Web Site Attacks Are On The Rise 281
Nicholas Roussos writes "According to recent numbers from 2004, website attacks are on the rise, and many of them are being performed by mischevious school kids. Some of their favorite targets include U.S. government and military websites."
Mischevious School Kids ooor Glac Elves!! (Score:2, Funny)
I couldn't help but notice that almost every site with a link in a slashdot article gets virtually nuked!
ther
Yes, Give us the Final 2005 vs 2004 numbers now! (Score:4, Insightful)
I assume you mean to complain the stats weren't published in January I guess. Your comment is modded funny, and this may have been your goal. If not, just who do you think should be busting his or her ass to get you this timely information. Somebody got around to looking at the trend and published it, and you seem to be bitching they didn't personally call you on New Year Eve with the final stats.
Chill.
I don't think that this is new though. (Score:5, Insightful)
According to recent numbers from 2003,
According to recent numbers from 2002,
According to recent numbers from 2001,
According to recent numbers from 2000,
Website attacks are on the rise.
I bet we see this in 2005 as well.
What would really be news if we saw website attacks decline.
Re:I don't think that this is new though. (Score:5, Funny)
I bet we see this in 2005 as well.
What would really be news if we saw website attacks decline.
There will be a decline ... cut-backs and all, we had to lay off a lot of script kiddies and the rest is being outsourced to East Velcro.
ub3r 1337 h4xx0rz (Score:2, Insightful)
Re:I don't think that this is new though. (Score:4, Insightful)
No kidding.
"This just in! Technology still advancing!"
Obviously website attacks are going to increase as the number of people with computers and access to the internet increases.
FRIST POST!!! (Score:2, Funny)
Careful! (Score:5, Interesting)
Re:Careful! (Score:5, Funny)
Re:Careful! (Score:5, Funny)
Re:Careful! (Score:4, Funny)
She's at 127.0.0.1, and trust me, she's got an absolutely impenetrable Firewall! I can't see a thing in there!
Maybe I'll try a DoS or some buffer overloads.
Re:Careful! (Score:5, Funny)
She sounds like a chick I'd like to meet! Bet I'd impress her by writing a virus and naming it after her.
Re:Careful! (Score:3, Funny)
She sounds like a chick I'd like to meet! Bet I'd impress her by writing a virus and naming it after her
I did it already... She wasn't impressed.
Re:Careful! (Score:2)
she takes care of her crew [ilovebees.com].
Then was Then, Now is Now (Score:3, Interesting)
Indeed, some good fodder for movies [imdb.com]
Re:Careful! (Score:5, Insightful)
Now, of course, a competent sysadmin would recognize a zombie PC on his network and would take steps to correct that, but under no circumstances should ISPs be held legally liable for that kind of stuff.
Common Carriers and "network harm" (Score:3, Insightful)
They CAN have their common carrier status and still be allowed/encouraged/required to pull the plug on computers that are doing "network harm."
Re:Careful! (Score:3, Interesting)
Grannie Jones doesn't need to run an IRC server (or any other server) on her home PC which she uses to collect emailed pics of the kids on.
At the moment ISP are Windows with everything open and enabled by default. They should be more like OpenBSD with everything closed by default and opened up by the user requesting the services.
The thing to do is (Score:3, Insightful)
For example - I had this host that kept sending me half-megabyte virus executables via mail. I identified the ISP as Netvision in Israel. I tried to contact them repeately. They did nothing to stop this - they did not contact the user, they did not disconnect the user, they did not block the user's ability to send mail, NOTHING.
In cases like this, then HELL YES I say hold the ISP accoutable - they have failed to hold th
Re:Careful! (Score:2)
Huh? So they would have to start acting like good citizens and report illegal (yes, most P2P traffic is illegal; that's why P2P is explicitly banned in most institutions around here) behaviour? I don't see what would be so wrong with that?
...except for the fact that it is physically impossible... What happens when (not if)
Re:Careful! (Score:5, Insightful)
Speaking as the owner of a very small ISP, this is very nearly imposible. How do you define "don't do anything about it"? Which ISP are you going hold liable? The one that sells bandwidth to the offending PC (IP address)? Or the upstream ISPs. What if the middle ISP is multi-homed? Perhaps some guy just left his WiFi open, and a neighbors infected laptop has latched on to it (I've seen this happen). Would the Open WiFi guy be the ISP in this scenario?
It is not just getting "ri-freakin-diculous", it has been pretty bad for quite a while now. With better and cheaper bandwidth becoming more and more readly avaiable the problem will continue to get worse. However the ISPs here are common carriers, they cannot (and I do not want then to) track ever IP packet that travels over their network.
Perhaps you could whip on the OS makers where the majority of these problems originate from?
Re:Careful! (Score:2)
Re:Careful! (Score:2)
If you buy service from the phone company do you want them telling you what numbers you can and cannot call?!?! Secure your system, the problem must be solved at the origin. If an ISP sees blatant abuse of its network then they can deal with it, but automatic and capricious shutdown of services because they "may" cause a problem is not the answer! (why not bl
Re:Careful! (Score:3, Insightful)
Food for thought..
Telephone companies are common carriers too. Most, if not all of them, have annoyance call bureaus to handle people receiving chronic crank calls and such. If a phone company can block and trace annoying calls for customers without losing cc status, why can't an ISP offer a similar service?
I know many hide their tracks via misconfigured proxies, but
Re: (Score:2)
Re:Careful! (Score:2)
Worst of all... (Score:5, Funny)
Re:Worst of all... (Score:2)
Yeah, but at least my website hasn't been attacked. But, then again, I only get like 300 hits a month (and 2/3 of them are from within my own network). Sigh...
Oblig. (Score:5, Funny)
No surprises there, then (Score:5, Interesting)
Re:No surprises there, then (Score:2, Interesting)
ISPs don't want to take responsibility. Well, that's not fair. Local/small ISPs are very good at this, while large ISPs don't seem to care what their users are doing.
I have reported a few people myself; hell, I tracked down one to an old address (they had moved a week before), but the ISP was not willing to do any work.
There needs to be some owning up by these ISPs. I'd also love to see some harsher penalties. Some of these 15 year old kids deserve to go to pound-me-in-the-ass pr
Re:No surprises there, then (Score:2)
Most ISPs do not want to spend the resources to fix what is essentially your problem. As long as the user is not doing anything illegal which would make the ISP liable it's not really their concern.
ISPs are not in the business of making sure your servers are safe.
Re:No surprises there, then (Score:2)
So how is this different than the {RI|MP}AA sending a list of logs to your ISP and demanding to know what users were transmitting those P2P packets?
You provided the ISP with factual information regarding an attack on your system. IMHO - what the ISP chooses to do a
Re: (Score:3, Informative)
Re:No surprises there, then (Score:2)
No, but I would expect the phone company's help in tracking down a serious offender, instead of just an automated "Thank you. We take these reports very seriously blah blah blah." (Never to be heard from again)
Re: (Score:2)
Re:No surprises there, then (Score:2)
All they have to do is call the owner and tell them that they have been compromised, and that they need to clean it up (like download, install, and run MS Antispyware, it's free). Then block all traffic from that PC's IP or MAC address, until the owner calls back and says they've addressed it, and t
Re:No surprises there, then (Score:3, Informative)
Because they want you to buy their busine$$ cla$$ service if you do all that stuff.
Re:No surprises there, then (Score:3, Funny)
Re:No surprises there, then (Score:5, Informative)
The worms were polluting my weblogs so badly that I had to set up conditional logging in Apache to send them to a seperate log:
Re:No surprises there, then (Score:3, Interesting)
I also have about 20MB per month worth of
Apr 25 15:30:08 localhost sshd[14642]: Connection from 209.58.101.239 port 47961
Apr 25 15:30:10 localhost sshd[14642]: User ftp not allowed because not listed in
choice quote by Reuters (Score:5, Insightful)
Couldn't that statement be applied to any subject?
Re:choice quote by Reuters (Score:2, Insightful)
In this case, all you need is access to a computer.
Re:choice quote by Reuters (Score:2)
Re:Article Text (Score:3)
400,000 attacks per year world-wide is a SERIOUS under-estimate.
Schoolboys? (Score:2, Interesting)
Re:Schoolboys? (Score:5, Funny)
Re:Schoolboys? (Score:3, Funny)
Re:Schoolboys? (Score:5, Insightful)
I don't know... I'd say that's a perfectly appropriate label for someone with such a weak philosophy that only through defacing someone else's words or information do they think they're communicating in a useful way. 15-16 year-olds are essentially twits, no matter what their fashionable political orientation. But it's clear that if cracking sites fits comfortably within the political system they do support, we don't really have to worry about hurting their poor, tender little feelings, do we? Boys, pre-pubescents, developmentally stunted... call them what you will, why should anyone care what they like (thus showing them any respect whatsoever) when their purpose, as deliberately shown through their actions, is to make a mockery of respect for anyone else? "Political opinion" indeed. I think "child's tantrum" is more like it, and that's not how you get someone to listen to your nascent ideology. Yup, schoolboys.
Which PR firm generated this story? (Score:5, Insightful)
Some would say that most news outside of the main NYT and others is generated by PR firms providiing "information" to reporters in the hopes of getting an article published. I would argue that the interesting thing about this "article" is not that the non-news it contains:
* website attacks are most commonly peformed by schoolboys
* attacks are on the rise
* attacks are commonly politically motivated
This "news" isn't new. Thus, who asked for the article or provided the info in it? Symantec, pushing antivirus software? Cisco, trying to induce worry about security in general and sell their more 'secure' routers? IBM, EDS, Siemens, or someone else, selling E-Commerce security software?
Being a critical reader is not just asking, "is this story true". Nowadays, it's asking, "Why was this story published?"
-- Kevin
Re:Which PR firm generated this story? (Score:2)
Re:Which PR firm generated this story? (Score:2)
In other news, the political motivation of schoolboys is on the rise.
Why was this story published? (Score:2)
Re:Which PR firm generated this story? (Score:2)
No, that just makes you critical. (And making a big fuss about it makes you pompous.)
Being a "reader" would involve, say, reading the FA and finding out the answer. Nowadays.
Re:Which PR firm generated this story? (Score:2)
Parent's high-modded comment takes its insightful thoughts from Paul Graham's essay The Submarine [paulgraham.com], which was recently discussed [slashdot.org] here on Slashdot.
"Why was this story published?" (Score:2)
Well, it would appear that this story was published because Zone-H put out its annual Web Intrusions Report [zone-h.org], the timing of which happens to coincide with a with a London information security exhibition, InfoSecurity happening April 26th-28th.
Now, as to whether this is FUD paid for by mysterious "who", I doubt it. The Zone-H website addresses their motives: BLACK OR WHITE HAT? [zone-h.org]. The conclusion is that it is "A creature without identity. A neutral ground where different IT security aspects can meet. 'The Swi
Government "control"? (Score:3, Insightful)
Explain to me, again, how school children can pose a serious threat to the United States government, and we still have the balls to declare war on a country in the middle east?
Re:Government "control"? (Score:3, Funny)
Timmy running some exploit he found on a site from 1999 isn't really on par with, say, the governments secret plan to infiltrate Slashdot, and discredit the community with dupes, mispellings, irrational arguments, and ads disguised as stories.
Re:Government "control"? (Score:3, Insightful)
Re:Government "control"? (Score:2)
Any other questions?
Re:Government "control"? (Score:2)
what does sex have to do with it? (Score:2, Insightful)
Sex on TV isn't near as bad as some of the other crap that gets put on there.
I'd rather be forced to watch porn than assaulted with the groupthink propaganda this god forsaken country spawns.
Don't think, believe.
Don't think, buy.
Don't think, kill.
For the record, kids have never had morals.
I know that's what everyone told me when I was growing up, and It's what my great grandfather told my grandfather when he was a kid.
"Web Site Attacks Are On The Rise" (Score:5, Funny)
Tsssss... What is the world coming to when people get attacked by web sites. I still remember when we could co to sleep and leave the computer unlocked.
Top 5 attackers (Score:5, Informative)
AIC - 166 defacements - 21.28% [srijith.net]
GForce Pakistan - 116 defacements - 14.87% [srijith.net]
Silver Lords - 101 defacements - 12.95% [srijith.net]
WFD - 59 defacements - 7.56% [srijith.net]
ISOTK - 17 defacements - 2.18% [srijith.net]
There's not more attacks... (Score:5, Insightful)
mischevious school kids? (Score:3, Funny)
Attack or Compromise? (Score:4, Informative)
Worth Noting -- it's not just Windows servers! (Score:5, Insightful)
Worse yet, the hacks have now turned to running perl or php from the command line on things in
1) Find exploitable site. (Again, with the number of insecurities in commonly-used programs like phpBB, or god forbid, the *Nuke series, this isn't hard.)
2) Upload perl script to
3) Run "perl [script name]" repeatedly to accomplish your goal.
We've again locked down our servers to prevent this, but unfortunately, we can't make this part of our default install because our customers like to run perl and php from
It's not just us, either... go to any forum where webmasters or hosting company owners congregate and you'll see this is one of the most common problems out there. Linux is no longer more secure as a web server... not when you factor in most of the PHP programs out there that people love, at least.
Re:Worth Noting -- it's not just Windows servers! (Score:2)
There's a fix in the wind... in the form of Mutex MPM [metux.de]
It hosts each website under its own user account rather than a catchall account like "nobody". This makes it possible to lock down your system much more so than before, and makes it much easier, when auditing after an intrusion, to determine who dun what.
It's really, REALLY a shame that this much-needed feature for
We've had a number of Linux compremiaes at work (Score:2)
Re:Worth Noting -- it's not just Windows servers! (Score:3, Informative)
225 single IP
352 mass defacements
Linux (67.2%)
Win 2000 (17.3%)
Win 2003 (6.8%)
FreeBSD (5.4%)
SolarisSunOS (2.3%)
Win NT9x (0.7%)
NetBSDOpenBSD (0.2%)
[other]... (0.2%)
Re:Worth Noting -- it's not just Windows servers! (Score:2)
In other news.... (Score:3, Funny)
Attacks (Score:3, Funny)
Script Kiddies (Score:5, Insightful)
Nowadays, if you don't protect your website from being hacked, you might as well expect it to be hacked. Maybe they should try hacking Argus systems Pitbull LX and win(?) money.
Attacks in general are up (Score:4, Insightful)
I think it's attacks period.
LogWatch is constantly telling me that people are trying to break into my servers via sshd or via ftpd.
The really sorry part is that since most of them take place from outside the US, I dont even bother to report it, since the ISPs wont do anything about it.
Re:Attacks in general are up (Score:2)
95% of the time, ssh hacking (attempts - but I use tcpwrappers to block) comes from china and the rest of asia.
so far, I just block ssh and telnet and mail from those geo's. but soon I'll just blanket block them. I run a very low traffic site (mostly my own domain) and so its no big loss if those other rogue geos don't get in.
Slashdot is constantly being attacked (Score:5, Funny)
Re:Slashdot is constantly being attacked (Score:3, Informative)
Websites run by inexperienced people... (Score:5, Insightful)
Concepts like 'rotate the log files or your disk will fill up & crash the site' or "Don't use FTP-- the passwords are sent over the Public Internet in cleartext" are beyond many of these website maintainers. Even many programmers who are great at project design, Object Oriented development, layout, etc. still miss these major issues.
It's no suprise that website attacks are on the rise-- the projects are being run by people who know enough to be dangerous, but don't know enough to run the project well.
[1] or good design, or simplified design, but that's another topic
Re:Websites run by inexperienced people... (Score:4, Insightful)
The Internet is airing the age old laundry of IT for the entire world to smell. And boy it stinks...
Re:Websites run by inexperienced people... (Score:2)
However, I think in the last couple years it has really spiked. There are all sorts of new 'dotcom'-type projects out there today which aren't being run correctly, many leftover projects from the dotcom bust, being run by a small staff.
Or maybe I'm just really starting to notice it
Hah! Smart enough? (Score:4, Insightful)
Agreed, VERY strong political opinions!... just usually not their own.
"Well, my teacher says Kerry is great because he likes *insert rapper here*", or "OMFG, EATING ANIMALS IS MEAN".
Most of their political opinions don't mean a thing. Not to say all kids are like this, of course.
Re:Hah! Smart enough? (Score:2)
"All the people on TV say Bush does a good job!" "My teacher said judges are activists nowadays*"
*heard in a classroom recently.
There will always be that kind of young idealism you seem to be decrying in your post, but the shift to the right under all things "anti-terror" in the teen community seems pretty damn real to me. Remember the "patriotic hackers" back when the war started? Wonder how old they were. I'm sure they're all college republicans now.
Shared hosts (Score:2)
All because shared hosts aren't root-caged properly. Seriously, this needs to change. But how?
From the article: (Score:5, Insightful)
Since when did intelligence become a prerequisite for having strong political opinions?
This is why... (Score:5, Funny)
Re:This is why... (Score:2)
Someone's gonna say it.... (Score:3, Funny)
Bring back the military draft! (Score:2)
Also the military is so high-tech with remote reconaissance and robo-planes, that their expertise would be welcomed.
Not to mention a current shortage of US soldiers.
(Watch those script-kiddies md this to -1000.)
phones?? (Score:2)
This smells bogus to me. The phones will presumably be shipped in some kind of fairly secure configuration, with nearly all services turned off.
How to solve the problem. (Score:4, Funny)
A black van screeches to a halt at the crosswalk that 13 year old Brody Seminuk is standing at, the side door opens and men in black ski masks yank him off the sidewalk and into the van, in full view of his friends. The van jackrabbits away from the curb and the interrogation immediately begins.
MIB: WHO ARE YOU WORKING FOR!
BS: What?! I don't have a job!
MIB: DON'T BULLSHIT US! WE KNOW YOU'RE WORKING FOR INTERNATIONAL TERRORISTS!
BS: International terrorists!? But...! But...!
MIB: Don't lie to us boy! We'll beat the truth out of you if we have to!
BS: I don't know any terrorists! What are you talking about!?
MIB: You tried 32,812 times to break into www.edwards.af.mil!
BS: Oh shit!
Van stops in an underground parking garage, where Brody is shoved into a new van, with new interrogators.
MIB: WHO ARE YOU WORKING FOR!!
BS: I'm not working for anyone! I don't know any terrorists!
An old, battered van that has "Ed's plumbing" written on the side stops briefly and Brody is pushed out the back door, wearing only his underwear.
Friend 1: Dude, are you alright? We thought you were going to die!
Friend 2: They didn't rape you or anything, did they?
Brody: Got any money? I need a cab home.
Friend 1: Yeah, yeah, I have about $12.
Brody: call me a cab then.
Friend 2: What was that all about anyway.
Brody: Don't hack into Edwards. They really mean it.
Friend 2: You mean Edwards AFB?
Brody: Yes.
Friend 2: Um, what's that smell?
Brody: Shut up and dial.
Thanks for the newsflash (Score:2)
Come on, this was news? Website attacks are STILL GOING ON... performed by KIDS? Announcing that the earth was still round would have been more surprising.
Re:Build a better operating system. (Score:2)
Re:Build a better operating system. (Score:3, Insightful)
Geez, that's as useful as saying that in order to prevent drunk driving fatalities, the Amish should all have chaffeurs. The problem isn't the language of the OS. Yes C doesn't have all the nifty security features of C# or Java, but that's not the problem. The problem is that most of the time script kiddies are using other languages to exploit an OS written in C. If the OS was written in C#, there would still be the same issue if the programming was
Re:Build a better operating system. (Score:2)
One of the good things about C is that it IS compiled. A bit harder for a script kiddie to poke bytes into the binary so it does what he wants, instead of editing a plain-text script.
C works for operating systems. Get over it.
Re:man it sucks (Score:2)
Re:man it sucks (Score:2)
No where in my post did I justify the behaviour of the site hackers/defacers...nor did I condemn it. My point was that this type of behaviour is typical throughout human history, and that a cautious person will take account for such a possibility. (e.g. patch, repatch, and patch again your networked servers!)
Re:That's what I call (Score:2, Insightful)
Re:That's what I call (Score:2)