Kuro5hin - Bitter and Hopeful

On Sunday night, the popular geek news site Kuro5hin.org was the victim of a denial of service attack that involved the abuse of their news submission queue and comment system by an unknown cracker. While the identity of the cracker or crackers is still not known, the all-volunteer Kuro5hin team is busy going through access logs, portscan information and other information to find out who caused the problem. In light of the attack, Kuro5hin was shut down today with a message telling their fans why they needed to take the site down. I spoke to some of the Kuro5hin staff to get some answers: How did it happen, and is there a light at the end of the tunnel?

Dylan Griffiths, known to Kuro5hin users as Inoshiro, gives us the sysadmin play-by-play:

"This started on Sunday night. Basically, I had been over at a friend's place, there had been a storm watch, and he's a ham radio guy. He's a member of Canwatch, which is a volunteer ham radio thing you can do once you get a license. We were out driving around all afternoon. We got home, watched some TV, and dropped me off at home. At that point it was pretty late and I was about to go to bed. Normally, I would just go to bed, but I sat in front of the computer to check out Kuro5hin, and I noticed that there were about nine stories in the moderation queue. I thought that was a bit odd, because we normally get one or two stories at a time, and they get voted on, so they either show up or disappear quickly. I went to the submission queue, and I saw one or two stories posted by people with handles, and the rest were all Anonymous Hero. I initially thought that perhaps some fellow had decided to post a few things on Sunday night so it would be there for Monday morning, because weekend traffic is about half of our weekday traffic. I figured I would just delete the extras. The subject lines for the submissions were all just random strings of text. I didn't know why that would be, so I deleted a couple of them, and noticed that a couple came back. So, I logged into the server and I was going to see if I could block the garbage submissions. I also logged into the IRC channel to see if anyone knew what was going on. That's where people told me about a user named Kano, and how he was angry that his story was voted down so quickly. In the interest of getting the facts, I wanted to block what was going on, and get more of the story. I blocked it, fired off a couple of mails to [Kuro5hin creator] Rusty (Foster), and talked with some of the guys on IRC because on the whole, they're nice people. Kuro5hin has a great bunch of people that helped me and Rusty through this. We talked about it, and one of the channel members mentioned that the machine the attacks were coming from looked like it had a bunch of ports open. When I traced it through the whois database, it was a part of a server farm in a hosting company. So, you'd think they'd only have web, and maybe ssh and telnet open for admin purposes, and everything else would be centralized, because that's what you do when you have 400 machines."

The team leaps to action

Inoshiro continues, "Rusty joined the chat on Sunday night, and the IRC channel users banded together. We banned two subnets, and the channel people helped us clean up the submission queue. The box on one of the subnets we banned was obviously cracked. In addition to ftp ssh and http, they had sunrpc open, nfs, mysql and irc. So, besides the obvious fact that mysql should be open like that and the Sunrpc services, irc is something you don't see on a webhosting farm. I don't think the spammer expected us to block him quite so quickly. It took me about 40 minutes for me to block him because a router between me and k5 went mad and was giving me 3000ms latency. It was the first time I'd actually had to do it. Once it was blocked, that's when the channel helped us clean up. Then, within 20 minutes, it started coming in again. That one was blocked within about ten minutes, and that was a proxy server. Everything else since then has been cracked boxes.

"I got it down to the point where we would see five scroll by, and when we got to the end, I basically ignored everything else I was doing, and blocked submissions as they came in. It wasn't until Monday night that the router between myself and k5 stopped giving us incredibly high ping times.

"I went to bed, and I slept in a little bit. I got up, joined the channel. Since I finished school earlier this month, I talk to people in the channel in the morning because most of the people I know are asleep or have a job. I've been sort of looking for employment recently, but I've been spending a lot of time working on k5. I usually talk to them in the channel, because Rusty was gone for two weeks and I was the only admin around. I'd been spending more time just talking to people. We had a bit of a chat, a few people proposed ideas about who they thought might have done it. Nothing was really resolved. Then I noticed that there was more stuff coming in the queue. I contacted Rusty at work, and he joined the IRC chat, and we talked about it. We spent Monday getting some of the scoop developers to disable anonymous story submissions, then we added logging to a bunch of things. Basically, Monday was the day when we were babysitting k5. The poster would switch their submission to a new cracked box. I was watching the output of the log and ipchains the subnet, look up the person responsible, and cc: it to Rusty. The people Rusty used to work for, intes.net, offered legal support. They've been really great about it because even though Rusty doesn't work for them anymore, they were still hosting the box until we get it all moved."

On Tuesday, the system abuse continued not only in the submission queue, but also in the commenting system used by readers to share their feelings or concerns about news items that Kuro5hin posts throughout the day.

More from Inoshiro: "I mailed [Slashdot Founder] Rob (Malda) on Tuesday morning, and I wasn't sure how he'd take it. Usually his replies are given out with as few words as possible. After a couple of replies, we were sending 8 or 9 paragraphs back and forth all day. He suggested a few things, and Rusty said he didn't realize it could have gotten that bad so quickly. My buddy from Sunday came over, and I watching Kuro5hin and he was helping me set up networking booting with an OpenBSD box I have here. It was ten o'clock, and we went to watch The Simpsons. While we watched, the guy had just been spamming the server more. he started spamming about fifteen minutes after we went to watch The Simpsons. How could someone do this? This is like proving a windshield is made of glass by smashing it."

So, at three in the morning at the Villa Hotel in San Mateo, Rusty Foster, Kuro5hin's creator, replaced his website with a black page telling the story of the denial of service attacks. I got a chance to speak to Rusty today while he was in his office at OpenSales.

Rusty said, "Today I'm bitter and hopeful. Yesterday I was bitter and depressed. It bothers me a lot, is the best I can put it."

The fact that Kuro5hin is entirely volunteer-run, added to the fact that they've got an active IRC presence and die-hard fans, lends itself to community building. People read Kuro5hin, post comments, and share their feelings and criticisms with people around the world. In the end, the Kuro5hin staff is resolved to not let the misguided destruction of one incident destroy the community they have built from the ground up.

"I think that we will get the site back up," Rusty said. "It will not be entirely the same as it was before. Anonymous access is gonna go. That's all there is to it. There's a place for anonymous access and I'm all for free speech, but there's also got to be a place for real people who will stand up and identify themselves, more or less. We're not even asking for identities, we're asking people to create a pseudonym and use it. Slashdot pretty much has the market cornered on free and open access, and I'm a lot more impressed now with the crap you put up with."

I'm aiming for a month. I'm leaving in August to go to Italy, and then immediately after that, my sister's getting married. I won't be back here with reliable access until the middle off August. There are a bunch of great developers that work on the code, and I'm going to put together a list of things that need to be done. Knowing them, they'll probably do most of them. Whatever remains, I'll do when I get back, and then we will re-launch amid great fanfare. I got a lot of great E-mails from people supporting the site, and a lot of them supprting my decision to close it until we've taken care of the problem, and I would like to thank them collectively for all their support, making me feel better, and inspiring me to actually get the site back."

Update: 07/26 08:59 PM by CT : Just wanted to throw my 2 bits in... VA Linux Systems is gonna help with some hardware since the Kuro5hin system really was strugglign to keep up with their existing hardware. That doesn't address the spam attacks which we've also spent quite a bit of time discussing. I'm personally finding this really interesting since I've gone through it all with Slashdot over the years, and seeing it done to someone else with the benefit of hindsight and experience is quite interesting. The frusteration you feel when something you work so hard on is screwed with by troublemakers is hard to describe: especially when you're just a volunteer. Slashdot wouldn't have survived that stage without help from a lot of people... Best of luck to you guys, and I hope to see ya pull through this.

Re:Another one (better?)

[talonyx]

I have been skooled.
You have learned me the haiku.
I will try harder.

....

Kuro5hin is gone
To rally its defenses.
Wait in eager hope.

Re:Kuro5hin - what Slashdot could do to help

We want to HELP k5, not steal what makes it different...

OT: Interbase docs

[Dacta]

Interbase documentaion is available from ftp://ftp2.interbase.c om/pub/products/beta6.0/ib_b60_doc.zip

It's in PDF, from memory.

Re:Kuro5hin - what Slashdot could do to help

[MrBogus]

Back in the distant history of slashdot, there was an NSA story with an AC who claimed to have worked in sigint.

A few "Company X is going down, I know because I work there" posts, but otherwise you're right.

Of course, the difference between "MrBogus (173033)" and Anonymous Coward is 1 point and a whole lotta nothing.

Re:Hope

[Hentai]

Heh. Yet another illustration that humans, in general, are far more concerned with making other people suffer than in bettering themselves. After all, it's FUN to hurt people and break things! ;)

Re:Whatever Help They Need..

[Hentai]

So let's do something. Have 'em hand over transcripts of their server logs; I've got a full-on Tiger team (not for employ, and they're not all on one team; they're my friends - but they damned well know what they're doing) - let's sift through this crap and find the bastards. While we're at it, anyone who's able to, let's sift through the source code to their site and figure out how to keep crap like this from happening WITHOUT killing the freedoms that sites like this offer.

Heck, why stop with open-source, distributed-development software? Let's go for distributed-development network infrastructure and policing as well. This was obviously perpetrated for purely malicious purpose and for no good reason, so let's find the bastards and show them what for.

Re:TM ain't everything

[ufdraco]

Ummm... not exactly: mod_virgule is an apache module written in c, not perl.

But otherwise, you're basically right--they are all GPL so anybody who thinks they can do better are free to do so.

Re:Y'all betta listen up!

[Anonymous+Freak]

Amen, brother Lethargy!

I fully agree with Mr. Moore's implied statements. I'm still planning to vote for Gore (as he assumed) but now, at least, I will be sure to vote. (Before, it was going to be just 'if I have time'...) While some of the moderators believe that your comment is a troll (I *DO* have to agree with the two that think it offtopic, even if it *IS* good...) I found it very enlightening.

Hey, not all trolls are bad trolls... ;-)

Tracking them down?

[Fastolfe]

I see that they've noticed a number of cracked boxes used in the attacks, but if *I* were the victim of something like this I would be on the phone in a second to the people running the networks of these cracked boxes. An on-going attack like this is typically very easy to spot from a network point of view, and with some competant admins, you can go from there straight back to the source.

I mean it may take a few times (if the box is vulnerable, sure there's an increased likelyhood of a lack of clueful administration) before you'll find someone that can help you, and if they're bouncing between multiple hops, it'll mean coordinating or conferencing phone calls, but it CAN be done.

The reason script kiddies get away with shit like this is because nobody ever takes the time and effort to track them down and prosecute. Since nobody does it, the l33t0 hax0r kiddies figure they're invincible and keep right on doing it.

The tools DO exist to track them down. There's always a trail if you can just find admins willing to help you every hop of the way. Given the nature of the attack, he's probably using the cracked machines solely for their unique network addresses, not as a means of hiding his identity. Given the number of such hosts, it should have been trivially easy to find SOMEONE willing to track this asshole back to his ISP.

Re:Tracking them down?

[Fastolfe]

Yah, I guess this is a good point. First priority is getting stuff working again, but if you're a company that's adequately staffed, you should have enough people to put on the task of tracking him down.

Re:Tracking them down?

[theBOPfromH*LL]

When I was first the victim of an attack, I felt the same way. I was sure that the unavoidable tracks that are left would enable me to find and punish the culprit.

In reality, however, I was faced with a serious limiting factor: there are only twenty four hours in a day. Perhaps with unlimited time and resources, I could have succeeded. But I was already overworked before the attack.

In the case of a dos attack however, it has to continue in order to work. With realtime monitoring and the cooperation of federal law enforcement, it might be possible to catch someone who didn't know when to quit.

Re:deja vu

[DAVEO]

two words: jona & kano

Re:Crackers should be hunted down - Not a Flame Ba

[lcracker]

I for one would rather have "14 year old morons" trying to crack my site than someone who actually knows better. If an amateur can get into your stuff, you've got problems. If we didn't have these kids screwing around with our websites (and helping us evaluate our security, in a roundabout and annoying way), the experienced (possibily paid off by the competition) could come along and take down/hack/etc whatever they wanted with hardly the blink of an eye. If you can't lockdown when a script kiddie comes along, you're screwed. Granted, k5 is a volunteer site etc etc, they shouldn't need to setup tight security, but thats the world we live in, and its not going to change.

Slashdot deciding on what is right and wrong isn't really a good idea. News is (ideally) unbiased. News != Opinion. Of course, this is never true and any account of anything is inherently biased in some way, but there are levels of bias and slashdot is fairly unbiased imho (other than linux/opensource issues, of course ;)

Clear rules as far as reporting goes brings us closer and closer to the orwellian nightmare of 1984.

Kuro5hin does allow anonymity

[mbrubeck]

In fact, Kuro5hin encourages anonymous browsing and posting. Anonymous messages on Scoop sites like K5 are posted under the username "Anonymous Hero." Both stories and comments can be posted anonymously, though only logged-in users can vote in the polls and moderation queue.

Re:Kuro5hin does allow anonymity

[Rombuu]

You must have missed the bit in the story where he said he was getting rid of anonymous posting.

Re:Kuro5hin - what Slashdot could do to help

[PotatoNO]

Agreed.. k5 refered to 'the other guys' but it was never all that harsh.. It was a little friendly competition. Slashdot is a big dog, you've gotta expect k5 to give them shit when they can.

Re:Glasscode/Half-Empty

[nebby]

Heh. 100,000 line that is (always good to come off like a moron in the first few words :))

Since I'm already posting this, might as well add some more info. It's running Java 1.1 servlets (JServ/Apache) with MySQL.

That's all :)

Re:I guess you're kinda new here.

[swdunlop]

I disagree. The source of the proposition is integral to the amount of trust I am willing to invest in the research, effort and integrity of that proposition, in an environment where I may not have access to all the data and rules applicable.

In other words.. Get a face, get a name, don't hide behind AC's skirts.

Re:About using *so* many cracked boxes...

[Melkman]

>Isn't the MAC address also in an IP header?

No, it's in the ethernet header. And only if
the source is on the same segment as the target.

>Is that spoofable?

Yes.

Re:Y'all betta listen up!

[The+Ape+With+No+Name]

Umm. I don't think Ben Franklin ever held an elected position. Then again, Dubya hasn't either.

Re:I got a solution

[Signal+11]

Why do the cracked boxes need more cracking?

Did I mention anything about hacking those boxes?

Post the IP's of the cracker, not the cracked boxes.

False. Post the IPs of both so we can contact those admins and slashdot them with requests to fix those systems to stop the DoS, and then pressure the authorities to get involved.

You, 11223, jump to conclusions far too quickly. Not only that, but your posting history seems conspicuous to say the least... troll.

Re:Kuro5hin - what Slashdot could do to help

[civilizedINTENSITY]

start by banning ACs I would have argued with you before trying to moderate. ACs seem like a way to be inclusive and bring in fresh and new ideas. Yet I was astounded at what I saw at -1. The waste. Most definitely less than uplifting.

"K5 Troll" Script ; "Slashtroll" no longer exists

(posting this here because nobody would see it otherwise)

Apparently this script was used to spam K5, and the guy that created it has a web site, although it offers no explanation on WHY they did this. Maybe having the script will help you block it. The address of the script was posted as another anonymous message in this thread.

He claims he was inspired by Slashtroll, a similar script for trolling Slashdot. The author of Slashtroll (zk65) removed the program after seeing what happened to K5, and posted a message here.

Implementing a trust metric for kuro5hin

[sugarescent]

I think this was metioned in the other story, but it's such a good idea that it bears repeating here.

How about making kuro5hin based on a trust metric?

Here's how it might start out. rusty and Inoshiro and a few trusted other (perhaps loyal kuro5hin readers) would start off as the web of trust. As people begin to submit stories and get them moved to the front page, they can get "moderated" up to be trusted to submit reasonable stories. Perhaps as people gain trust, they can have their stories moved to the front page faster. Presumably, these same people would eventually be included in the trust web and extended "moderation" privileges. And soon you would have enough people that the load would be distributed evenly.

Of course, there could also be an increasingly (exponential) penalty for submitting crap, eventually cumulating in the banishment of the user/IP from submitting stories for some amount of time. If the banishment is not for all time, then the trust would have to be slowly extended back to this person. This would hopefully prevent cyclical occurences of spammation.

I think this preserves the idea of kuro5hin, allowing the community to decide what gets posted, while limiting the community to something reasonable. The same idea could even be applied to comments as well, to prevent people from screwing the comment queue as well.

Thinking of it in Slashdot terms, for those of you who are die-hard Slashdot fans, the trust web is akin to karma.

I really miss kuro5hin. This was the first idea that popped into my head for fixing things.

What do people think?

Re:Implementing a trust metric for kuro5hin

[sugarescent]

Have you seen Advogato? They do exactly this.

That's kind of where I got the idea from. :)

Re:Implementing a trust metric for kuro5hin

[eries]

Have you seen Advogato? They do exactly this. I think it would be swell to see that technique expanded to other sites.

This is kinda funny

[^chuck^]

Now I am kinda "new" here [coming up to a year]. Now if I look at my user id number its 131444. If you look at his its 1219. Any idiot can do the math and realize that 130225 users registered in between me and him. What this means, even to someone "new" like me is that he has got respect, repect that an AC does not have. He also has corrabarating evidence. You have none, NONE!!! Do you understand that?

But really, leave reasoning to people who are capable of it. For now, just repeat after me: If somebody with a nick says the sky is green, and an AC says it's blue, the guy with the nick is still a moron and the AC is still right, regardless of which statement is associated with which name.

He can reason better than you can. Your empirical anylsis has one major flaw which cannot be said enough, because you don't seem to listen: NO EVIDENCE, nothing, in fact all evidence suggests the opposite. I am in no way saying malda, roblimo, or anyone is god/deserves more respect than another human. But when everything points towards /. and kuro5hin getting along like friends, especially with kuro5hin current page providing links to discuss on /., claiming a viewpoint like this is just dumb.

Not done yet...

You also claimed in your original post that /. and kuro5hin were "competitors" of somekind. How so? /. is up there with sites like arstechnica ZDnet and C|net. Kuro5hin is a hobbiest site done in its spare time for chrissake. They've even said on the blackout page that they are considering moving the focus to nicks only to avoid DOS attacks, and you are posting as an AC here. Ha! That's just funny.

I'll go now

It's not the links

[edremy]

I have this problem frequently. /. simply won't respond for 10-15 minutes. When it does it's glacial- a minute or two to load a page with ten comments.

Intermediate links? They're all fine: pings and traceroutes go through without problems in tens of milliseconds. It's just /.- it's by far the least reliable site I visit often. (Phillynews.com is a distant second.)

Eric

Staggering irony department

[edremy]

And of course, I had problems posting that last message. Clicked submit, waited a few minutes and got a half-finished page without any notification about it being posted.

Check again: well it got posted. Decided to write this message. Took 3 attempts to get the post comment page, and so far at least one failure to post...

Sigh

No, it's obvious you're an idiot.

[bkosse]

No proof. No evidence. No reason for believing something other than you have a personal gripe against /. for some reason.

I note you're afraid to stake *ANY* name behind what you say.

What Slashdot could do to suck? No thanks.

[Plasmic]

"Kuro5hin and Slashdot have traditionally been enimies"

This is the largest fallacy you could purvey to the readers of this forum. This is entirely untrue. The phrasing of your statement implies that Slashdot (the company & the group of people that run it) somehow dislike Kuro5hin. This, among many other conspiracy-theory rumours, has been propogating throughout Slashdot for quite a while. However, it's been smacked down repeatedly by Slashdot authors and posters alike.

"it's time for Slashdot to take the lead again"

Your argument that Slashdot should implement a drastic change simply because it needs to "take the lead" is ludicrous. You don't make change for the sake of making change. You don't change things because there's a "new, more shiny feature" available.. you change it if that shiny feature is inherently better than the "old way." I think it's safe to say that Rob's perfectly pleased with the "old way," as are many Slashdot readers (myself included).

"Now it's time for Slashdot to provide a community post board."

I don't want another level of meta-discussion. I don't want to have to moderate the articles posted and I don't trust the average Slashdot reader with the responsibility of moderating article submissions. I trust Rob and the general direction he provides to his staff to give us a high level of interesting content on the web site. Note that I'm not addressing accuracy or timeliness of article postings.. because I don't think these issues are as unmanaged as some poeple would like you to think they are. I read about 10x the number of articles linked from Slashdot than I do on the average news site (e.g. CNN.com). Why does this matter? Because, even if an article is a hoax (like SETI PCI cards), it's often is interesting to read. And if you think that the level of hoax-ish articles or "this isn't news for nerds" articles will decrease by implementing this open submission queue, please allow me to go get you a clean needle. The only reason Kuro5hin was remotely handleable was because it hadn't become large enough to attract the troops of fools that Slashdot had gathered.

The level of clue on Slashdot has dropped exponentially for the last several months (at least). I don't care about all the morons who post on Slashdot. I can ignore them even when browsing at -1.

But, I don't want them picking the stories I read.

Other sites in danger as well

[Artie+FM]

Looks like this script kiddie is turning his attention on to other sites using scoop as well.
Although I didn't see any problems on it earlier this week, Scoop.kuro5hin.org has been under attack all day.
--
Be insightful. If you can't be insightful, be informative.
If you can't be informative, use my name

Yahoo DOS today?

[mister-e-dog]

This may be slightly off-topic but I haven't been able to access www.yahoo.com for almost twenty-four hours. I first thought it might have been a Mozilla M16 bug but the same problem occurs with Netscape ,Lynx and Konqeror.
I couldn't find any news items about a Yahoo dos today.
Just my isps dns?

Re:Anonymous Twits

[toddstock]

Otherwise known as a "Clue-by-Four", or just a big, heavy stick!! Actually I am a 6'0" 295 lb sysadmin with a bad attitude, but my LART is actually a 2' length of 7/8" coax cable with a stainless barrel connector at the end damn, knew I should post more, submitted with the wrong passwd...hehe

Re:Open letter to Rusty

[aphrael]

I don't have Rusty's email address, but I would also be willing to donate.

Additionally, I intend to be unemployed for a couple of weeks in August, and would happily volunteer time to do grunt coding work, etc, if they need it.

Robert West
aphrael@nospam@burble.org

Re:Kuro5hin - what Slashdot could do to help

I personally have made at least five posts in the last year or so with information that I would not have been able to pass on if I could not be an AC. Most recently this included the 5-day exchange server outage at the large company that I work for, which was due to bugs which Microsoft will never own up to in public. I don't know if my posts were "informative" or "interesting", but I do know they would probably terminate my current employment if they were traced back to me. I also know that they contain information that needs to be passed on to the world, and I can't do that if I'm not an AC.

Also, originally registered users who admitted they were moderators lost their moderator access, so it was necessary to post discussions of moderation as an AC. This hasn't been enforced for a while, though, as far as I can tell.

...signed, Anonymous Coward (of course)

Re:(OT) Anyone noticed Cryptome is down too?

[ethereal]

I saw an article earlier (possibly on Wired?) that cryptome was also suffering from a DOS attack.

Re:Irony (OT)

[Woody77]

I've notice that refresh seems to work

For me, I've noticed major issues with the slashdot.org address. If I manually switch the link to slashdot.com, I get an instant reponse, and about twice the speed at loading the page, before IE decides to take an hour processing the HTML for display... (still faster than Netscape, though, only reason I use it).

My connection is a T1 to UUNET, and it's normally a VERY empty T1 at that. Late at night, west coast, about 1-2 people sharing the T1 with me...

Re:What a resentful little whiner you are.

[unitron]

"Slashdot was a cool site until kids like you started flaming and wandering off-topic all the time"

That's what an AC had to say about user #1219. Next he'll probably say Linux was a great OS until that Torvalds guy got involved.

Re:K5 Troll 0.1

[itachi]

True. Although shouldn't a responsible developer develop the POC, notify the authors af the bug, and maybe even offer up a patch? Preferably before releasing the POC code to anyone who asks? But I did make an invalid assumption, and it is just a tool. And to answer your side note, /. should be able to pull IPs from server logs. Unless the commentator goes to an _awful_ lot of trouble. Or is running through a proxy.

itachi, who spoke too soon. But is still curious as to motivation...

Re:Y'all betta listen up!

[Scurrilous+Knave]

Why don't you pick on the computer industry and start doing some muckraking on the extremely low quality of commercial software?

Actually, Nader is doing just that--one of his latest projects is Appraising Microsoft; their appraisal has been mostly negative, and that includes the quality of MS software, or rather the lack thereof. Nader's web site, Essential Information, covers a lot of areas, but rear-engined cars aren't among them. As for the Corvair, Nader happened to be right--I almost died in a Corvair spin-out. But that's ancient history; do you also still bemoan the South's failure to win an immediate victory in the US Civil War?

Re:Kuro5hin - what Slashdot could do to help

[Kurt+Gray]

I'm guessing you're trolling, which yo've been known to do, but I'll bite anyway.

Calling slashdot and k5 "enemies" is immature schoolyard drivel. Many of the people I work with know/love kuro5hin and read it often.

Rob explained several times that Slashdot's submission queue is not open because trolls (ahem) would turn it into a game. There however several hidden forums where you're free to create your own and post anything you want.

Re:Kuro5hin - what Slashdot could do to help

AC's are pointless.

It's not like my username gives anyone any details about me. It is anonymous. The only reason for an AC is make it easier/quicker when you can't be bothered (or to avoid moderation flack).

ACs don't allow two-way conversations. Usernames do. ACs are pointless.

No a whole lot you can do about this.

[ACK!!]

Once this kind of nonsense starts there is not a whole lot one can do about it except damage control and putting your servers back up one by one.

What I don't understand is this. Somebody out there with real coding and sysadmin skills actually takes the time to write the scripts these numbnuts use. Who actually gives these buggers their code?

Just wondering.

Re:Open letter to Rusty

[Segfault+11]

I'm sure he gets plenty already...

Re:Haiku

[fsck]

I'm not ?

Hope

[KeyShark]

I hope they can get it up soon. Damn script kiddies.

Re:Y'all betta listen up!

[inkydoo]

Umm, I'm pretty sure Governor of Texas is an elected position. Otherwise, I want to know what I was voting for on that ballot.

Haiku

[talonyx]

Kiro5hin is down
Evil Scr1pt k1dd3s must
Pay for what they did.

Re:Haiku

[Threed]

Stuck in the office,
Fighting off scripted attacks.
Someone's gonna pay.

Packets on the wire,
Had to come from someone's desk.
Pray we don't find you.

Script Kid in The Chair.
One volt for every packet.
I feel better now.

--Threed-Looking out for Numero Uno since 1976!

Re:Haiku

[talonyx]

You must write haiku's,
Should you wish to reply to
These silly comments.

Your syllables were
Out of order, but yet I
Feel your sentiment.

Re:Haiku

[Sith+Lord+Jesus]

Phat. Especially the last one about using The Chair. Two thumbs up, dude. Here's my pathetic contribution:

DOS attacks traced to

Lamer bratz.

Release the hounds.

Everything except

[kuro5hin]

I agree with all of this except the comments about fluffy grue and spiralx. They were both very good members of the K5 community. Yes, they have both trolled here, which sucks. I'm pretty sure fluffy stopped. Anyway, neither of them, to my knowlege were ever conspiracy-prone types, and overall, these are not the people we should be worrying about. But yes, other than that, hear hear.

--

Re:Everything except

[Dr.+Sp0ng]

I agree with all of this except the comments about fluffy grue and spiralx. They were both very good members of the K5 community.

And spiralx was a very good member of Smokedot as well, until the DSL connection died for about three weeks. I haven't seen him back there since.
--

Re:Everything except

[spiralx]

I've been there since it came back online, but my new job means I'm in a lot more closely packed office - having "SMOKEDOT" come up in big letters at the top of my screen is more attention than I really want :)

Do still read it at home when I get the chance though. It's a good site with some nice articles.

Re:Everything except

[Pascal+Q.+Porcupine]

I know you were sticking up for me, rusty; I'm responding pseudo-directly to all the people who have been pointing fingers at me as having "DDoSed Slashdot" and making the implication that I would have done this to Kuro5hin.

I (== fluffy grue, incase you couldn't guess) trolled here only briefly. I quickly got tired of it, after I discovered Kuro5hin. This is the first time I've been to Slashdot in several months, because someone on Everything2 asked me if what was being said about me is true.

I was quite open on Kuro5hin about having been the President Clinton spammer. My handiwork is visible at the top of the Hall of Fame page. Aside from that, I haven't caused any permanent damage, and my relatively-harmless prank DID lead to some necessary changes in the way that anonymous posts on here were dealt with. I resent that it was called a DDoS, because it never even slowed down Slashdot's server, and it wasn't from multiple IP addresses (it was only from a single IP address, hence it was not distributed).

I resent being called a 'conspiracy theorist.' Any conspiracy theories I ever spouted off about were meant to be purely tongue-in-cheek. I never believed or stated that K5 and /. were at war, I just stated that I disliked /. and felt I had no reason to ever go back. And, aside from hearing about and finding this thread concerning me, I haven't come back, and I haven't had any reason to come back, and I will not continue to have any reason to come back, so I, most likely, will not come back.

Yes, it sucks that I trolled and spammed here (for a WHOLE THREE DAYS, no less). In the long run, what harm did it do? Not a whole lot; it did more good than harm (as it gave Rob&co. a bit of a clue regarding the notion of 'throttling').

If I hadn't done the spambot, someone else would have. In fact, other people have, since then, and I know I wasn't the first to write any sort of auto-trolling thing. The only differences were a matter of scale (it was obvious that these problems needed to be POINTED OUT to the administration here) and the fact that I released my source.

FWIW, my original idea was to mirror the Linux kernel source in comments, using comment parenting as a directory hierarchy, but I got caught up in the moment and did all that fortune crap instead. :)

I think that my only regret was that my "State of the Spam address" got moderated down and therefore nuked. I should have saved a copy; I personally thought it was brilliant, as did RL friends of mine who were there at the time. (In case you missed it, I took the post-Monica Lewinsky speech and changed just enough words that it vaguely referred to the spambot instead of the sex scandal.)

Oh, though I've heard that someone else has started posting Clintonesque speeches as their troll shpiel. It was kinda flattering to hear that. :)

Anyway. Not to get too carried away in talking about my last few days on Slashdot... If you must discuss this with me, email me (use my academic account address, joshagam at cs dot nmsu dot edu, since I wouldn't want the good friend who hosts my personal account to have his relatively-small connection frotzed up because of someone who has a vendetta against me deciding to spam me at it). I'm trying my hardest to be civil and forthcoming. I'd hope that anyone who feels like continuing this discussion to feel the same.

Now if you don't mind, I'm leaving /. again.
---
"'Is not a quine' is not a quine" is a quine.

Re:TM ain't everything

[civilizedINTENSITY]

"What part of Gestalt don't you understand?"
I find the whole thing confusing.
*wink*

They need suits

[fishlet]

It's because they let geeks run the site unfettered, they need to get some suits to sit in their big chair and anticipate such things.

Re:They need suits

[mbrubeck]

And I suppose we should hire executives as ops for popular IRC channels, too.

Re:They need suits

[Cable]

So explain to me once again what the benefit of having Pointy Haired Bosses running your web site does for a company again? ;)

Re:They need suits

[Moofie]

It's also called a joke. Funny. Ha ha. Look into it.

Re:They need suits

[Plasmic]

Yes, or at least a committee of people with college degrees. :)

Re:They need suits

[debaere]

I have a college degree...

I know about IRC...

Its called time management.

Dave

Re:They need suits

[Moofie]

How the hell do you get a college degree and know anything about IRC? At UT (the real one, in Texas), we called it "I Repeat Classes"...

Whatever Help They Need..

[JonKatz]

We should provide whatever help they need and ask. This is an important site..

Re:Whatever Help They Need..

[Jon+Erikson]

Just out of interest, where would you obtain said penis birds? Is there a shop for them or do you have to get them delivered? Inquiring minds want to know.

And who trains them? I don't envy that person...

---
Jon E. Erikson

Re:About using *so* many cracked boxes...

[Performer+Guy]

You can't crack a box and spoof while doing it. You might clean up the logs once you're in but you're thinking of a different type of attack.

Re:Kuro5hin - what Slashdot could do to help

[mbaker]

> > Even if anonymous submissions were removed,
> > you'd still have the problem of people
> > registering accounts and posting flames, spam,
> > or what have you.

> Not at all true.
[snip]
> True, even in this case there are ways to get
> around the system, but it requires a lot more
> work for the average spammer.

So is it true or not?

If I wanted to "spam" slashdot, no amount of selective constraints sans the most personal
would be effective.

Oh look, Joe Hax0r registered from an e-mail
account from someone at his University. It's
amazing what you can do with a packet sniffer.

Oh look, Joe Hax0r registered from an e-mail
address from a random cracked machine. It's not
like anyone has ever cracked people have ever
violated the security of other systems, in order
to cause havoc on a trendy pseudo-geek site.

Oh look, Joe Hax0r registered using one of the
free e-mail services from the 9,000,000 offered
in the U.S. and abroad.

1) Banning e-mail suppliers is nonsense
2) It wouldn't work anyway. The world is much bigger than Hotmail.

All of this to supress speech. I thought we've
already determined that just isn't plausible,
or desired.

Re:Kuro5hin - what Slashdot could do to help

[mbaker]

This is a good example of why moderation is really quite sad.

If I see a penis bird, surely I can tell that a post isn't worth my time to read.

If I browse the post, and it contains ERIC RAYMOND IS A COMMUNIST, I think it's safe to say I don't always bother to read the rest.

If you don't browse at a level to see ACs or the posts of those moderated down, how can you tell if an interesting AC is modded up?

No Subject

[Valar]

to K5- God bless, and don't cave in. I say, take down anon, block as many abusive subnets as you can find, and strip the box of as many services as you can other than those crucially needed. We really hope you make it through. to the script kiddies who think they are the evil hax0r shit- you're not. I hope k5 posts your IPs and your e-mails if they can find them. Then I might just show you what happens when I take a very loose interpretation of the golden rule. to slashdot- uuh, yall are having big server problems from where I'm sitting...it may just be my crappy ISP, but it is normally no where as bad. Maybe you are suffering a little DoS yourselves. Anyway, keep up your support of kuro, they need it.

Re:Riiiight. Sure, don't mention who really did it

[aphrael]

I can believe that pissed off /. readers were involved, or the same people that feel it is necessary to mention 'grits' in every post, but given that the creators of /. have *been through this themselves*, it is unimagineable to me that they would be involved.

Their response, and the assistance they are saying they are providing, has been above-and-beyond the call of duty and should be commended, not flamed.

Well, yes, my point exactly.

[bkosse]

I think it was (un)officially TOS (that other site), but it was firmly tounge through cheek. No animosity that I noticed, ever.
That's exactly what I was saying ("TOS" not withstanding).

Re:animosity

[Hentai]

The trouble is, if a site like ebay, hotmail, or amazon (or even slashdot) is that they have companies making money off of them - and thus, if you try to take them down, you will have a VERY competent and well-paid legal team after your ass. It's much safer to find a site that a lot of people give a lot of emotional, as opposed to financial, investment to, and destroy THAT - you'll piss off nearly as many people (which is really the point, isn't it?), but there's far less of a risk of retribution.

Re:Glasscode/Half-Empty

[mezzo]

I am in an opposite position than you are

Perhaps you guys should work together then ;)

In solidarity

[MacJedi]

In Solidarity, Rusty.

/joeyo

Re:I got a solution

[FJ!!]

I would hope that the owners of the boxes have at least been warned that their stuff has been cracked.

And that they'd get the damn things fixed.

Re:Irony

[jlb]

Over the last several weeks I've seen many of these problems. I'm not bitching, I'm just giving several examples of the variety of problems I've had.

I've gotten permission denied when trying to load comments.pl.

I've got a page that was blank except for 'this is test content' at http://slashdot.org/.

For a long time several people I know couldn't post because of some invalid formkey error.

I've got 'internal server errors' from the perl scripts that run slashdot while just trying to navigate.

Just now when I tried to reply to your post I had to go back and hit reply again because I couldn't connect to the webserver. In fact just about every other web-request I'm sending to slashdot is failing right now. I just had to try to load a page four times. And I'm relatively sure it's not my net connection. My net connection is behaving very nicely right now.

What I'm saying is that I agree with reverand, just a note that says 'yes we know there was a problem and we've addressed it'.

Or even better..how about a slashdot status slashbox? Even if stuff is broken we'll have the satisfaction of knowing it's being addressed.

Wait, I've got a perfect solution. Instead of Andover giving hardware to k5, perhaps Andover should give more hardware to rob & co so they can *test* code before running it live on the server.

Or if they already have that hardware, they should use it.

Re:Can someone make a T-Shirt ...

[porkchop_d_clown]

Oh, yeah - Like the old "Sometimes the Dragon Wins" cartoons from the compiler theory books.

--

Greetings New User! Be sure to replace this text with a

check out Advogato.org

[MenTaLguY]

They have exactly what you need.

Re:check out Advogato.org

[tunesmith]

All right, their trust metric strategy does seem really cool, but there is a far cry between understanding their strategy in an abstract sense and being able to implement it in perl or php code. Or even java servlets. Anyone know if they have notes on how to actually write the code? When I start thinking of code traversing webs of relationships like that, all I can think of is that it must take a LOT of sql queries, memory, and time to process it each time. Recursive loops with sql queries each time. (Look up this guy... ok what do his peers say about him... hold on, what do THEIR peers say about THEM... et cetera... ok, let him post...)

Any good tutorials on this kind of stuff out there? Code examples?

tune

Reward

[porkchop_d_clown]

This is actually a great idea, but maybe we should have donations for a reward be managed by Rusty?

--

Greetings New User! Be sure to replace this text with a

Sorry about previous post

[Valar]

this is a fixed version of my horribly screwed up last post, sorry for that--
==============================================
to K5- God bless, and don't cave in. I say, take down anon, block as many abusive subnets as you can find, and strip the box of as many services as you can other than those crucially needed. We really hope you make it through.
to the script kiddies who think they are the evil hax0r shit- you're not. I hope k5 posts your IPs and your e-mails if they can find them. Then I might just show you what happens when I take a very loose interpretation of the golden rule.
to slashdot- uuh, yall are having big server problems from where I'm sitting...it may just be my crappy ISP, but it is normally no where as bad. Maybe you are suffering a little DoS yourselves. Anyway, keep up your support of kuro, they need it.

Re:Kuro5hin - what Slashdot could do to help

[MrBogus]

I enjoy the trolls as much as the next embittered old-timer, so if so, good job. (Although, IIRC this was in the era before trolling became really popular. Pre-moderation, maybe.)

Re:K5 Troll 0.1

[slycer]

But, it's not a bug that took kuro5hin down. Everything that was used in the spamming of kuro5hin was coded into kuro5hin intentionally.

ie: open story submission, anonymous posting...

Re:Y'all betta listen up!

[The+Lethargic+Lad]

Thanks!

Re:Irony

[unitron]

I've had the same "wee hours of the morning" problem often myself and I wonder if it might not be the name servers instead of Slashdot itself.
http://64.28.67.48/ seems to get through a lot sooner than waiting for some machine to search a database to see what number corresponds with Slashdot.org. When Slashdot acts like it's not there in the middle of the night it's usually when I try to load a link with the name in it, not the number.

Re:You're repeating yourself. You are pure noise.

[GeekBird]

[I shouldn't grace you crap with a response, but this is just too stupid.]

Look, troll, all you've done is make lame, conspiracy theorist accusations, and spewed senseless abuse when a real, logged in, user called you on your baloney.

Don't whine about the signal to noise ratio when all you've done is post meaningless, insulting, idiotic noise!! You are obviously not part of the solution, either here (s/n) or on Kuro5hin (helping them do a comeback), and definitely part of the problem.

Let me weave a real conspiracy theory around this:
One wonders if you are trying to sow dissention between /. and Kuro5hin so that /. won't help K5, or K5 won't accept it. The only person who would have a motive to do such a thing would be script kiddie that DoS'd K5, or a co-conspirator. By your own brand of screwball logic, YOU are conspiring against both K5 and /.!!!

Pot, Kettle, Black, Mr AC. You wouldn't last a day on Usenet. Go back to whatever hole you crawled out of. Even alt.conspiracy would chew you up and spit you out.

Re:Response to all the childish conspiracy theoris

[InitZero]

his story on masturbation

{blush}

You don't happen to have that link, do you?

It's not for me. It's for a friend.

InitZero

Re:Not trying to be flaimbate...

[kwsNI]

I get what you're saying, but then again, he didn't preface it with the little blurb you just said. With such a vague statement, it's open for (mis)interpretation and criticism.

Maybe, had I interpreted it the way you did, I wouldn't have been so harsh, but the fact still remains. JonKatz is always advocating geeks to act rather than sit on their asses (Take "Shut down Metallica, not Napster" by JK). JK is usually extremely verbose. Why doesn't he give some suggestions as to how we can help K5 or what he's doing to help?

I think we both have points here. I apologize that I may have misinterpreted his original post. If I had read it differently, I wouldn't have been so harsh, but I'd still raise the same point.

kwsNI

Re:Kuro5hin - what Slashdot could do to help

[bolix]

Just think Ren and Stimpy "Log". Record. Emulate the professionals. Track. Plod. For future reference most of these attacks can be trapped by simple rerouting toward honeypot systems and careful flood planning redirecting specified traffic. Consider your arse kicked. Damn well contact the flooding-domain providers and insist on source address-spoof protection as default behaviour. Contact your access providers to see if they can filter or provide feedback/further logs. You have time - let the guy hang himself. RTFM. Post the progress. Enjoy the vacation. Bring back some balls.

I'm really pissed (reward offered)

[Dacta]

I was in a great mood yesterday until this happened. I'd just had my first story ever accepted by Slashdot (The Interbase one), I had an interesting job interview, and then K5 goes down.

I read K5 more than Slashdot these days, and post a lot more on there. I try and submit a story or two a week, and I have great fun there.

I had this great book review (of "The Forever War" by Jon Haldeman - great book, possibly the best '70s Hard SciFi I've ever read) half typed up. I log on, and I saw the submission queue with 25 entries. I think "Oh shit.. They are trolling K5" - sure enough, that's what it was.

Why would someone do this? I never understood people doing it on Slashdot, either. Once in a while, a good hand written troll is funny because of the reaction, but script-trolling? Why? Everyone knows you can do it - there is no challenge.

Anyway. I'm going to do something about it. I'm offering a $200 reward (that's Australian $s) in the event of someone turing the K5 troll in, and successful legal action being taken.

Sure, it's not a huge amount, but I hope a few others will do the same, and we'll see what happens. Yes, I'm serious.

Re:I'm really pissed (reward offered)

[Pliny]

This is a really interesting idea...

With the advent of service like paypal, I could see "the community" getting together to offer a massive reward.

Imagine what would happen if we could get at least 10% of the slashdot audience pissed enough to pledge $5 to the stopping of this asshole...

I bet it'd be enough to make any "L33T HAX0R" turn in his own grandmother, let alone another lame ass script kiddie...

Re:I'm really pissed (reward offered)

[shoppe]

Don't you mean Joe Haldeman? And have you read Forever Peace?

Re:Open letter to Rusty

[daviddennis]

I wouldn't have made the request if the pricing and quality weren't competitive -- they were and are.

D

----

Larger ramifications

[barzok]

The person(s) who did this cracked a lot of boxen to launch this attack, from what I understand. Just because they've been stopped from slamming Kuro5in doesn't mean the threat's over. What might they launch next from these systems? What other systems have they infiltrated? It could turn out to be far, far bigger than this.

I just "discovered" Kuro5hin about 2 weeks ago, and was finally getting into it. Damn those bastards. Damn them to hell. Maybe we'll see them burning with Satan in tonight's South Park.

Re:About using *so* many cracked boxes...

[itachi]

You can't spoof the IP in a two-way communication (like desktop.evilcracker.org telneting or whatever to helpless.victim.net). You can spoof the MAC in an ethernet header. IP headers wont contain the MAC, though. So there will be reliable IPs that can be tracked back toward the cracker from the boxes that were used for this. Of course, tracking the trail all the way back to a person at a keyboard is the trick.

itachi

Re:animosity

[wishus]

you have a good point.. for some reason, i was going under the assumption that these guys would like to be on the nightly news. i guess if just knowing in your heart that you pissed a bunch of people off is what you're after, k5 is a good place to go.

some people out there just like to hurt other people. those people are pretty sick.

wish
---

Spammer?

[Gonoff]

No. Spammers are those who send out Unsolicited Commercial Email. Hence CAUCE

Re:I just donated $20 to Rusty; how about you?

[Oxryly]

So Rusty, if you're reading this...

Are you interested in cash donations like this? Or will they cause legal headaches, bureacracy, etc...etc...? Say the word and I'll send some your way (via PayPal).

Oxryly

Wouldn't work.

[unicorn]

The server would still choke processing the data. Even if it's discarding the posts, they would still be walking the wire with the data. If you read the article, what they were having to do, is monitor the incoming stuff, and see where it was originatiing. Then connect to the router and block the IP address there.

Even then, the pipe between your router, and the internet can be clogged, depending on how fat it is. I suppose it could be theoretically scripted so that it monitors incoming traffic at the server, and when it has a suspected spam attack happening, it logs into the router, and blocks the address or subnet the the attack is originating from. I'd be a little squeamish about my webserver having that kind of control over my router tho.

Re:K5 Troll 0.1

[Firefalcon]

> There are valid uses for this as well
> (improving Scoop comes to mind)

Excuse me, why bother to write this program, why not improve scoop by contributing fixes (I haven't checked, but I guess it (Scoop) is open source...)

Er.. haha!

[Plasmic]

It was merely a poke at the average clue-level of college graduates and the assumption that if you are a college graduate that you must be a smart person.

Re:I just donated $20 to Rusty; how about you?

[Deven]

Are you interested in cash donations like this? Or will they cause legal headaches, bureacracy, etc...etc...?

Why shouldn't he be? I am not a lawyer (IANAL), but my understanding is that you (as an individual) can give up to $10,000 per year (per person) as a gift, tax-free (to the recipient). I'm sure this qualifies. Whether it's called a "gift" or "donation" amounts to the same thing: I gave him money, and he can do what he wants with it. (I suggested he use it to go see a good movie!)

Now, if people wanted to make donations that would be tax-deductible, and be certain the money would be used for the benefit of Kuro5hin.org (e.g. for server hardware), that would probably require them to setup a legal non-profit entity to make the donations to. That would be more complicated, obviously. Since I didn't care what use he made of the money and I don't intend to deduct it from my taxes, it's probably more accurate to call it a "gift" rather than a "donation" from a legal standpoint...

Crackers should be hunted down - Not a Flame Bait!

[cOdEgUru]

Soon, we would see newspapers and ignorant print media lamenting about "hackers" launching dos attacks against sites who support open speech and even get away with a couple of snide remarks on how these sites were in turn lauding hackers and blah..blah..blah.

I wish this guys would identify those script kiddies and wipe the floor with their ass. I was looking at the "Know thy enemy" article on rootprompt.org and its quite interesting to see the type of people who does this, and who profess to be hackers. I could imagine "nothing to do" 14 yr old kids, morons who have no better job to do, and people who are trying to prove to the world that they could make an impact on this economy and the internet that fosters it, by bringing it down. Though I would respect the meticulous manner in which some of these attacks are organised, I would definitely love to see them go down. It doesnt make the world a better place, coz there would be still a lot of them out there and you could only do so much.

Slashdot for one, need to make a clear definition as to whats right and whats wrong. If we tell the future generations that pirating is ok, trading pirated software is ok, then theres nothing stopping them from resorting to dos attacks like this, just because they believe what they do is true. This is a never ending question and theres no clear cut answer as to whats right or wrong. The line is thin and it borders on the consciousness of us human beings. Most of the times, we are so hard to identify whats right or wrong. Whats right ? Is trading pirated software right thing to do ? Is napster evil ? Or is it the Music Industry who is licking their fingers ? Who is the winner and whos the loser ? There are no clear rules in this game. As long as there are people who believe that the laws of the land doesnt apply to them, and they could do what they please, we would see more of this. And if they are careful enough to cover their tracks, like anonymous cowards, they would keep on doing it. But the question that begs attention is, are we right in condemning them ? Are we better off than these script kiddies ??

This is not a flame Bait. I wish we could all debate on this.

Re:Can someone make a T-Shirt ...

[Firefalcon]

I'd buy one of these (with that logo) if I knew it was going to go towards helping Kuro5hin (and that there was some way to get it to the UK).

They don't need suits, they need monitors

[Cable]

What good would a suit do? Just get someone to monitor it, and drop the connection when the "Script Kiddies" start playing the DoS games. Get the ISP to drop the account of whomever is doing this after the monitoring programs catch the IP address of the attacking system. Nail the suckers who did the attack.

Do you suppose it was some sort of SuitJihad against the people running the site not having suits on there? ;)

For more info on the Jihad, visit http://normad.webhostme.com/jihad.asp

Re:I got a solution

[IronBlade]

I got a bitch of a solution. Post the IPs of the cracked boxes and the server logs. Time for some vigilante justice... slashdot-style

I hope you were kidding.
How will attacking the thirdparty, cracked boxes help at all?
If anything, the list you mention should be sent to the owners of the cracked boxes,
so they can close them down and thus disallow the spammer access to this resource.

While your willingness to help is admirable, you may want to rethink your methodology.

Re:K5 Troll 0.1

[itachi]

So then we're back to my original question, which is why? And it's a question for the developer of the perl script too, because why would you write a script that will do this if not as POC? Now instead of writing POC, you're talking about writing a piece of code that will do nothing but aid you in being a jerk...

itachi

Good show VA and CT

[rifter]

I would have to say it reflects well on Commander Taco and VA Linux Systems that they were able to be helpful to a competitor. Apparently CT gave lots of advice (which I am sure drew on copious experience) to the fledgeling K5 admins, and now VA is giving them hardware (which is totally unexpected I am sure)!

Looks like those who would say VA/Andover/CT//. are biased, sold out corporate shells, or otherwise not part of us as a community are dead wrong. Maybe CT will write an Oreilly published "Successful Web-Based Comment Messaging Systems in a Nutshell" Of course John Katz would feel compelled to vie for the chance to write the Foreword...

Re:Anonymous Twits

[GeekBird]

OK. So what's a LART?

Last I knew:

Luser
Attitude
Readjustment
Tool

Otherwise known as a "Clue-by-Four", or just a big, heavy stick!!

HTH, HAND

Re:About using *so* many cracked boxes...

[PotatoNO]

Excuse my ignorance. So if you wanted to prevent such attacks couldn't you require someone making a new user or posting as an AC to enter a randomly generated word back into a field. Two way communication must exist, so they can't hide forever. I suppose they could spoof the ip to another comprimised box and listen for the word there. If your page is limiting to one AC post/new user per IP per day then you will only have 1 spam per comprimised box.

Am I missing something?

Re:Slashdot next?

[Cariset]

I don't think this will happen. Rusty's very clear about his policy - he simply deletes spam/troll posts. And he deletes accounts, too, on the second offense (the first just gets you a warning). And now he's banning anonymous access. This by itself ups the ante for the troll brigade, and it doesn't account for any additional safeguards on how accounts are acquired (waiting period, email/IP address duplication, and the like).

Basically, Kuro5hin is a benevolent dictatorship, being run in the form of a democracy just because the dictators like the idea. And you know what? It's rather refreshing.

Re:Kuro5hin - what Slashdot could do to help

[donutello]

ACs are very important to discussions. There are several times ACs have made insightful and informative posts that they wouldn't have otherwise made because they didn't want to reveal their identity, suffer the potential damage to karma, etc.

I support Anonymous Posting for this. The trolls are moderated down anyway.

Strange Internet beasts "Traffic issues"

[Felinoid]

Unless you are refering to the one time event known as the DDOS attack on Slashdot...
I suggest you check out your traffic...

You may be the victom of a flaky server. Not Slashdots server... (Why dose it automaticly have to be Slashdot?)
Do a traceroute and see where the traffic stops.
You may find a router who isn't responding...

I had that a lot on my former ISP. Not anymore.

Slashdot is remarkably stable considering it's daily load.

Re:Y'all betta listen up!

[terpia]

lazy people everywhere....UNITE!

Have some sympathy for commercial sites

[Shimbo]

Not that this applies to everyone but I hope this has made some folk around here realise that admin types generally have ten other things to do better than spending all their life fighting DOS attacks and suchlike.

I have sympathy for k5 but as someone once said, defending the rights of people you agree with is easy. So next time someone launches attacks on Amazon, or some other geek-unfriendly site let's hear no more - "they're paid to handle this sort of thing" crap.

Script Kiddies and Perceived Threat

[spankfish]

It seems like these Script Kiddies are seeking to make themselves appear notorious and threatening. What is strange is their choice of target.

Considering what others have said on the subject of Script Kiddie Psychology, it figures that these kids would attack those in a position to make compare favourably to them.

It struck me that this point of view is essentially identical to that of the schoolyard bully who picks on smart kids, because everyone is always telling him he's not smart (for example).

Still, I find it strange that these kids would want to attack someone who may be a fellow IT peer a few years down the track. All depends on who you feel most threatened by, no? The schoolyard bully sees more threat in the nonviolent academic kids than in the schoolyard principal.

Anyway, I don't want to start generalizing. I am only talking about this particular instance of the scriptkiddies.

--

Re:About using *so* many cracked boxes...

[Jonathan+White]

Well actually you can spoof by using compromised machines in the middle of the connection. If I know that somerouter.example.com forwards traffic to somemachine.someothernet.com (or is on a non-switched subnet with a machine that does), I could compromise somerouter and get the packets destined for somemachine. This would also be true if I had legitimate control over somerouter.

What makes this interesting is that the spammer will be in much greater legal peril for compromising so many machines than anything related to the actual spam.

Re:Irony

[Felinoid]

> About 20 minutes ago I couldn't hit this story for about 10 minutes.

Check your equipment and do a traceroute...
This sounds like your reaching Slashdot vea a defective router.

Ugh

[Uberminky]

The first time I saw a Penis Bird I laughed. The thousandth time, I just sighed. But whatever, I can handle a Penis Bird in this forum. But one thing that I loved about Kuro5hin was that there weren't any people like you. Wasting everyone's time with their crap. Now of course it was bound to come eventually. I was really starting to like K5 tho. They did a lot of things right. The idea of Karma is just silly. The idea that a bitchslapped account can still exist is silly. There's some things Slashdot needs to change. When people get moderated down as far as you have, there is no longer any use for that account at all. They should throw it away. People shouldn't get 5 mod points once in a while, everyone should be able to say if they like or dislike a post. K5's floating-point (averaged) moderation system is what Slashdot should use. The +1 bonus? It's absolutely ridiculous. No one deserves their post to float above the other, often better posts. We have people like Enoch Root, Signal 11, JonKatz.. Taco himself deserves no +1 bonus. It shouldn't exist. The list of things that are wrong goes on and on. And not allowing ACs to post.. yeah, we shouldn't have to worry about spammer idiots, but they're there.

Ok sorry for the rant everyone. ;) Hm, I'm doing too many of those lately... Anyway. I guess this probably deserves to be modded Troll or Offtopic or Flamebait.. As you see fit. Had to spew. ;)

Re:Ugh

[rifter]

I see your point with the Penis Birds. But then I have noticed that PBG has toned down his submissions (from his debut, in which an entire story overflowed with penis birds). At this point it is basically a running joke. Time will tell whether it takes a place along with Monty Python Parrot Sketch or instead suffers the fate of the Natalie Portman Naked and Petrified (Notice that there are no more of those, that and grits are basically referred to at times, but you never see them in their original glory anymore).

I totally disagree with you on the silencing of bitchslapped accounts. True, there are many accounts that have been created for the express purpose of provoking a bitchslap. But before their existence the bitchslap was a secret and even now remains an undocumented "feature" of /. The bitchslap represents a gross abuse of power even in its present form and has been used wrongfully in the past (for instance as a tool to punish moderators who dared moderate down Signal11, a situation which may or may not be repeated). This has never been addressed directly and the bitchslap system has never been defined or defended by the /. crew. Additionally, they have never confirmed or denied its continuing abuse though to his credit CT did confirm what had happened in the above cases.

Silencing any voice is a precursor to silencing every voice. In america, we tolerate Springer and the Klan speaking hoping that this will mean those with meaningful criticisms will be allowed to speak. On /. osm can post his stories and the PBG can spread his "flock" to cover the heavens (what an image that conjures!) but that means that those with meaningful criticisms cannot be silenced (though they are often moderated to oblivion by those who would seek to silence them).

Re:Ugh

[delmoi]

The idea that a bitchslapped account can still exist is silly.

Change your threshold.



We don't know how bad things are in north korea, but here are some pictures of hungry children. -- CNN

Can someone make a T-Shirt ...

[linzeal]

Something to the effect of:

Script kiddies taste like chicken

With some huge (read fat) linux gurus eating a kid on a spit with a T-Shirt that says 1337!!! or some other 1337 thing...

Re:Can someone make a T-Shirt ...

[el_nino]

Or My favourite web site was DOS'ed and all I got was this lousy t-shirt.

--
Niklas Nordebo | nino at sonox.com | +46-708-405095

Re:Kuro5hin - what Slashdot could do to help

[Saib0t]

If someone posts something I don't like, I don't read it.

How can you know you don't like it before you read it, heh?
I think that's one of the nice aspects of moderation, if an anonymous person posts something interesting, it's usually modded up.

Just my .02

Re:Y'all betta listen up!

[The+Lethargic+Lad]

Nah, maybe later...

Re:USA - Centre of the world!

[morzel]

Didn't really spring to mind that there are actually people outside the US of A who really have evolved far enough to be capable of using computers and surfin' the net? Even in a barbaric region that don't have daily runs of the Simpsons et al.
Puh'leeze... we're out here ;p

Okay... I'll do the stupid things first, then you shy people follow.

Re:Irony

[Kurt+Gray]

We have an Arrowpoint load balancing switch in the front of six web servers and whenever a web server stops responding the load balancer stops passing requests to it, but it make take a minute or so for the load balancer to actually take that machine out of rotation. It's not perfect and we're always tweaking it. I workaround it by hitting reload and that usually randomly hits the "next" web server.

K5 Troll || Beware the blackhole

[Star*Dot]

K5 Troll || Beware the blackhole
This is obvoiusly the software that is being used to do this, If anybody wants the annonuncement it was posted on sid=slashcode, this seriously angers me, that someone should take it to this extent, I admit i've done crap to slashdot but seeing what I can do i've stopped developing sTs and put an explaination why on slashtroll.tripod.com
It pisses me off that someone should take a whole website down

Re:K5 Troll || Beware the blackhole

[Wah]

think for a moment how Einstein and co. felt around two weeks from now, 55 years ago.

then think about something the romans knew. "It's all fun and games until someone loses an eye."

and then stop thinking for a bit. I dare ya. :)
--

Re:Open letter to Rusty

[Gene77]

Hey, we're a community, right? And aren't community members supposed to help each other out in times of need?

Indeed.

This will be a good time to show others how a community operates. Let's all please take this situation seriously and set new precedents of community support and development. The trick will be to somehow not inflate the awkward egos of the little weaners who brought down the site while at the same time demonstrating that perhaps being a script kiddie isn't the safest, anonymous thing it appears to be and that the broader community is stronger than this.

Re:Is slash vulnerable to the same thing?

[Performer+Guy]

You could keep the moderators busy, but the key difference here was the open submission policy. Slashdot has moderated submissions.

As for DoS, everyone is vulnerable, but a single ageing box is probably less of a challenge than most.

Damn shrewd of VA

[Tau+Zero]

I'm especially impressed that VA Linux is donating machinery to help.

Are you kidding? It's one of the best marketing moves they could have made. You can't buy publicity like that. Even if they weren't really nice guys they'd probably be doing it for the free advertising.
--

Re:Damn shrewd of VA

[Wellspring]

Are you kidding? It's one of the best marketing moves they could have made. You can't buy publicity like that. Even if they weren't really nice guys they'd probably be doing it for the free advertising.

You're probably right, but that goes for any good deeds a company does. And usually, people get suspicious no matter how altruistic you are. Coors got in trouble for giving a hundred thousand dollars to a gay rights group with their community because the owners sometimes give money to conservative groups, too. Coors is one of the best places you can work if you're g/l/b, but get branded as an 'enemy' anyway.

I think you are totally correct when you say that this is a great move from a marketting standpoint, but I also get really annoyed when people get all suspicious of 'big corporations'. People don't seem to have any rational basis for their anti-company bias, other than something they heard on TV or in a movie.

Then you get companies like VA, which is filled with people who work their asses off to make great products, and they get jumped on. It is this kind of anti-corporatism bias which leads to script kiddie vigilantes. K5 was a volunteer effort, but the same principle applies: you get punished for being successful and useful for thousands of people.

With all that said, now that I think of it, everyone who reads K5 who would buy VA stuff probably already does. It isn't like they need more visibility or Open Source community legitimacy.

Re:Damn shrewd of VA

[hobbit]

People don't seem to have any rational basis for their anti-company bias

You are kidding, right? You think I didn't know that the left hand doesn't know what the right hand is doing before I watched The Cube?!

It makes much less sense for a company to be 'altruistic', because there is no measure on the return of that (in the sense of psychological egotism) other than advertising revenue.

Hamish

Re:Not trying to be flaimbate...

[rifter]

JK is not AFAIK helping k5 directly, but then his strengths are said to be in journalism and commentary, not network security. However CT helped the K5 crew considerably with technical advice, and VA is sending them hardware, so his "colleagues" are doing quite a bit considering K5 is basically a competitor.

Re:I guess you're kinda new here.

[sid+crimson]

W0W... you can count. An extra two years makes something "OLDER!!!"

"And lame-o was your name-o!"

-sid

Re:Y'all betta listen up!

[rifter]

Yeah everyone knows that Governors in Texas are chosen by rodeo. Whatever.

Uhm, did you mean...

[scribblej]

I'm hoping you mean the IPs of the cracker's boxes, not the IPs of Kuro5hin's boxen, which A) would be easy to find if you wanted them, and B) wouldn't help you much in dispensing justice.

Personally, I think we should find the kid who did this and take away all his .jpgs of Natalie Portman and hot grits.

Just my $.02

Re:Probably from another timezone

[rifter]

Or the cracker can crack k5 and watch at the same time.. I mean it was just a script anyway..

Re:I got a solution

[electricmonk]

Honestly, get a clue. No one needs to beat on the cracked boxes anymore, someone needs to fix them. The same goes for the cracker's IP, the more we do to him, the more we sink to his level. Honestly, that's the Feds' job : P

Re:K5 Troll 0.1

[ODiV]

I didn't say that this was _the_best_ way to improve scoop.

But that doesn't really matter. It's fairly obvious that this person didn't write the code to help scoop out.

Maybe I shouldn't have written that part, but the point I was trying to make, is that this is just code. It's up to the attacker to use it. And while we are probably a little angry with this guy right now I don't really see the point in blaming him.

Just my thoughts.

um

[delmoi]

not anymore

k5 keep it up

[PotatoNO]

I was greatly saddened to see the site go down. When you pour blood sweat and tears into a project just to see it screwed up by someone who needs to get a life it's a sickening sensation. I'm glad to hear that you're willing to give it another try.

When it comes to the internet, the saying 'one bad apple ruins the whole bunch' really applies. What's the point? If your site gets popular enough to attract attention someone little bastard kid will just f*ck it all up.

I just wish that there was something that the hacker community could do to curb the script kiddie mentality. I mean, they are just kiddies. Used to be that we'd teach them a lesson and they'd shut up. Maybe an organization of white caps dedicated to securing up boxes with or without the admins permission? Or an ORBS style blacklist of known comprimised boxes? Maybe a bit radical, just a thought.

Anyway, good luck and keep it up. I'm all for turning off anony, you don't need ACs anyway.

seems as if...

... this DoS attack might be the best thing for them (K5). I mean they get great exposure, new VA hardware, and lots of sympathy support. I'm not trying to sound like a bad guy, but wouldn't it be funny if this was intentional. Nah, I don't think so, but it would be funny if...

Re:Open letter to Rusty

[jetpack]

Last time I wrote to him, his email address was rusty@kuro5hin.org

Re:Open letter to Rusty

[daviddennis]

This is exactly why I'm proud to be a VA Linux customer. I got my company to invest in a dual PIII/700 system with RAID and 1GB RAM, and it's worked perfectly, without flaw. I'd warmly endorse them any day of the week, for that and the excellent support they give back to the Linux community.

D

----

K5 Troll 0.1

Get it here. ENJOY!

K5 Troll Developer

Re:K5 Troll 0.1

[itachi]

Don't you have better things to do with your time? Developing the perl as a proof-of-concept, sure, and maybe I could even see beating the crap out of k5 with it for a few minutes to test it (although really, testing against your own scoop server would be much more polite), but why keep hitting it? Knocking down k5 for fun doesn't make you anything but a pain in the ass. And not a very well liked one, at the moment, judging from all the bitching and griping by k5 fans....

itachi, responding to a troll for no good reason

Re:K5 Troll 0.1

[slycer]

Exactly, this is not a hack, nor a crack, nor anyting but a script for a script kiddie. It's the same deal with the STS (Slashdot trolling system) - that's nothing special, just a perl script that posts messages. Hell, I'm just a beginner in perl, but I could write these scripts pretty easily..

Re:K5 Troll 0.1

[ODiV]

This guy just said he was a developer didn't he? He didn't claim responsibility for the attacks.

If he wasn't resposible for the attacks then we can't exactly get angry with him, can we? Like DeCSS, this is just a tool. It's up to you how you use it (although DeCSS was written with a much more altruistic goal). There are valid uses for this as well (improving Scoop comes to mind)

In my mind, the blame falls directly on the person who used this code.

Just a side note: Can /. get the IP of ACs from their post? (Just in case this is the same guy).

Re:Open letter to Rusty

[Dissenter]

I will gladly accept donations on behalf of k5.

j/k
On a serious note, I want to reiterate that it's great to see everyone rallying together like this. Where exactly are the k5 staff located? That information may help out in letting you know what we can do to help. If you're in the Chicago area, I know a great bunch that would love to assist you guys. Since you aren't necessarily going to be able to go through all your mail, I thought it would be an idea to post that here.

Dissenter

Thanks Slashdot

[the+coose]

I'd like to thank Slashdot for keeping me and other K5 readers up to date on this script kiddy BS. For me /. and K5 complement each other; when I read the story earlier and saw the o-bit over on K5, my heart sank (and my hatred of script kiddies quadrupled!!)

Reading this, though, has made my day. I look forward to the day when I will be reading both Slashdot and K5 again.

Again, thanks to the Slashdot crew!

Re:Open letter to Rusty

[hurstdog]

hehe, all over. canada, silicon valley, and davis, CA. are where inoshir, rusty, and I are. not much is done for it in meatspace

Errm, wrong, but nice try

[spiralx]

Slashdot and kuro5hin were at war - the only people who believed this were the pathetic slashdot trolls like spiralx and fluffy grue(who wants DDoSed slashdot) who were always pushing the conspiracy theory edge.

Not to put too fine a word on it, but bollocks. I've never believed /. and k5 were at war or even in competition, its obviously not the case to anyone with half a clue about either site. A few sly jokes was about the most it ever got to.

I like kuro5hin and I read it every day during the week whilst I'm at work. I don't post that often, but I do when I've got something to say. I haven't trolled k5 and I won't troll k5, because it simply doesn't have the knee-jerk crowd /. has.

You need to calm down and stop throwing blame around. I don't think anyone really thinks /. attacked kuro5hin.

Re:TM ain't everything

[mbrubeck]

Well, Slash and Scoop and mod_virgule are all free and are all written in Perl, so there's plenty to start with for anyone who wants to use features from all three.

Whoops, scoop.kuro5hin.org seems to be down right now, not surprisingly. You can still the Scoop project on sourceforge, though.

Re:FUCKING SUBMIT BUTTON!

[RoscoHead]

Well, you obviously dont have the skills to use the preview button first...even when you're reminded every time you post.

Re:Open letter to Rusty

[Duranos]

Absolutely.

If it would help at all to have an active web domain for the community, I'd gladly put www.OpticalValley.com back online.

I don't have the skillz to create a community posting board, or anything close to what slashdot or k5 is like, but I'm sure that there are many volunteers out there that would be willing to help out in this area.

Anyone want to help out?

Here's The Deal
I'll provide the domain OpticalValley.com if people want to code a community postboard.

Let me know what you all think.

-Chris Simmons
www.peitourism.com

we're feeding this k1dz ego.

[The+Masses]

This is as much about getting a big reaction as it is destruction or revenge. Probably more. Look at all of this discusion and hub-bub (to which I am now contributing). Someone can point to this and say 'wow, I just got so many people really worked up, i am p0WarFul'. At least they're not throwing rocks off overpasses.

Re:Irony

[DrWiggy]

But most of these problems I see in the middle of the night (eastern time2 or 3 am). You have to wonder then because you KNOW they aren't getting nearly as many hits as they are getting at 11 or 12 am.

Remember that 2-3am EST is about about 7-8am GMT which is about when most of us on the west bit of Europe are doing our pre-work coffe + slashdot + theregister.co.uk, even more so when you consider we're in daylight saving time at the moment so it's actually 8-9am BST. I know, pedantic, but it's a good reason as to why it's like that - plus if you're reading it at 2am EST, then just think of all the other people out there that are as well. ;-)

--

S/N, not bandwidth (mostly)

[KMSelf]

Rusty pulled K5 "because I didn't want my name associated with what was showing up on the site". The issue was discriminating signal from noise. At a certain point, things reached the level of crashing scoop.k5.org, but this wasn't the initial or principle problem.

The problem is that IP-based blocking only works against finite IPs. In this case, the attacks were coming from a relatively small number of sites, but things kept escalating beyond the ability of the K5 volunteer staff to deal with them.

Yes, chokepoint DoS is a possible attack, but the weblog was choking on poor quality data long before that.

What part of "Gestalt" don't you understand?
Scope out Kuro5hin

Re:Kuro5hin - what Slashdot could do to help

[mbaker]

Even if anonymous submissions were removed, you'd still have the problem of people registering accounts and posting flames, spam, or what have you. This tends to be fairly common now, so I don't imagine it'll do anything but increase.

Personally I browse at -1, because I find the moderation system to be pointless elitism.
If someone posts something I don't like, I don't read it.

Re:Well, despite what some people here say...

[ZikZak]

YES! It makes perfect sense because you guys stated that you know more about hacfking than me! YOU are supposed to be the 1337 ones, and I'm the one still learning!

I tjust proves that if you don't have a reason for how I act then it's not

Re:Don't be naive.

[aphrael]

. Taco is better than most, but he's still not perfect.

Sure --- and expecting perfection from anyone is religious. :)

This whole Open Source movement is about openness and doing what's right for the community even when it's not convenient. I believe in that, and I think Taco still does too, in spite of everything.

So do I --- the only reason i'm still willing to read /.

My gripe with this thread is that there are noises going around that /. was somehow responsible for what happened to Kuro5hin --- which I see no evidence for, and which strikes me as being irresponsible attacks against people whose actions indicate that, by and large, they are on the 'right' side of things.

FUCKING SUBMIT BUTTON!

[ZikZak]

It just proves that I couldn't be the one doing this!

According to you, you have the skills and I don't!

Re:I got a solution

[ucblockhead]

Ok, now I probably shouldn't get myself into this, but aren't you effectively doing the same sort of thing that happened to Kuro5hin? I mean, here we have a poster you don't like. That's fine. Perhaps there's something not to like. But it sounds to me that you're subverting the moderation scheme beyond what it is intend to me to pursue a personal vendetta. Is that really any different from people subverting the internet to pursue personal vendettas?

If a post is overrated, yeah, moderate it overrated. But don't decide that just because you don't like a poster, the rest of us should have to wade through whiny complaints or miss posts moderated purely for dickish motives.

The internet would be a much better place if people would just take a fucking pill and chill out. And that includes both the people with the anti-Kuro5hin vendetta and a lot of Slashdot posters.

All the complaints about karma-whoring are far more annoying than the karma-whoring is in the first place.

And you need to get out into the real world.

[bkosse]

It's been my experience that whenever someone incorrectly claims another person is in school (and implies it's H.S. or earlier), that person is, himself a High Schooler.

Either that or you have absolutely no ability for an original insult, and no ability to debate your own stance.

The source of a proposition is irrelevant to the truth or falsehood of that proposition.
This is not true. The source of a statement of fact is irrelevent to the truth or falsehood of that statement. You, however, are making no such statement.

This is a fact. This is how logic works. I know that you don't understand that fact, and I sympathize: You're young, and school is hard for somebody like you.
Was this a deliberate drop for the obvious grammar flame?

However, the reliability of an UNSUPPORTEDaccusation is directly tied to the source of an accusation. Where are the objective facts supporting your accusation? That's right... You have none. Your only support is that K5 is "competition" for Slashdot, despite Slashdot's maintainers disagreeing with you.

For now, just repeat after me: If somebody with a nick says the sky is green, and an AC says it's blue, the guy with the nick is still a moron and the AC is still right, regardless of which statement is associated with which name.
You ever been to L.A.? I've seen what can only be called a "green sky" there. Yes, I get the point you're trying to make, too bad it's irrelevent.

Response to all the childish conspiracy theorists

[Carnage4Life]

For the past year or so the childishness and plain illogical reasoning of the average slashdotter has been increasing at an alarming rate. Part of the reason I liked kuro5hin was because it was undiscovered by the likes of the empty blowhards, trolls and karma whores who have come to inhabit slashdot.

It is sad enough that one of the most interesting online discussions I've had in a while has been lost due to kuro5hin going down but now to see people cheapen the memory of the site in a CHEAP attempt to karma whore and seem deep is just too disgusting for words.

To all the idiots who think slashdot had something to do with this I'd like you to consider your words in this light...

1. Slashdot crashed them for having an open submission queue - So instead of implementing a similar feature (which would be trivial to code even to a Perl newbie like me) Slashdot's owners cracked a bunch of machines and engaged in a DDoS of kuro5hin just so as not to do this? Considering that anonymous postings to stories has brought us gems like the Beer guy and Penis Bird it is unlikely that Slashdot would open itself up for abuse and what has happened to kuro5hin shows that this wasn't a wrong conclusion

1. Slashdot crashed kuro5hin because it was getting popular - According to
2. Inoshiro the most traffic they've ever gotten was when they were mentioned in a slashdot headline. So slashdot DDoS's them just so they can give them two headlines and free VA Linux hardware. Yeah that makes sense.

1. Slashdot and kuro5hin were at war - the only people who believed this were the pathetic slashdot trolls like spiralx and fluffy grue(who wants DDoSed slashdot) who were always pushing the conspiracy theory edge.
2. Micheal has posted to kuro5hin several times and the other slashdot authors read it as well. CmdrTaco offered rusty help and gave advice on how to deal with the DDoS attempts several times. The only people who have ever believed they are at war are the small-minded people who can not like two things at once, who must always believe something has to be one "hip", "cool" or "in thing to do or like. These people have been spreading disinformation, malice and discord simply bnecause they have nothing beter to do with their time. They are quite similar to the "Redhat wants to be the Linux monopoly" idiots but only this time, they are posting their drivel at an innoportune moment.

Frankly this entire affair has deeply shaken my faith in human nature. There I was thinking that online I'd find a community of like-minded intellectuals who I could share and discuss ideas with that I couldn't find In Real Life. Instead one community turns out to be as full of petty, small-minded individuals as my hated highschool was while the other has probably been destroyed forever by some immature individual because his story on masturbation was rejected by the community.

I gotta go I've got a Physics test in an hour. I will say this though, if anyone wants to start another kuro5hin and needs an extra pair of hands mail me.

I can't believe this

[electricmonk]

What does anyone stand to gain by taking down K5? It's not like they make huge boasts about their security, or, god forbid, actually make money for what they do. Even trying to look from a cracker's point of view, I can't see where the thrill is. Honestly, go after more interesting and more evil targets, like eToys, or something like that.

Now that I think about it, the person(s) who did this seem a lot like school yard bullies, who have to pick on the weakest to make themselves feel better. It is very pathetic.

Cracker doesn't watch the Simpsons???

[/]

It was ten o'clock, and we went to watch The Simpsons. While we watched, the guy had just been spamming the server more. he started spamming about fifteen minutes after we went to watch The Simpsons. How could someone do this?

Damn right! Doesn't this cracker have any sense of cultural literacy? I bet he watches the Home Shopping Network for fun.

Re:Cracker doesn't watch the Simpsons???

[GrenDel+Fuego]

He could be in a different time zone. Simpsons might not be on for him yet

You're right. And I'll repeat myself again.

[bkosse]

WHERE IS YOUR EVIDENCE?

It's that simple. Where is your evidence that the Slashdot maintainers are behind, or in any way supportive, of the action of the script kiddie?

Re:About using *so* many cracked boxes...

[davidu]

All the boxes used were cracked...gotta contact the owners of those boxes who are prolly cowering in fear right now.
-Davidu

Re:Irony

[TheReverand]

Well I'm not talking about dos type things. About 20 minutes ago I couldn't hit this story for about 10 minutes. My point is not that it goes down for extended periods of time, but it goes down for 10 minutes here, 10 minutes there. That's pretty aggravating.

Bear in mind that I am not trying to flame slashdot, obviously I like it or I wouldn't read it. But most of these problems I see in the middle of the night (eastern time2 or 3 am). You have to wonder then because you KNOW they aren't getting nearly as many hits as they are getting at 11 or 12 am. That's all. I do love /. and if I was a coder I would contribute, but I'm not so I suggest instead.

And true /. is not in the same league as Yahoo, but I consider it to be a lot larger than my friend from colleges site, and they have a LOT of money and major corporate backing.

Just my opinion mind you.

Marc

Re:About using *so* many cracked boxes...

[davidu]

All the boxes used were cracked...gotta contact the owners of those boxes who are prolly cowering in fear right now.
-Davidu

Damn

[delmoi]

Don't you people have a sense of humor anymore? christ.

We don't know how bad things are in north korea, but here are some pictures of hungry children. -- CNN

Re:Irony

[swb]

I have a fair amount of connection problems at work -- it's like somebody's rebooting the box, because it seems to come back with 5 minutes or so. I remember hearing that they were running a load-balancer in front. I wonder if either its flaking or they're screwing around behind the balancer and that's what's killing me..

God

[delmoi]

Get a life man; the guy was only floating a theory. I actually was entertained by reading it. If you don't like what he said, tell him why he's wrong. While his posts contained nothing but baseless conspiracy theories, yours contained nothing but insults.

And you don't see me hiding behind an AC name. Of course, I'm 12 hours late, but...

Re:Riiiight. Sure, don't mention who really did it

[delmoi]

You choose the stories at kuro5hin.org

hrm... not anymore...

Re:Irony

[Mawbid]

As I read your post I found myself thinking "What, is this guy new or something?" but apprently you're not :-)

Even Slashdot readers don't always evaluate a system (Slashdot, Gnome, whatever) based solely on its current quality as they perhaps should. They take into effect all the crap the system has given them in the past as well. I was doing that until I started thinking about your post and came to the conclusion that, yeah, Slashdot has been pretty stable lately. A little slow sometimes, as you say, but it's been a while since I've noticed any downtime. Also, people just seem to magnify problems in their heads. I've gotten a few bug reports like "Lots of problems with $feature, for instance $bug". I fix the bug and ask what other problems they were talking about. Usually there were none.
--

Enoch Root

[delmoi]

is now a troll.

We don't know how bad things are in north korea, but here are some pictures of hungry children. -- CNN

It's pretty obvious..

[drwiii]

but you can jump into the IRC chat on irc.kuro5hin.org, channel #kuro5hin. See you there!

/. sub queue

[KMSelf]

Of course, with /., we don't know what goes on in the sub queue, or if/when it's being attacked. It would be interesting to know about this, though there is the copycat problem associated with asking the question.

And I've got to say, /.'s been a great friend of K5 today, shout out to VA as well. Thanks, people. The world may not be perfect, but parts of it are excellent.

What part of "Gestalt" don't you understand?
Scope out Kuro5hin

Irony

[TheReverand]

This may be a little offtopic, but does anyone see the irony here? /. is probably one of the most unreliable sites around and yet here they go posting this *disclaimer* I know they aren't poking fun at kuro5hin.

But here's how I see it, /. is on hardcore equipment, and pays people to run it. If I ran a server (NT jokes aside) that was this unreliable I would be fired in about a week.

How about the odd story that at least tells us what is going on. Just throw something in the quickies like Hey we had some problems due to a mySQL misconfig, here's what happened and why. Not only would this satisfy a lot of us /bitchers, but it may provide a learning experience for all of us using similar tools.

Re:Irony

[Sedennial]

Well I work for an ISP in Washington state, and I have /. open from the time I get to work till whenever I go home. I have it open at home as well much of the time. And while I'm 13 hops from the /. server I can only recall once or twice since the upgrade and move to exodus that I've had any problem reaching them at all.

Re:Irony

[Chris+Burke]

Bleh.

Ya know, people talk about how unreliable /. is, but I just don't see it. Slow, sure. But unreliable? I can't recal a time in recent memory where I wasn't able to get to it (except when the damn proxy at work was down). Maybe I just try often enough - I only reload /. every 15-20 minutes at work, and not at all while asleep.

The way I figure it, no site posted on /. can get a worse /.'ing that /. itself. Everyone that hits a link on /. had to have hit /. front page, and then add in all the people grabbing older articles or posting penis birds, and that's a lot of traffic all at once. But outside of the heavy-hitter sites to whom a /.'ing is just a tiny blip in traffic, like Yahoo and C-Net, /. remains more responive than the sites it links to.

Unless I'm wrong.

Re:Irony

[cwhicks]

Maybe it's your connection or where you are. Except for the DOS a few months back, I have never failed to connect once to /. in the past year. There are slowdowns of maybe 10 second pauses to load, but thats it. Now back 2 years ago is a differenct story.

Re:Irony

[Chris+Burke]

Right, I'm with ya. I'm not accusing anyone of bitching or slamming /.. My point is just that I hear people talking about it, but I never see it. Whenever I hit /., there it is. Sometimes it stalls for a while, but the page comes up eventually.

I wonder... I don't normally hit /. after 1-2 eastern, since by then I've either found something to occupy myself until the wee-hours or I'm contemplating sleep.

I'm a coder, but I readily admit I'm to lazy to take on /. code as a project. Plus, I don't have any problems with it. ^_^

Re:Kuro5hin - what Slashdot could do to help

[elandal]

One problem with not allowing free webmail addresses is that not everyone has a real email address. And even those who do might not always be able to read email to that address (damn hardware) even though they might have usable web connection.

Eg. in Finland You can use computers at libraries for net connection. And use hotmail or whatever for email. Not everyone has internet connection at home or at work. And these people may very well be excellent participants in public and semi-public forums.

Also, it's easy to get email addresses. Just register a domain (any domain) and have them forward all email to anything@your.domain to you@hotmail.com or whatever.
Or use a less well known free email system.

Re:What we really want to know

[delmoi]

corrosion.



We don't know how bad things are in north korea, but here are some pictures of hungry children. -- CNN

My mind is made up

[delmoi]

What did kevin take down?

Re:Y'all betta listen up!

[Otter]

Um, do you have a cite for this? I've scoured every resource I can lay my hands on, and I can't find a whisper about any such incident. Could you favor us with a reference, please?

New York Times, June 17, 2000 by John Tierney. Sorry, but I didn't feel like dropping $2.50 to get the article for you :-)

I'm betting that there was more involved than a little following and filming.

My impression is that there was a lot of following and filming. I might have gotten a restraining order. But if you make a living stalking people with cameras, it seems to me you ought to be able to take it. The reporter interviewed the female staffers who were allegedly endangered and they said the guy was harmless.

As far as the other responses:
Umm. I don't think Ben Franklin ever held an elected position. Then again, Dubya hasn't either.

I know Ben Franklin is famous for unelected positions (postmaster, ambassador). I believe he was elected to the Continental Congress, though. Even if I'm wrong, I think the Dubya asertion makes us even.

And an obnoxious AC also raises the Franklin issue, plus
"Voting" means something. Your vote means nothing.

Of course my vote means something. It means the same as everyone else's vote. Those 40 million votes you're so upset about are 40 million individuals whose "vote means nothing."
That's what so got under my skin in the first place. Moore has complete contempt for democracy and diversity of opinion. People who don't vote are heroes and then if they vote for Ralph Nader, they're Molotov cocktails! KABOOM! But anyone who votes for Moore he doesn't like is either a sheep or whore.

History

[FJ!!]

Why did we think public-comment websites would be substantially different from Usenet? The only real social diff here is that Usenet has a much bigger group of volunteers trying to keep it working (cancelbots, etc.). It seems like the experiments in trust-based submission networks haven't given use the best answer yet.

I feel really bad for Kuri5hin. But as a denizen of one of the hotter parts of Usenet for the last decade, it is all eerily familiar, and in these web-spaces there are no killfiles to adjust.

Re:This sad incident only reinforces one thing...

[delmoi]

Unless some of you sniveling cowards can prove me wrong, and tell me why Anonymous Cowards should remain.

Here you go

We don't know how bad things are in north korea, but here are some pictures of hungry children. -- CNN

Re:This sad incident only reinforces one thing...

[nnet]

"REMOVE ANONYMOUS ACCESS

The only people who use anonymous features both on K5 and /. are what /. calls them, cowards. All anonymous cowards here have nothing important to say...unless they're trolling or flaming....."

Interesting...its been mentioned here in other articles about how people need to take responsibility for their actions online, much the same as in real life. I personally think ACs should *not* have a voice, I mean lets get real here, the Internet may be *mostly* American, but it is not *completely* American. Applying American values/morals/Constitutional dribble to a global community is short sighted, not to mention Ameri-centric. Guess what, America is *not* the center of the world, contrary to popular belief. With that said, I submit to the Slashdot Management: remove the AC access. Its not about "Free Speech", its about taking responsibility for ones self online. If a person has something to say, they can say it as an identified person. This would not only cut down on the number of trolls, but would raise the IQ level of the comments in general.

I'm not saying there shouldn't be AC-type speech online in general, there are newsgroups, and other forums, where anonymous posts are preferred for both security and personal issues, usually but not limited to, recovery from some type of traumatic experience. Slashdot is not one of these forums.

Once again, I implore the Slashdot Management to drop AC access.

Good for them...

[tunesmith]

And good for slashdot for rallying behind them. I guess that shows that in order for mass moderation to work on Anonymous users, the readership has to be a few orders of magnitude more active than any script kiddie poster. Taking away anonymous posting probably is the best way to deal with it for now.

It really is complicated to think about the best methods of moderation compared to traffic levels. I've got a creative writing site that makes group-created cyoa books - right now it's low-traffic enough that I don't need any of these techniques, but I've thought a lot about how to increase it with popularity. The best idea I've had so far is a sort of clustering approach where people vouch for each other - popularity combined with there being an "in" crowd - but that feels a bit complicated to implement for someone who doesn't have a CS degree like myself.

Looking forward to next month when they come live again...

tune

Re:Y'all betta listen up!

[Otter]

Errr...make that: But anyone who votes for someone Moore doesn't like is either a sheep or whore.

Is slash vulnerable to the same thing?

[ragnar!]

If slash is guarded against these kinds of attacks, maybe they could implement some of the same kind of protection mechanisms, such as not allowing posts from the same IP closer than 60 seconds apart. Maybe slash should describe all the safeguards, so that other non-slash based sites can similarly protect themselves.

Breakfast Cereal Contamination Alert!
Read this if you or your kids eat General Mills breakfast cereal.

Re:Is slash vulnerable to the same thing?

[DaveHowe]

The problem with the IP mechanism is that a lot of corporate sites spoof outbound connections so that they look to be coming from a single IP address (either to hide the 192.168 addresses they use internally as required, or just to prevent hackers from getting a picture of the size and layout of their internal networks. Because of this, there have been times when /. has been used by several of us geeks at this site at the one time, and we can have a situation where you just have to keep retrying for several minutes while we contend for one-minute slots.
--

Re:Open letter to Rusty

[fm6]

Deven scoped it out. Open an account at paypal.com ($5 bonus for new users!) and have money sent to rusty@intes.net. You can pay with a credit card or have money transferred from your bank account (slower).

Re:Kuro5hin - what Slashdot could do to help

[Metrol]

Even if anonymous submissions were removed, you'd still have the problem of people registering accounts and posting flames, spam, or what have you. This tends to be fairly common now, so I don't imagine it'll do anything but increase.

Not at all true. Other web based forums rely upon a valid E-Mail address that the user must be able to reply from in order to register. One that I know of that remains quite busy has the additional restriction of not allowing you to use free services, such as hotmail or yahoo. With such a system in place, you can actually make those bans stick.

True, even in this case there are ways to get around the system, but it requires a lot more work for the average spammer.

Re:Kuro5hin - what Slashdot could do to help

[Rombuu]

ACs are very important to discussions. There are several times ACs have made insightful and informative posts that they wouldn't have otherwise made because they didn't want to reveal their identity, suffer the potential damage to karma, etc.

Bullshit. Someone posts this lame excuse every time the topic comes up. Come on, go through the exstensive /. archives and find 5 examples of posts that fit those criteria. You know what? You can't becuase they don't exist. ACs are for trolls and the disruptive.

Re:Irony -- What makes you think it's down?

[swb]

Who does exodus peer with in Chicago? Their map just says "public peering point" (which I'd assume is the Chicago NAP) and two private interconnects. My ISP, Onvoy, peers with Sprint, UUNet, Above, C&W, BBN-GTE yet my traffic to /. goes to Chi and NYC on Sprint before it hands off to Exodus. Maybe I could shave 2 seconds off of reload times if they peered in Chicago...

Not trying to be flaimbate...

[kwsNI]

No offense Jon, but you work for /. Shouldn't it be "We will..." or even "I will...".

Of all people, I wouldn't expect you to be one to say: We should do something. If there's anything that's consistent in your articles, it's that you advocate action, even if what you don't succeed. You've always been one to stand up and do something if you believe in it. I'm pretty disappointed...

kwsNI

Re:Not trying to be flaimbate...

[Sly+Mongoose]

I think you are being too harsh.

JK said "We should..." and I took the we to mean the entire internet community. If he had said "I intend to do X, my collegues have promised to do the same, and I think that we should all consider such an action" I don't think you would have found much to complain about - unless you just like to bash JK.

Re:Open letter to Rusty

[Wellspring]

Hey, we're a community, right? And aren't community members supposed to help each other out in times of need?

Absolutely. This is what we need to be seeing. I am personally going through some pretty tough times, and it has been the support and assistance of my friends and my community which brought me through it. I am not a K5 reader, but it made my blood boil to hear about how someone tore them down.

I'm especially impressed that VA Linux is donating machinery to help. This is a time when we have to help one another out. So that, a year from now, the script kiddie is in jail or paying off a fine, while K5 is as strong as ever.

Blogs and discussion sites give people tremendous freedom. But things like this are a reminder that unless exercised responsibly, freedom is short lived. Sites which are constantly abused end up, if they survive at all, locked down, restricted and paranoid.

Re:Open letter to Rusty

[kuro5hin]

Hey-- I'm trying to work through the email, but it may be a day or so. I think I did get to this one though, you may not have gotten the reply yet.

Anyway, for all those who can't wait, basically, I appreciate all your support a whole lot. A bunch of people have offered various things, from hardware to bandwidth to security services, and they are all appreciated. I'm just trying to get on top of the whole situation right now, but I will get back to everyone who wrote. This community rocks, and is the reason I'm "bitter and hopeful" now rather than bitter and depressed. Thanks all.

--

Re:Kuro5hin - what Slashdot could do to help

[hurstdog]

k5 and /. were never enemies. Its some sort of rumor. Don't spread it any more. /. has given tons of help in getting k5 back up and running, by donating servers and expertise. So /. is a great help. Don't say that there is some feud or that they hate us. they don't.

Re:About using *so* many cracked boxes...

[PotatoNO]

The IPs are likely spoofed. Isn't the MAC address also in an IP header? Is that spoofable?

That sucks

[bonch]

That sucks. I liked Kuro5hin. What's weird is www.np2k.com, a Natalie Portman fan site, was being smurfed hardcore yesterday.

TM ain't everything

[KMSelf]

What pains me is that the Three Big Weblogs (TBW) have portions of the solution. Slashdot has filtering tools. K5 has a good moderation system. Advogato has a good membership vetting system. However, the pieces need to be put together. Having them on seperate systems doesn't quite cut it.

What part of "Gestalt" don't you understand?
Scope out Kuro5hin

webhosting farm?

[mikej]

I'm highly interested in knowing the name of the webhosting farm from which this attack came.

Re:Kuro5hin - what Slashdot could do to help

[Rombuu]

Actually if /. is going to emulate K5 they should start by banning ACs.

Re:Riiiight. Sure, don't mention who really did it

[kuro5hin]

Here: roblimo actually ordered Inoshiro a pizza, bacuse he hasn't eaten yet today. Roblimo's in MD, Inoshiro's in Canada. That, I think, is above and beyond the call of duty. The conspiracy theory is not true, no other discussion is necessary.

--

More of a joke people don't get.

[bkosse]

It's like how good friends mock each other and pick on each other, etc. K5 and /. do that. K5 constantly puts up things like "at a certain other discussion site" and so forth.

Re:More of a joke people don't get.

[Wah]

K5 constantly puts up things like "at a certain other discussion site" and so forth.

I think it was (un)officially TOS (that other site), but it was firmly tounge through cheek. No animosity that I noticed, ever.

I liked the story moderation, even though I got voted down a couple times.

The last I saw there were several stories with nearly 100 posts. I remember that being a rarity on /., and not too long ago.

--

Gee.... Perhaps had he answered the first time.

[bkosse]

There wouldn't have been the need to insult.

He bitches about the "discussion" quality here, yet does exactly the thing he's bitching about.

It was a simple question, and a flame in kind to the insults he was flinging directly at Rob and the /. crew, to which he never replied. The reasonable implication is that he knows it's baseless and posted strictly to impunge /. and its operators.

Where's your evidence slashdot is involved?

[bkosse]

How hard can that be to answer?

You're casting unsupported accusations around. Where's your proof? Can I get any clearer?

Re:A/L

[Meenky]

Their box wasn't cracked it was a DOS attack, neither MS or A/L have an advantage.

Why I posted this...

[Carnage4Life]

My bad, wasn't trying to offend. When I originally posted this there were several highly moderated posts that were playing up the slashdot vs kuro5hin angle. Such as this one, this one and this one.

Since they've all been moderated down, my post seems weird out of context. There were also several sub-level posts that played this angle up but I don't have time to find links to all of them. Frankly, several people on K5 do try to play up the Slashdot vs. kuro5hin angle more than you do I simply remembered your name and that of fluffy grue. Probably because you both troll or have trolled slashdot.

PS: I like Jon Erikkson, keep it up.

Sorry for ya

[Dysan2k]

Hell. I hate to see this done to ANY site. Working for hosting facilities for some time, I know what it's like to have these kiddies pull this kind of a stunt. First off, it is a Federal offense to do some bone-headed stunt like DOS or DDOS attacks. Secondly, they have NO idea what it's like as an admin to have to deal with this kind of stunt.

How many of you out there have records? You know EXACTLY how hard it is to get a technical job with one! It's one of those cases where it'd just be better to smoke crack and shoot a little china...

Re:I got a solution

[11223]

Well, I never thought I'd resort to saying something like this, but here goes:

You, signal 11, are a total dipshit. Why do the cracked boxes need more cracking? Why does the poor server farm need to be abused anymore? Post the IP's of the cracker, not the cracked boxes.

Re:Response to all the childish conspiracy theoris

[photozz]

Jesus dude,... Take it for what it is. I'm still kinda new here, but there seems to be a long-standing tradition of engaging in wild conspiracy mumbo-jumbo, and about 5% of it is actually serious "Frankly this entire affair has deeply shaken my faith in human nature." If you are getting your faith in human nature from a message board, you need to get out, meet some real live human beings and get some sun. This is not meant as an attack, or the start of a flame war, but sometimes people take these things a little too seriously. Natalie Portman sucks.

Re:Glasscode/Half-Empty

[oxygenated]

Unfortunately, it takes more than great code to make a great site. You could have perfect code, incredible features, but if you don't have an active audience and interesting content, your site *will* fail.

I am in an opposite position than you are; I have an audience, I have content, I have a server that can work for the time being, but I have no code. And most of all I lack the experience to prevent attacks like this one on k5 from happening to my site or even the knowledge of what to do if my site were to be attacked. Thus it is a liability for me to put up a site like k5.

I've gone on too long on this tangent, but let me reiterate that it takes both sides of the equation to make a site really work.

OFFTOPIC: The Forever War

[georgeha]

I disagree with you on The Forever War being the best '70's science fiction ever written. Have you read Brunner's Schockwave Rider?

Thanks,

George

Another one (better?)

[Kickasso]

Cold and empty place
Where kuro5hin used to be.
Fuck you, skr1pt k1ddi3z.
(Can one say fuck in haiku? I hope so...)
--

That's not really the idea

[Dacta]

The idea is more to put the fear of being caught into the mind of the troll.

I'm really, really serious about the reward. I will pay it, and I will consider paying some/most of it for any infomation leading to getting him at least kicked of his ISP.

Open letter to Rusty

[B-Rad]

I sent this email to Rusty earlier today. I haven't received a reply as of yet, which isn't surprising considering everything that's going on.

"Howdy. I've been reading k5 for a few months now, and I was really getting to enjoy it. Not just the site, but the community of people that read and posted there. Needless to say, I was saddened to find that k5 has been brought down by script kiddies. I'd like to do something to help, but I probably can't offer anything in the way of coding skills that you guys don't already have. Thus, I was wondering if I'd be able to send you guys some sort of monetary donations, to be put towards higher-end hardware or better net connectivity or whatever. The only other person I've talked to about this is interested in donating as well.

Hey, we're a community, right? And aren't community members supposed to help each other out in times of need?"

Re:Open letter to Rusty

[aphrael]

Makes sense --- i'm *not* sure that I would want to post that in public right now, tho, as it could make *him* a victim of spam. :(

Oh alright

[Jon+Erikson]

... it's just that my name seems to have been eternally linked to the concept of Trolling on /. even though spiralx is not a troll account - that's what this is for :)

I don't think anyone really thinks /. and k5 are at war - all three posts you linked were trolls. And I hope k5 gets back up since it was definitely getting some interesting stories recently and I was getting more into reading it.

---
Jon E. Erikson

Slashdot next?

[RPoet]

This pisses me off. Thanks to these 31337ers, I now have to go a whole month with no kuro5hin. What's sadder, is that kuro5hin is now getting so much publicity that it'll probably turn into another Slashdot, with firstposters, natalies and penis birds.

On a related note, what's up with Slashdot tonight, it seems slower than ever... Hello, am I reaching?
--

Re:About using *so* many cracked boxes...

[Wah]

What makes this interesting is that the spammer will be in much greater legal peril for compromising so many machines than anything related to the actual spam.

so it seems that the spammer was either very good or very stupid. I'd guess good, but, whatever. Either way, he was pissed, and angry people make more mistakes.

Good luck finding the guy, I'm curious to see what comes of this. I dunno if they've contacted the feds, but I'm sure they're curious anyway.

--

Confused by typos?

[jetpack]

In case you are a bit confused at this point, Dylan Griffiths' K5 nick is "Inoshiro", not "Iroshiro". Sorry, Emet. Erm, I mean, Emmett :)

I wish I had moderator points.

[bkosse]

That deserves troll-ness immediately.

Let's see, Malda and Rusty are having discussions about fixing it, VA (owners of Andover and Slashdot) is donating hardware, and the reason they don't have the dorks (you used "penis bird") like you posting is because you shits didn't care to go fuck it up, *YET*.

Oh, given time, you'd get over there and post crap, like the message to which I'm replying, but you hadn't, yet.

Are you just bitter that Malda did Slashdot and you didn't get in on it?

Re:Irony (OT)

[Wah]

I've notice that refresh seems to work. Its been mainly over the last couple weeks. Everything seems to stall and a reload gets it right quick (lightmode, highest, nested, with -1 banished from sight).
--

I just donated $20 to Rusty; how about you?

[Deven]

[Note: I also posted this in the other story.]

I sent a $20 donation to Rusty Foster (Kuro5hin.org's founder) with PayPal using the rusty@intes.net address listed in the WHOIS servers as he contact for kuro5hin.org. He has replied to me in email, so I know he received it. (He replied from rusty@kuroshin.org, which I almost used in the first place.)

Here's the message I included along with the money:

I'm very sad to see that "the bastards got you down". Kuro5hin.org was an interesting site that was just starting to take off. I had dozens of stories in my hotlist that I hadn't even had a chance to read yet. I do hope this shutdown is temporary; it was a good site. (I don't suppose you can put it up in a readonly mode for registered users to view old material?)

I understand the frustration of dealing with assholes on a volunteer basis; I don't think anyone can fault you for shutting the site down. Still, I think it provided a valuable service to the community, and I think this situation is quite unfair to you. That's why I decided to send you this unsolicited $20 donation for Kuro5hin.org in appreciation for all your hard work. Whether or not you ever revive Kuro5hin.org, keep the money; you've earned it. (Use it to go see a good movie or something!)

Take a break for a few days or weeks; it sounds like you need it. Then, consider if there's a way to bring it back, in a form less vulnerable to abuse. Perhaps anonymous ID's (with waiting periods before posting) and/or "sponsorship" by existing users might help somewhat; I don't know. Maybe just leaving the site down for a week or two will bore the current attackers into going someplace else.

It sure would be nice to return to the spirit of cooperation that Usenet News had 20 years ago. Unfortunately, it's not clear how that's possible given the rampant wave of immature script kiddies ruining everything they can...

Anyone else care to join me, and show that their all-volunteer efforts really are appreciated?

Anonymous Twits

[TOTKChief]

Somewhere, some little spineless geek is laughing. He (I can't imagine a female being such a pain, even among the list of ex-girlfriends of mine) is probably even reading /. to see how well he is doing. He is trying to figure out who he can piss off next.

People like these are the reasons LART's were invented, no? As I tell my friends who do sysadmin work, at any time, I can be a walking, talking, 6'-0", 290 lb. LART.

The sound you are hearing is cracking knuckles . . . not the cracking of vertebrae. Nahhhhh . . . it would just be fun to scare the ever-loving heck out of the guy.

--
<><

animosity

[wishus]

i don't understand animosity of this sort against k5. as the k5 guys said, it really proves nothing to take down k5.. the scoop software is written with the assumption that the community will make the site what it wants too, and so it allows the things that were exploited. it would be different, though no less moral, if the attackers were exploiting some bug in the software.. but they weren't.. it is just destruction for the sake of destruction.. and if your going to destroy like that, there are many better places to do it.

flood ebay with crappy auctions.. flood amazon with fake orders.. flood hotmail with fake accounts sending gigs of email to each other... i'm not advocating these things, but if you're going to do destruction for destruction's sake, pick something better than k5.

wish
---

Re: Slashdot should be censored.

[Claudius]

Slashdot for one, need to make a clear definition as to whats right and whats wrong.

Are you volunteering to lead this crew of Thought Police? What criteria do you propose we use to excise subversive posts--shall we use strict legality according to current U.S. law? What about the international audiences /. and k5 enjoy? What about unjust laws? What about ambiguous areas of law? Do you really believe that ideas in a discussion forum should be censored solely because they do not fit with your definition of right and wrong?

Part of the charm of Slashdot and k5 is that these sites don't discriminate among its posters' ideas beyond the moderation imposed by its own readers. For example, if you are on the side of the RIAA in the Napster debate (and many /.ers are), then nobody will stop you from posting pro-RIAA essays. In fact, if your post is thoughtful and interesting many moderators will moderate you up if only to stimulate an interesting discussion. Most of us who read /. and k5 are quite capable of making moral and ethical decisions for ourselves and we are in little need of sanctimonious censors.

Speaking of /. as a single entity with a single voice is inaccurate. A better characterization is one of a community of people with a shared interest in a collection of related topics. While many attitudes are shared by a plurality or even a majority of /.ers ("Microsoft sucks," "The Matrix was a fun, if silly, movie," "Jon Katz makes up too many new words."), opposing opinions can always be found within the Slashdot community. (Well, perhaps not with the Jon Katz word-coining issue).

Most of the times, we are so hard to identify whats right or wrong.

That's because most of the time one cannot so narrowly determine the "rightness" of a given idea. Privacy is both right and wrong depending on circumstance and the value system of the one assessing its rightness. Copying software or music is both right and wrong--even the strict U.S. legal definition of "fair use" is a gray area. In fact, the continued existence of nuclear weapons is both right and wrong. (Is keeping an arsenal of weapons of mass destruction necessarily "wrong" if the weapons are never used, if total war is prevented by MAD, and if much human suffering is thereby circumvented?) In my mind the most interesting discussions are those where moral ambiguity arises. If I want someone else to make all these decisions for me, then I can just tune in to Rush Limbaugh.

Re:Glasscode/Half-Empty

[nebby]

If the users make the content, then how can it not be interesting? :) (BTW - it's 10,000 lines. I am a moron)

I disagree.

[kwsNI]

OK, I don't think that's the best idea. All of these machines being used are cracked machines. DoSing them or whatever isn't going to solve the problem because the cracker will just crack different machines.

Now, poor security shouldn't be tolerated but I'm not going to DoS someone because they were cracked. The only thing those sys admins should get is an e-mail telling them they've been owned.

kwsNI

No. It's not.

[bkosse]

It's an honest question and your unwillingness to answer it says just how much of a liar and a mud-slinger you are. You have no proof /. is involved and yet you claim they are behind the K5 attacks. WHERE *IS* YOUR PROOF?

DDoS attacks maybe?

[Carnage4Life]

But here's how I see it, /. is on hardcore equipment, and pays people to run it. If I ran a server (NT jokes aside) that was this unreliable I would be fired in about a week.
How about the odd story that at least tells us what is going on.

Could it be because slashdot is tired of calling attention to the myriad DDoS attacks they get weekly?

When rusty first mentioned the DDoS attacks on kuro5hin, a lot of us suggested not giving the spammer coverage so as not to feed his ego, because we 'd seen how that made slashdot more of a target. I guess we were wrong and that didn't help. Of course, rusty and Inoshiro threatening to contact the law may have also pushed the spammer over the edge.

Probably from another timezone

[roystgnr]

I know, you're thinking, "but Fox shows Simpsons reruns every hour where I come from", but some backwards affiliates have cut down to showing the Simpsons only 11 (or even as few as 6!) times per week.

So don't be silly; the cracker was probably working from another timezone where the Simpsons had already ended or hadn't yet begun. I mean, just because he's an immature criminal vandal doesn't mean he's a complete monster!

Re:Y'all betta listen up!

[Scurrilous+Knave]

... you do know that when a disgruntled ex-worker followed Michael Moore around with a camera, your hero had him arrested for stalking, right?

Um, do you have a cite for this? I've scoured every resource I can lay my hands on, and I can't find a whisper about any such incident. Could you favor us with a reference, please? Answers containing the phrase "but I forget" don't count.

Note that I'm not saying it didn't happen, but given everything I know about Moore, if it did happen, I'm betting that there was more involved than a little following and filming. I'm willing to be proved wrong, however.

Re:Irony -- What makes you think it's down?

[Troy+Roberts]

Any one of the links between you and slashdot could be saturated and preventing you from speedy replies. I have on many occasition just let the browser spin on the link and eventually the page appears. You have made the supposition that everytime you can not access slashdot, that it is their fault. Sorry to tell you, but there is a lot of equipment between you and them. Any of which might be preventing you from accessing them.

Re:speaking of trolls

[Enoch+Root]

Fine, thanks.

About using *so* many cracked boxes...

[2nd+Post!]

Doesn't this leave an incredibly detailed 'IP' trail? I'm not a networking person, unfortunately, but once you have found, say, 10 cracked boxes, if you leave them 'on', can't you use them to trace? Of course it isn't simple, owing to scripts, and multiple levels of cracked boxes... but the more smoking guns, the more evidence, isn't it?

This entity also had to be doing it in pretty real time, since they could switch boxes so fast after being banned. Of course, perhaps there could be scripts to handle that too, I dunno. Anyone care to speak up?

Bye!

Re:About using *so* many cracked boxes...

[itachi]

Right, but at some point, in order to have a successful two-way communication, the spammer/cracker/whatever is going to have to be recieving packets back. Not for the spammed text to k5, but at least for a telnet/ssh session to the comprimised hosts to start up the perl script. What i really am saying is that at some point, they had shell on the comprimised host, and that IP can't be spoofed. Even if they use a bunch of comprimised hosts, maybe one in the middle that is just redirecting, somewhere there is an IP address that can be tracked back to a machine that they were using to do this. But like I said, it's tracking it all the way back that's the problem...

itachi

come back!

[enol]

I read both slashdot and kuro5hin. I never thought of them as enemies or whatever nonsense ppl have posted here. Finding Kuro5hin was an added bonus to my browsing experience (although I had -more- geek news to browse through == more time online)

I found that both sites often offered different news and opinions. Perhaps it was because of the self-posting nature of kuro5hin. whatever the reason, it was nice that there wasn't one but TWO main news sites for me. That's also the point of open source movement isn't it? to have choices and the ability to choose what you want, not only with programs but also web sites as well.

It was really depressing to find a black page notice instead of the regular familiar site. I do hope kuro5hin will be able to get back on its feet again. Cheers

enol/keto

(OT) Anyone noticed Cryptome is down too?

[Drestin]

No one I know can reach John Young or jya.com anymore - right after the new release and FBI warning to him not to publish (or keep published) the posting about the japanese secret service. Wonder if he's had "an accident."

people suck, plain and simple

[happystink]

I've gone through something like this. The problem with running small community-minded websites is that there is always eventually someone who emotionally invests themselves in it enough that when they get disgruntled they will spend a lot of time to destroy the site. One user trying to hurt Ebay will cause a small amount of damage but the same user can make a HUGE impact on a smaller site.

Unfortunately too, the sites that are the most likely to be hit are ones where the creators and admins actually care about the site and pay attention to the community. Notice how noone talks about ZDNet discussion board trolls? It's cause noone cares, and the ZDNet people couldn't give a fuck if people trolled them or not.

I hate to sound bitter, but after seeing sites I have run suffer the same kind of sabotage as this I have to say it: people online are often inclined to be complete and utter assholes, and the only people it hurts are the ones who CAN be hurt because they care.

sig:

The problem with Usenet

[marlowe]

It was designed without abuse prevention in mind. All this anti-spam stuff for Usenet is after-the-fact kluges.

These discussion group sites give us chance to start over and do it better. Remember Fred Brooks' theory of the second system. It would be only a slight exaggeration to say that Usenet is a throwaway implementation.

Judging from the results, Kuro5hin also needs some work. I really liked the features, but robustness in a hostile environment is obviously lacking.

Re:talking to people in the channel

[MOMOCROME]

hi mr. chaos I signed your guestbook.

before you have the eat attack, i did sign it from a windows machine. windows are the BEST!

-=(V)0(V)0cr0(V)3=-