The war goes on…

So despite banning most of the world beyond the United States, folks still try to break in to the web server…

Here is the web log from yesterday:

69.163.187.112 – – [29/Mar/2014:18:49:12 -0400] “GET /licensee-list.php?showall=etc/passwd HTTP/1.0” 403 249 “-” “-”
69.163.187.112 – – [29/Mar/2014:18:49:12 -0400] “GET /licensee-list.php?showall=on&licensee=etc/passwd HTTP/1.0” 403 261 “-” “-”
69.163.187.112 – – [29/Mar/2014:18:49:13 -0400] “GET /licensee-list.php?showall=/etc/passwd HTTP/1.0” 403 250 “-” “-”
69.163.187.112 – – [29/Mar/2014:18:49:13 -0400] “GET /licensee-list.php?showall=on&licensee=/etc/passwd HTTP/1.0” 403 262 “-” “-”

What is going on here is something is trying to get me to download the contents of my linux UserID and password file. It’s a very clumsy attempt and my defenses automatically stop it. The 403 is the “Security Violation” you may see places from time to time. It was caught on the first response. Because 4 attempts were sent within a second, three more arrived before the address was banned at the firewall, so now this web server is totally unreachable from this IP 69.163.187.112 (unless they get seriously more clever)

Now that I’m not spending time on testing desktop players, I have more time to fix things making this easier to deal with. I know an IP address, but until now I may not know much more and it was time consuming. In this specific case, reverse DNS lookup volunteered that this is a web server at a place called DreamHost. Web servers should not be accessing this server for data without permission, so I want to ban all web servers at Dreamhost.

So I created a brand new tool tonight

Based on that IP, I found out who actually controls it – and if I was so inclined to send an email to DreamHost to let them investigate if one of their customers did this on purpose or if their customer’s web server has been hacked and they don’t know it yet.
banning-example
So now I can list on my resume that I have used JSON. I didn’t actually do anything other than copy/paste code and tweak it a little – but hey, if copy/pasting the first paragraph of Rosa Parks’ autobiography gets you an A- if you’re a college athlete, I think I’m entitled too!

This entry was posted in Uncategorized. Bookmark the permalink.

5 Responses to The war goes on…

  1. Art Stone says:

    If you look closely at the right side, the actual name of this server is “bandar”

    That might mean absolutely nothing, but since I asked a question in a Washington times story comment why Saudi Arabia is run by unelected rulers… So if a van parks across the street now, I may know who is inside 😉

  2. Nidster says:

    “bandar” could be owned by China, or it could be owned those folks who used to live in the sandy deserts, but who know live in ultra-modern, air-conditioned, Ivory towers that your petrol dollars paid for. — By the way, let’s ban all that ‘frackin’.

  3. CC1s121LrBGT says:

    This war goes on too- this is a short but excellent read…. things they don’t teach you in the government run schools:

    http://2ndlook.wordpress.com/2011/06/09/the-war-on-drugs-a-2ndlook/

    • Art Stone says:

      Add to that the little tidbit that many common legal pharmaceuticals are now produced in India. The line between legal and illegal can be pretty hard to see. Even today, people are still consuming significant quantities of unlicensed Dihydrogen Monoxide in this country without a prescription.

Leave a Reply