Trying to hack into a Spinneret (aka "really???")

ags

I had some debug logging enabled on on my Prop server, and noticed that one (or more) individuals had made numerous attempts (while spoofing the client address to be mine) to hack into my tiny little Propeller server. There's nothing on it! It's a uController!

The source of the User-agent was Romania (not that I would be certain of that either). The attempts were to acces //myadmin, //phymyadmin, //admin, and variations.

While I understand the motivation to solve a puzzle, or spar (intellectually) with an opponent, I was surprised to see than anyone found value in that exercise.

Beware what URI you post here....

Coder96

Welcome to the wonderfull world of bots.

I assume you were using port 80 or some other "normal" port. This would be normal.

I'm 99.9999~ sure theres nothing intellectual behind it.

Zoot

Speaking as web development professional -- of course they were! The reason to find weaknesses in the webserver is generally not to deface your web pages, nor steal your code, or anything like that. There are basically only two primary reasons:

1. Most common: figure out a way to upload a server side script to the web server. The script can then be used to send spam without tracking back to the sender. Or the script may deliver malware payload to the client browser. Or the script may be a repository or cache of stolen data (like leaving your stolen guns buried in a neighbor's yard, rather than your own).

2. To see if there is data on the server of value; i.e. credit card numbers.

In my experience looking at thousands of log files for this kind of nonsense, most modern webserver crackers seem to be based in Estonia or Romania. I have a colleague who flies to Romania monthly where he has teams of superb software programmers who work for $5-$15 hour. I pointed out to him that it is likely the same shops are also pirates and/or crackers of one kind or another, which didn't bother him (he could never afford to have his applications developed so inexpensively in the States).

$WMc%

I too had someone try to hack my Spinneret.
'
I guess when you live in Romania this is the most exciting thing going.(pretty sad)
'
I have thought of the Spinneret as hacker fish bate.
One Spinneret to fish them out and another to post their IP address on the net for everyone to see who they are.
'
It would be like a public service.

Phil Pilgrim (PhiPi)

$WMc% wrote:

...and another to post their IP address on the net for everyone to see who they are.

What makes you think they're not using a proxy?

-Phil

$WMc%

Phil Pilgrim (PhiPi) wrote: »

What makes you think they're not using a proxy?

-Phil

'
I had my Spinneret on a proxy at the time it happened.

Phil Pilgrim (PhiPi)

I'm not entirely sure what it means ot have a server "on a proxy". A proxy is usually a way of forwarding requests to a server anonymously. In any event, any client can disguise its IP address by using a proxy, regardless of how the server is configured.

-Phil

ags

OK, so my new URI is:

http://www.freevalidcreditcardnumbersandporn.com

Oh, and the port is sqrt(7)

ags

Phil Pilgrim (PhiPi) wrote: »

I'm not entirely sure what it means ot have a server "on a proxy". A proxy is usually a way of forwarding requests to a server anonymously. In any event, any client can disguise its IP address by using a proxy, regardless of how the server is configured.

-Phil

The "attack" I saw was using my own IP address as it's address. That was pretty obvious.

$WMc%

ags:
'
I like the new site name, Its like a treble-hook.

Phil Pilgrim (PhiPi)

ags,

I'm not finding a whois entry for your domain, and I'm sure as hell not going to click on it before I do.

-Phil