Shop OBEX P1 Docs P2 Docs Learn Events
Trying to hack into a Spinneret (aka "really???") — Parallax Forums

Trying to hack into a Spinneret (aka "really???")

agsags Posts: 386
edited 2011-02-10 20:22 in Accessories
I had some debug logging enabled on on my Prop server, and noticed that one (or more) individuals had made numerous attempts (while spoofing the client address to be mine) to hack into my tiny little Propeller server. There's nothing on it! It's a uController!

The source of the User-agent was Romania (not that I would be certain of that either). The attempts were to acces //myadmin, //phymyadmin, //admin, and variations.

While I understand the motivation to solve a puzzle, or spar (intellectually) with an opponent, I was surprised to see than anyone found value in that exercise.

Beware what URI you post here....

Comments

  • Coder96Coder96 Posts: 42
    edited 2011-02-10 19:06
    Welcome to the wonderfull world of bots.

    I assume you were using port 80 or some other "normal" port. This would be normal.

    I'm 99.9999~ sure theres nothing intellectual behind it.
  • ZootZoot Posts: 2,227
    edited 2011-02-10 19:18
    Speaking as web development professional -- of course they were! The reason to find weaknesses in the webserver is generally not to deface your web pages, nor steal your code, or anything like that. There are basically only two primary reasons:

    1. Most common: figure out a way to upload a server side script to the web server. The script can then be used to send spam without tracking back to the sender. Or the script may deliver malware payload to the client browser. Or the script may be a repository or cache of stolen data (like leaving your stolen guns buried in a neighbor's yard, rather than your own).

    2. To see if there is data on the server of value; i.e. credit card numbers.

    In my experience looking at thousands of log files for this kind of nonsense, most modern webserver crackers seem to be based in Estonia or Romania. I have a colleague who flies to Romania monthly where he has teams of superb software programmers who work for $5-$15 hour. I pointed out to him that it is likely the same shops are also pirates and/or crackers of one kind or another, which didn't bother him (he could never afford to have his applications developed so inexpensively in the States).
  • $WMc%$WMc% Posts: 1,884
    edited 2011-02-10 19:41
    I too had someone try to hack my Spinneret.
    '
    I guess when you live in Romania this is the most exciting thing going.(pretty sad)
    '
    I have thought of the Spinneret as hacker fish bate.
    One Spinneret to fish them out and another to post their IP address on the net for everyone to see who they are.
    '
    It would be like a public service.
  • Phil Pilgrim (PhiPi)Phil Pilgrim (PhiPi) Posts: 23,514
    edited 2011-02-10 19:44
    $WMc% wrote:
    ...and another to post their IP address on the net for everyone to see who they are.
    What makes you think they're not using a proxy?

    -Phil
  • $WMc%$WMc% Posts: 1,884
    edited 2011-02-10 19:51
    What makes you think they're not using a proxy?

    -Phil
    '
    I had my Spinneret on a proxy at the time it happened.
  • Phil Pilgrim (PhiPi)Phil Pilgrim (PhiPi) Posts: 23,514
    edited 2011-02-10 20:00
    I'm not entirely sure what it means ot have a server "on a proxy". A proxy is usually a way of forwarding requests to a server anonymously. In any event, any client can disguise its IP address by using a proxy, regardless of how the server is configured.

    -Phil
  • agsags Posts: 386
    edited 2011-02-10 20:04
    OK, so my new URI is:

    http://www.freevalidcreditcardnumbersandporn.com

    Oh, and the port is sqrt(7)
  • agsags Posts: 386
    edited 2011-02-10 20:05
    I'm not entirely sure what it means ot have a server "on a proxy". A proxy is usually a way of forwarding requests to a server anonymously. In any event, any client can disguise its IP address by using a proxy, regardless of how the server is configured.

    -Phil

    The "attack" I saw was using my own IP address as it's address. That was pretty obvious.
  • $WMc%$WMc% Posts: 1,884
    edited 2011-02-10 20:15
    ags:
    '
    I like the new site name, Its like a treble-hook.
  • Phil Pilgrim (PhiPi)Phil Pilgrim (PhiPi) Posts: 23,514
    edited 2011-02-10 20:22
    ags,

    I'm not finding a whois entry for your domain, and I'm sure as hell not going to click on it before I do.

    -Phil
Sign In or Register to comment.