Welcome to WebmasterWorld Guest from 18.104.22.168
Forum Moderators: phranque
Am I being overly dim, or unrealistic to think that we (the barraged) could respond to these GET requests by modifying our .htaccess files or error-responders to serve a bum default.ida (configure a mime-type) for each request that efficiently redirects and reverse-tracks these people? Is it worth the effort?
(Did some twelve year old already try this and figure out it wasn't workable? )
I don't see any slow-down in the requests for this file - so I figured I might as well return a response, as long as it's my money paying the bandwidth costs. ugh.
Any hacks for this?
Could the GET request from the abusive intruder to a valid found ida file (albeit not a real ida file, but an htm file)offer any security risks you can think of?
I guess I'm caught up in spirit of return fire <G>
I'd like to return the favor somehow. If even I returned a one pixel gif- I'd be out less bandwidth and no error log, right?
Further, I'd like to boot them out the door with a token of my appreciation.
Is it hot in here, or is it just me?
In a couple of weeks, I will start tracking those still scanning. May be we could share e-mail adresses lists?
Or better, include them in our "SugarPlum" lists?
I just uploaded an ASCII text file named default.ida that says:
**** THE CHINESE
Simple, yet elegant.
I wish *I* had nothing better to do than hack into other people's sites all day long. Instead, I'm responsible for keeping dozens of domains online and functioning. (Don't these kids have mothers?!)
I'll save my error logs for ya!
It's an automated worm. If one person releases it, it automatically replicates and spreads on it's own. The machines making the file requests aren't the hackers, they're 'victim' machines that have been infected by the worm.
<added>And I doubt the worm routine is set up to 'read' the content of your dummy .ida file... I seriously doubt any live humans are going to see it. ;) </added>
Hey! Hey! slack thoses testosterone pils, idiot"girl"! Whathever you will write on this TXT file wont affect the behavior of infected windblows servers. It will just free you error logs and relieve you banwith a bit. Better if any keep it short.
Lets give those guys owning infected servers a time to come back from vacations before saving anything.
If I was one of those viri autors, I could launch it from anywhere.
Have one of those icy code red drinks to turn down the heat.
Someday people will realise that the ennemy is in Redmont not in China.
My point is - is that the people who spread the virus, infecting - was it - winBlows?? - machines - have nothing better to do.
While my message won't be read by a human, most likely, I s'pose it's my response to "Hacked by the Chinese" and, therefore, posted in the same 'spirit' in which it was written, as such - I'm not going to worry about apologies. BTW, I see since posting an hour or so ago my error logs are... blank :)
Now, tell me again, dear vendor, why I should dump my prehistoric Unix box for a Windows server ??? (Wasn't Cleopatra bitten by an asp?)
Webmasters who still haven't cleaned up their servers yet, will not understand what you're talking about when you email them about the worm. If they don't know what a virus scan software is, and haven't heard of code red, why email them? I gave up notifying them after receiving some clueless replies!
I was getting hundreds and hundreds of requests. Now I'm getting about 30-40 per day.
I'm tired of the whole mess, frankly. Who do I send the bill to?
I found out about this when one of my clients called in asking why he had had a wierd message on his machine. He is indeed using Win2k Pro, with IIS installed to run a local host version of his site.
Theres also some good link to other related resources (news feeds, Apache/perl implementation etc.)
I think its quite neat, using the exploit in CodeRed to notify the infected party of their problem, and direct them to a solution
While the goal may be noble, you may take note of CR Vigilante's disclaimer:
I take no responsibility whatsoever for the use of this software or said software's effectiveness or lack thereof.Smart move, and typical of information on hacker/cracker web sites as a method to try and get out of legal responisiblity. :)