So despite banning most of the world beyond the United States, folks still try to break in to the web server…
Here is the web log from yesterday:
126.96.36.199 – – [29/Mar/2014:18:49:12 -0400] “GET /licensee-list.php?showall=etc/passwd HTTP/1.0” 403 249 “-” “-”
188.8.131.52 – – [29/Mar/2014:18:49:12 -0400] “GET /licensee-list.php?showall=on&licensee=etc/passwd HTTP/1.0” 403 261 “-” “-”
184.108.40.206 – – [29/Mar/2014:18:49:13 -0400] “GET /licensee-list.php?showall=/etc/passwd HTTP/1.0” 403 250 “-” “-”
220.127.116.11 – – [29/Mar/2014:18:49:13 -0400] “GET /licensee-list.php?showall=on&licensee=/etc/passwd HTTP/1.0” 403 262 “-” “-”
What is going on here is something is trying to get me to download the contents of my linux UserID and password file. It’s a very clumsy attempt and my defenses automatically stop it. The 403 is the “Security Violation” you may see places from time to time. It was caught on the first response. Because 4 attempts were sent within a second, three more arrived before the address was banned at the firewall, so now this web server is totally unreachable from this IP 18.104.22.168 (unless they get seriously more clever)
Now that I’m not spending time on testing desktop players, I have more time to fix things making this easier to deal with. I know an IP address, but until now I may not know much more and it was time consuming. In this specific case, reverse DNS lookup volunteered that this is a web server at a place called DreamHost. Web servers should not be accessing this server for data without permission, so I want to ban all web servers at Dreamhost.
So I created a brand new tool tonight
Based on that IP, I found out who actually controls it – and if I was so inclined to send an email to DreamHost to let them investigate if one of their customers did this on purpose or if their customer’s web server has been hacked and they don’t know it yet.
So now I can list on my resume that I have used JSON. I didn’t actually do anything other than copy/paste code and tweak it a little – but hey, if copy/pasting the first paragraph of Rosa Parks’ autobiography gets you an A- if you’re a college athlete, I think I’m entitled too!