Subject: Re: Attemted Theft of Services via FTP
From: Zeke Runyon (zrunyon@mac.com)
Date: Fri Mar 01 2002 - 21:24:06 MST
Not to turn this into a "talk about all yer attacks on yer box", but I
just want to throw in one.
I had really really bad Apache HTTPD configuration, allowing 150
MaxRequestsPerChild or so. I didn't pay much attention to that when did
the conf file (I had based it largely on the server my website was
hosted on, a superstrong superfast Solaris box). One day, my internet
connection seems verrry slow. I look at my hub and the light to my linux
box is blinking like crazy. I go into the apache logs and find that some
guy from Europe (on EOL) was requesting an 8mb mp3 every second or so,
for an hour!
I learned my lesson and went back to the configuration file.
Are these things some sort of bot or something? The IP address went
strait to the biggest file hosted and downloaded it a couple 100 times.
Once I had my configuration file only allowing 5 MaxRequestsPerChild, I
still had strang european IPs going strait for the big mp3s and
downloading them as much as they could.
I hate hackers (or bots, or script kiddies, or whatever the hell it was)
:::
# Zeke Runyon, zrunyon@mac.com
# web: http://communistsquirrel.home.dhs.org/ (formerly zekeworld)
# linux: http://gloin.dyn.dhs.org/, email: zekemon@gloin.dyn.dhs.org
# PGP key fingerprint = 7084 3BA2 9BC3 9024 2840 F0AF B9F4 37EB 827E
6A7D
# ( i am ZEKE, squirrel king, lord of woodland fauna ! )
This archive was generated by hypermail 2a24 : Fri Mar 01 2002 - 21:38:26 MST