Web Site Attacks Are On The Rise

← Back to Stories (view on slashdot.org)

Web Site Attacks Are On The Rise

Posted by CmdrTaco on Tuesday April 26, 2005 @04:48AM from the script-kiddies-under-every-rock dept.

Nicholas Roussos writes "According to recent numbers from 2004, website attacks are on the rise, and many of them are being performed by mischevious school kids. Some of their favorite targets include U.S. government and military websites."

7 of 281 comments (clear)

Min score:

Reason:

Sort:

Careful! by BWJones · 2005-04-26 04:50 · Score: 5, Interesting

I have certainly seen the number of attacks rising on our academic computing resources as well as my blog. Tracking IPs leads to lots of cable modems from Comcast and such which could be zombies, but given the lack of sophistication from those IPs, I have to wonder. Most of the attacks from these cable modem IPs are scripts directed at Windows vulnerabilities and buffer overflow attacks, but a few coming from Taiwan and Korea as well as some in the Balkans are fairly sophisticated that sometimes appear to come via compromised computers from other universities for example. Depending upon how sophisticated they are, I have reported some of them to Federal authorities who have the resources to subpoena logs and go after folks intruding into Federal resources. Interestingly others have also recently reported intrusions followed by blackmail which are likely not the domain of script kiddies. Certainly, comedy aside, one wonders if many of these kids have any idea of what they could actually be dealing with. Back in 1982 (we were 12), all that happened to us after hacking into government computers was my friend Lance getting his Apple ][+ confiscated followed by a job offer 9 years later from the same folks who confiscated his computer back in 1982. Now however, hacking into even an educational system could net you serious Federal penalties depending upon the system one hacks into. One admin friend of mine at a certain government lab is absolutely militant about this stuff. It has become her all consuming hobby to track these folks down and allocate whatever government resources she can muster to prosecute intruders into her systems. Woe be unto those that intrude into one of Melissa's systems.

--
Visit Jonesblog and say hello.
1. Re:Careful! by stiggle · 2005-04-26 05:45 · Score: 2, Interesting
  
  ISP could become more responsible and by DEFAULT restrict certain ports and services, unless specifically requested by the user.
  
  Grannie Jones doesn't need to run an IRC server (or any other server) on her home PC which she uses to collect emailed pics of the kids on.
  
  At the moment ISP are Windows with everything open and enabled by default. They should be more like OpenBSD with everything closed by default and opened up by the user requesting the services.
No surprises there, then by davidmcw · 2005-04-26 04:53 · Score: 5, Interesting

We have an, unpublicised tech support website for our company use only. On looking at the weblogs, it looks like 80-90% of all traffic is attempted hacks. We even went as far as contacting the ISP of one particularly keen individual, they, of course, weren't in the slightest bit interested.

--
Just because your paranoid doesn't really mean they aren't out to get you
1. Re:No surprises there, then by TerminaMorte · 2005-04-26 04:59 · Score: 2, Interesting
  
  This is a major problem.
  
  ISPs don't want to take responsibility. Well, that's not fair. Local/small ISPs are very good at this, while large ISPs don't seem to care what their users are doing.
  
  I have reported a few people myself; hell, I tracked down one to an old address (they had moved a week before), but the ISP was not willing to do any work.
  
  There needs to be some owning up by these ISPs. I'd also love to see some harsher penalties. Some of these 15 year old kids deserve to go to pound-me-in-the-ass prision.
2. Re:No surprises there, then by Handpaper · 2005-04-26 08:33 · Score: 2, Interesting
  
  I don't have a website. I don't run a public server. I do have an old PII box running sshd and proftpd for the use of myself (remote config) and my family/friends (ftp more convenient than email for some things).
  I also have about 20MB per month worth of /var/log/messages (yes, all but today and yesterday are gzipped), which mainly look like this:
  Apr 25 15:30:08 localhost sshd[14642]: Connection from 209.58.101.239 port 47961
  Apr 25 15:30:10 localhost sshd[14642]: User ftp not allowed because not listed in AllowUsers
  Apr 25 15:30:14 localhost sshd[14644]: Connection from 209.58.101.239 port 48215
  Apr 25 15:30:16 localhost sshd[14644]: User nobody not allowed because not listed in AllowUsers
  Apr 25 15:30:16 localhost sshd[14646]: Connection from 209.58.101.239 port 48747
  Apr 25 15:30:19 localhost sshd[14646]: Illegal user www from 209.58.101.239
  Apr 25 15:30:20 localhost sshd[14648]: Connection from 209.58.101.239 port 49106
  Apr 25 15:30:21 localhost sshd[14648]: User apache not allowed because not listed in AllowUsers
  Apr 25 15:30:24 localhost sshd[14650]: Connection from 209.58.101.239 port 49464
  Apr 25 15:30:26 localhost sshd[14650]: Illegal user cyrus from 209.58.101.239
  Apr 25 15:30:28 localhost sshd[14652]: Connection from 209.58.101.239 port 49825
  Apr 25 15:30:31 localhost sshd[14652]: Illegal user mysql from 209.58.101.239
  Apr 25 15:30:32 localhost sshd[14654]: Connection from 209.58.101.239 port 50285
  Apr 25 15:30:39 localhost sshd[14654]: Illegal user testuser from 209.58.101.239
  Apr 25 15:30:40 localhost sshd[14656]: Connection from 209.58.101.239 port 51054
  Apr 25 15:30:44 localhost sshd[14656]: Illegal user postgres from 209.58.101.239
  Similar entries exist in /var/log/ftplog, which isn't automatically compressed and archived, and tends to get checked and deleted when it gets to c.50MB
  Aside from scrolling my pid counter and wasting a small amount of bandwidth, the bastards haven't done anything noticeable yet, but I can't help feeling that it would be better if they were to just stop.
Schoolboys? by forum__32 · 2005-04-26 04:57 · Score: 2, Interesting

I think that comment is a little misleading...How many 15-16yr olds do you know with a policatal opinion like being called schoolboys?
Then was Then, Now is Now by ackthpt · 2005-04-26 05:11 · Score: 3, Interesting

one wonders if many of these kids have any idea of what they could actually be dealing with. Back in 1982 (we were 12), all that happened to us after hacking into government computers was my friend Lance getting his Apple ][+ confiscated followed by a job offer 9 years later from the same folks who confiscated his computer back in 1982. Now however, hacking into even an educational system could net you serious Federal penalties depending upon the system one hacks into.
Indeed, some good fodder for movies back then, but a slap on the wrist. What behavioural change might one expect if some existing statutes were pulled into effect, such as child endangerment, contributing to the deliquency of a minor, etc, where parents don't keep up with what their kids have been doing on the computer?
Seems entirely reasonable that at some point someone will drag the kid away from the parents/home to be placed in some child welfare state. Legal experts opinions welcome.

--

A feeling of having made the same mistake before: Deja Foobar