th, 2009 in Uncategorized |
No Comments »
I made a stylus that works on laptops and an iPhone for less than a dollar and a watch battery. Read for instructions.
Read the rest of this entry »
Tags: DIY, iphone, stylus
Posted
December 9th, 2008 in Uncategorized |
5 Comments »
Well, I got a new server today. Here are the specs, compared with the old server:
|
old |
new |
| CPU |
2.4GHz |
2.8GHz @ 3.0GHz |
| Memory |
2GB |
512MB |
| Hard drive |
2×40GB |
2×40GB in RAID 1 |
|
|
|
Posted
December 7th, 2008 in Uncategorized |
No Comments »
Unlike previous versions of Ubuntu, which, in order to make a persistent liveUSB, required partitioning, installer bootloaders, copying files, etc, 8.10, which comes with a convenient USB installer program on the LiveCD that creates a no-hassle, no partitioning, persistent liveUSB. This seems like it would be the perfect solution to creating a portable, free environment. However, on two different USB drives (one of which is usually fast), 8.10 (installed through the liveUSB creator) runs extremely slow. It takes about 3-5 minutes to boot, and about 30 seconds to load programs like Firefox 3. Scrolling and typing is extremely slow in all programs, almost to the point where it is completely unusable. Is 8.10 more bloated and slow than previous releases?
The reason I think it is running slow is that with older versions (with the complex methods of doing persistent USB installs), changes were committed on shutdown. In 8.10, they appear to be committed instantly. This I/O increase may be slowing it down.
I have thought about making a cut-down version of 8.10, as I have done this with previous versions to make it fit on smaller flash drives. Does anyone know why it is this slow, and if there is any way to speed it up? Is the solution just to use the old method?
Tags: 8.10, linux, ubuntu, usb
Posted
November 22nd, 2008 in linux |
1 Comment »
Seeing how inconvenient the whole tethering process is, I decided to simplify it with these scripts. You will probably want to keep the SUID bit on these, or use sudo and set it up to not ask for a password for this command. Be sure to replace wlan0 with your wifi interface.
Read the rest of this entry »
Tags: Linux iPhone tether
Posted
October 2nd, 2008 in linux |
No Comments »
