Slashdot Mirror
Spamhaus Under DDoS Over Wikileaks.info
achowe writes "Steve Linford of Spamhaus sent this to a private anti-spam list and asked that the message get out far and wide: 'For speaking out about the crime gangs located at the wikileaks.info mirror IP, Spamhaus is now under ddos by AnonOps. As our site cannot be reached now [actually sporadic], we can not continue to warn Wikileaks users not to load things from the Heihachi IP. ... AnonOps did not like our article update, here is what we said and what brought the ddos on us.'" At the conclusion of this message: "Spamhaus continues to warn Wikileaks readers to make sure they are viewing and downloading documents only from an official Wikileaks mirror site. We’re not saying 'don’t go to Wikileaks' we’re saying 'Use the wikileaks.ch server instead.'" Here is Spamhaus's full warning.
I'm beginning to wonder if AnonOps/Anonymous is a false flag operation. They seem to be doing more harm than help to Wikileaks. Their targeting is inept (they previously targeted the wrong DNS provider), their timing is inept, and Wikileaks doesn't need them to stay on line.
The supposedly offcial twitter account at http://twitter.com/wikileaks seems to be a scam by the same folks. The wikileaks.org link there redirects to the .info domain, which is clearly a shoddy website (different layout, bunch of shoddy "mirrors" with the same IP address, etc).
Be warned.
now they're slashdotted, too.
I just asked anonops about it, they're not attacking spamhaus.
They have done nothing, not a single thing, to help and everything to hinder.
Gone!
When you have a large DDoS tool at your beck and call, who has time to bother with accuracy and trifling details like the truth? This is just further evidence that "anonymous" is some unemployed young adult.
The profile of anonymous becomes less and less one of sophistication and intelligence and more that of teenage angst and a limited understanding of technology daily.
#fuckbeta #iamslashdot #dicemustdie
Will they now start a DDoS on Slashdot?
The Tao of math: The numbers you can count are not the real numbers.
Use wikileaks.cn, right.
Nothing on 4chan except one post refering to this article asking as most of we are, WTF?
I think someone is using the Anon group identity to do something unrelated to the actual group/movement or whatever.
Those who can, do. Those who cannot, sue.
Oh, the irony!
From the Update 18 December
In addition to the LOIC and *OIC tools issued to dimwitted script kiddies to DDOS "enemies of Anon" with, AnonOps is now escalating its DDOS attacks using dedicated criminal botnets (botnets of illegally hijacked PCs), and now appears to be directing DDOS attacks not at "enemies of Wikileaks" but at "enemies of our criminal bosses".
There is palpable irony in a DDOS being used to prevent exposure of a probably-false Wikileaks mirror that could potentially harm Wikileaks and Wikileaks readers. We hope that AnonOps supporters appreciate the irony as much as we do.
What one fool can do, another can. (Ancient Simian Proverb)
I think they are just angry idiots with too much time on their hands. There's a reason why vigilantism is so frowned upon and force out in a civilized society: Vigilantes suck at justice. They shoot first, ask questions later. They are all about the Great Cause(tm) whatever that cause happens to be and don't do a good job thinking about any trouble they cause.
Now this is made even worse by the /b/tards because they are not very organized, operate with what they believe to be impunity, and are often kids.
So my bet is not a false flag op, just a bunch of dumbasses causing trouble. They've decided that Wikileaks will be their Great Cause(tm), until they get bored and find something else, and lash out at any perceived enemies of it without thinking about it.
In the case of it getting /.'ed or DOS'd (like TFA link to nanozen.info)
Wikileaks Mirror Malware Warning
2010-12-14 17:00 GMT, by Quentin Jenkins
On Monday Spamhaus became aware that the main Wikileaks website, wikileaks.org, was redirecting web traffic to a 3rd party mirror site, mirror.wikileaks.info. This new web site is hosted in a very dangerous "neighborhood", Webalta's 92.241.160.0/19 IP address space, a "blackhat" network which Spamhaus believes caters primarily to, or is under the control of, Russian cybercriminals.
Important: this warning is issued only for wikileaks.INFO, NOT Wikileaks itself or any other Wikileaks site. Wikileaks.info is NOT connected with Julian Assange or the Wikileaks organization. For a list of real Wikileaks mirror sites please go to wikileaks.ch
The Webalta 92.241.160.0/19 netblock has been listed on the Spamhaus Block List (SBL) since October 2008. Spamhaus regards the Russian Webalta host (also known as Wahome) as being "blackhat" - a known cybercrime host from whose IP space Spamhaus only sees malware/virus hosting, botnet C&Cs, phishing and other cybercriminal activities. These include routing traffic for Russian cybercriminals who use malware to infect the computers of thousands of Russian citizens.
The fact that recently some unknown person or persons decided to put a Wikileaks mirror on Webalta IP address 92.241.190.202 should raise an alarm; how was it placed there and by whom. Our concern is that any Wikileaks archive posted on a site that is hosted in Webalta space might be infected with malware. Since the main wikileaks.org website now transparently redirects visitors to mirror.wikileaks.info and thus directly into Webalta's controlled IP address space, there is substantial risk that any malware infection would spread widely.
Spamhaus also notes that the DNS for wikileaks.info is controlled by Webalta's even more blackhat webhosting reseller "heihachi.net", as evidenced by the DNS records for the domain:
wikileaks.info. 14400 IN A 92.241.190.202
wikileaks.info. 14400 IN NS ns2.heihachi.net.
wikileaks.info. 14400 IN NS ns1.heihachi.net.
Spamhaus has for over a year regarded Heihachi as an outfit run 'by criminals for criminals' in the same mould as the criminal Estdomains. The Panama-registered but Russian/German-run heihachi.net is highly involved in botnet command and control and the hosting of Russian cybercrime.
We also note that the content at mirror.wikileaks.info is rather unlike what's at the real Wikileaks mirrors which suggests that the wikileaks.info site may not be under the control of Wikileaks itself, but rather some other group. You can find the real site at wikileaks.ch, wikileaks.is, wikileaks.nl, and many other mirror sites around the world.
Spamhaus takes no political stand on the Wikileaks affair. We do have an interest in preventing spam and related types of internet abuse however and hope that the Wikileaks staff will quickly address the hosting issue to remove the possibility of cybercriminals using Wikileaks traffic for illicit purposes.
More information on the SBL listing of Webalta's 92.241.160.0/19 is here:
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL68370
Spamhaus is not alone in issuing this Wikileaks mirror malware caution. On Sunday researcher Feike Hacquebord at fellow anti-spam system Trend Micro issued a similar warning in the Trend Micro Malware Blog. (http://blog.trendmicro.com/wikileaks-in-a-dangerous-internet-neighborhood/)
the russian criminals are using the whole wikileaks/anonymous affair as a cover to attack one of their archenemies: spamhaus, while trying to paint spamhaus as the bad guys.
1) This DDoS attack does not seem to be originating from Anonymous but from AnonOps which is a cybergang-related IRC server and the DDoS seems to be originating from a real botnet of hijacked Windows computers, not LOIC.
2) Spamhaus warned about wikileaks.info which seems to be hosted by the same criminals and is posting false Wikileaks statements.
3) Wikileaks.org has been taken over by these criminals and is redirecting to http://mirror.wikileaks.info/ which is NOT sourcing from wikileaks.ch (and other mirrors like http://www.wlmirror.com/)
It seems to me the US Gov'mint has 'fixed' their Wikileaks problem by a campaign of misinformation and probably paid these Russian criminals to host the false Wikileaks site. It wouldn't surprise me if the wikileaks.info sites started to have certain damning documents disappear or specific ones infected just to track who's reading what.
Custom electronics and digital signage for your business: www.evcircuits.com
Anonymous is very weird to understand. It functions similar to a terrorist bloc (note I am not calling anyone a terrorist).
If I toss a bomb in the middle of a street and kill 50 people - and I write "Terrorist Group X was here" - who's to say it wasn't them? Or if say a terrorist group decides to take credit for the BP spill - who's to say its not?
Its impossible to work out whether it was anon or not. Its impossible to actually call 'anon' a group. Its just a bunch of people who - at will - decide to partake in DDOS attacks. Its not a collective body, its a number of individuals - and its stupid to think otherwise. If I'm in a group with 100 people, and someone says "Lets DDOS Bank of America", if I agree with it, I'll take part. If someone says "Lets DDOS Spamhaus", and I disagree, I won't take part. There's no real leader. Its all chaotic.
So enough with blaming anonymous for this ddos. For a start you have no proof. To continue, anon isn't a group - its a bunch of people following 'random' leaders, and the ranks change frequently depending on who feels like 'some lulz' that day, and who agrees or not.
In fact how do you determine an action as being done by Anon? Done by the 'leader' ? No real leader. Done by a large amount of the group? Not a very good measure.
If I succeed in telling (say) 50% of anonymous that attacking this site is for their better - then will 'anonymous' be attacking the site? Does it matter?
Summary: Anonymous isn't a rigid structure with leaders, anonymous is an amount of individuals who individually follow a leader at that point in time because they agree with that leader at that point.
Spamhaus seems to be pretty quick in assuming that wikileaks.info is malicious.
Apparently the site is hosted by a Russian company known to host malware and phishing sites. But how does this prove anything? They might as well be ordinary customers of a webhoster who doesn't take sites down easily.
Somebody who won't take malware sites down probably won't bow to political pressure to take down a Wikileaks mirror - or so they hope. "Outlaws" of whatever kind have a very reasonable interest in common: to evade prosecution and punishment. Whether you're stealing credit card numbers or publishing government/corporate secrets doesn't matter in this context.
Proud member of the Ferengi Socialist Party.
"Anonymous" can be the CIA trying also to discredit the other Anonymous ......
Excuse me for asking, maybe I'm the teenage dumbass here, but where is the proof that AnonOps is actually behind the DDoS currently aimed at Spamhaus? And why are there so many here bashing at AnonOps without asking this crucial question first?
Never attribute to malice that which is adequately explained by stupidity.
+1 for you, sir.
Screw all this talk, lets look at the page source code and go from there. I booted Knoppix, and pulled up Iceweasel and copy and pasted the page source from wikileaks.info. My html and Javascript skills are not the sharpest. My skills are best in other areas. However, I noticed there is too much talk and not enough transparency here so I posted the page source so hopefully someone would analyze it and talk about the contents rather than jumping on sides of the arguments like some deranged trolls. Lets have a discussion that not owned by a bunch of drama queens, True geeks work with logic, not Drama. End of anti-troll rant.. Heres the pastebin link. http://pastebin.com/dyMkdZEG
My first computer had 1024 bytes of ram
It seems much more plausible that either this wikileaks.info related cybergang is performing the DDoS themselves, stirring up other communities to perform DDoS, or both. I have no experience with this AnonOps group, but I have spent a lot of time looking at *chan culture. As haphazard as a collection of 'anonymous' users generally is, they do not actually get to the point of performing an attack against something without hearing many sides to the story. That is one of the benefits of having so many individuals actively involved rather than an army unthinking zombie computers.
.jpg's, between their collective experience they can collate enough data to link seemingly completely unrelated photos to the same household or person. I have seen this happen over the course of a few threads and the experience was like watching a higher consciousness at work. It totally blew me away.
For example, given enough
They will have people who actually do look at what is specifically being blocked by Spamhaus, why, and verify the authenticity of said claims. When you have threads of people calling for destruction it may be hard to turn away the mod mentality, but when people start posting clear facts it can and will do so, leading to the impending attack falling apart before it reaches critical mass.
I don't know much about this AnonOps group as of now, but if they are made up of enough individuals even this article will definitely reach them. As to if they will care, depends what their real goal is I suppose.
Who would benefit from even just one leaks site having compromised material?
To have record SBL68370 (92.241.160.0/19) removed from the SBL, the Abuse/Security representative of RIPE (or the Internet Service Provider responsible for supplying connectivity to 92.241.160.0/19) needs to contact the SBL Team by email (use this link) to explain how the spam problem has been terminated (we need to know exactly how the issue has been dealt with and that this spam problem is fully terminated). If the spam problem that caused this listing has been terminated we will normally remove the listing from the SBL without delay.
They don't mention payment on their site.
We both said a lot of things that you are going to regret.
http://www.spamhaus.org/news.lasso?article=665
Update 15 December
In a statement released today on wikileaks.info entitled "Spamhaus' False Allegations Against wikileaks.info", the person running the wikileaks.info site (which is not connected with Julian Assange or the real Wikileaks organization) called Spamhaus's information on his infamous cybercrime host "false" and "none of {your} business" and called on people to contact Spamhaus and "voice your opinion". Consequently Spamhaus has now received a number of emails some asking if we "want to be next", some telling us to stop blacklisting Wikileaks (obviously they don't understand that we never did) and others claiming we are "a pawn of US Government Agencies".
None of the people who contacted us realised that the "Wikileaks press release" published on wikileaks.info was not written by Wikileaks and not issued by Wikileaks - but by the person running the wikileaks.info site only - the very site we are warning about. The site data, disks, connections and visitor traffic, are all under the control of the Heihachi cybercrime gang. There are more than 40 criminal-run sites operating on the same IP address as wikileaks.info, including carder-elite.biz, h4ck3rz.biz, elite-crew.net, and bank phishes paypal-securitycenter.com and postbank-kontodirekt.com.
Because they are using a Wikileaks logo, many people thought that the "press release" was issued "by Wikileaks". In fact there has been no press release about this by Wikileaks and none of the official Wikileaks mirrors sites even recognise the wikileaks.info mirror. We wonder how long it will be before Wikileaks supporters wake up and start to question why wikileaks.info is not on the list of real Wikileaks mirrors at wikileaks.ch.
Currently wikileaks.info is serving highly sensitive leaked documents to the world, from a server fully controlled by Russian and German malware cybercriminals, to an audience that faithfully believes anything with a 'Wikileaks' logo on it.
Spamhaus continues to warn Wikileaks readers to make sure they are viewing and downloading documents only from an official Wikileaks mirror site. We're not saying "don't go to Wikileaks" we're saying "Use the wikileaks.ch server instead".
Update 18 December
A DDOS attack was launched on www.spamhaus.org today in retaliation for us warning Internet users about the Russian-German cyber criminals behind the Wikileaks mirror wikileaks.info.
Spamhaus is currently under a 2.1Gbps DDOS attack which began at 05:20 CET. As we are used to DDOS attacks from cybercriminals our anti-ddos defences are holding and our web servers are still operating, a little slower than normal.
By no coincidence, the 'AnonOps' DDOS group irc.anonops.net is also hosted by the same Heihachi Russian-German cybercrime gang in the same CIDR as wikileaks.info:
wikileaks.info = 92.241.190.202
irc.anonops.net = 92.241.190.94
In addition to the LOIC and *OIC tools issued to dimwitted script kiddies to DDOS "enemies of Anon" with, AnonOps appears to be now escalating its DDOS attacks using dedicated criminal botnets (botnets of illegally hijacked PCs), and now appears to be directing DDOS attacks not at "enemies of Wikileaks" but at "enemies of our criminal bosses".
There is palpable irony in a DDOS being used to prevent exposure of a probably-false Wikileaks mirror that could potentially harm Wikileaks and Wikileaks readers. We hope that AnonOps supporters appreciate the irony as much as we do.
When the king heard the words of the Book of the Law he tore his robes.2Kings22:11
Wow. Everybody prepped for Armageddon?
When the king heard the words of the Book of the Law he tore his robes.2Kings22:11
A girlfriend? See, we already know he's lying.
Humans are terrible replicators of Godly things.
It's called a revolution for a reason.
Humans are terrible replicators of Godly things.
The thing I don't get is how they were able to wrest control of wikileaks.org.
The .org domain was with DynaDot and they had (and still have) CLIENT TRANSFER PROHIBITED set.
So why would a US-based domain firm which suspended Wikileaks in fear of the US government then control back over to either
1) a group purporting to be WikiLeaks, or
2) a group they knew was Russian criminals
?
I'm not a lawyer, but I play one on the Internet. Blog
Spamhaus outed the Russian network, which took or already had control of an old AnonOps domain, and began a real botnet attach against Spamhaus.
Spamhaus misinterpreted that as in indication that the russians were somehow in control of AnonOps.
Anonymous was never responsible for the Spamhaus attacks, but the russian cybercriminals were, retaliating for outing wikilinks.info.
Spamhaus has since apparently realized this mistake, since they have apparently removed all mention of Anonymous from the page they are now serving.
Stylish sheet to fix many problems in Slashdot's D3: https://gist.github.com/801524
All this fighting among activists only helps the established powers. I think many people would agree on the issues to fight for with some more patient, calm discussion of them. It's necessary to stick to the central, universal issues, and leave aside the minor details and issues. I think the central issue, which many can fit their flag with, is violence - all forms of violence, including economic exploitation, religious intolerance and exclusion, racial violence and discrimination, as well as sexual, moral and psychological violence. Ideas from the humanist movement. In the case of Wikileaks here, many of those forms are being used against them.
Build your own energy sources from scratch. http://otherpower.com/
No. You're thinking of SORBS (now GFI).
For a site about things like basic rights, Slashdot users sure do like to censor "dissent".
That's SORBS, not Spamhaus. Fact check much?
For a site about things like basic rights, Slashdot users sure do like to censor "dissent".
Please expand on how you set up virtual-hosting-by-name to support SSL properly - i.e. all the sites on the same IP being able to do SSL with their own domains.
http://www.spamhaus.org/news.lasso?article=665
Update 18 December ***Incorrect data redacted*** (click to read)
[See newer information on DDoS in update below]
A DDoS attack was launched on www.spamhaus.org today in retaliation for us warning Internet users about the Russian-German cyber criminals behind the Wikileaks mirror wikileaks.info.
Spamhaus is currently under a 2.1Gbps DDoS attack which began at 05:20 CET. As we are used to DDoS attacks from cybercriminals our anti-ddos defences are holding and our web servers are still operating, a little slower than normal.
By no coincidence, the 'AnonOps' DDoS group irc.anonops.net is also hosted by the same Heihachi Russian-German cybercrime gang in the same CIDR as wikileaks.info:
wikileaks.info = 92.241.190.202
irc.anonops.net = 92.241.190.94
In addition to the LOIC and *OIC tools issued to dimwitted script kiddies to DDoS "enemies of Anon" with, AnonOps appears to be now escalating its DDoS attacks using dedicated criminal botnets (botnets of illegally hijacked PCs), and now appears to be directing DDoS attacks not at "enemies of Wikileaks" but at "enemies of our criminal bosses".
There is palpable irony in a DDoS being used to prevent exposure of a probably-false Wikileaks mirror that could potentially harm Wikileaks and Wikileaks readers. We hope that AnonOps supporters appreciate the irony as much as we do.
Update 19 December
We have been analyzing the traffic patters of the attempted DDoS attack against Spamhaus that started yesterday. We are seeing that it is made up of UDP and Syn flood type packets. This is not the profile of DDoS traffic from the LOIC and other *OIC tools issued to script kiddies to DDoS "enemies of Anon" with. In fact, at some semi-private forums, the AnonOps members have denied the DDoS and have stated how much they hate spam and would not attack Spamhaus. It would seem some actually read and understood what our warning message was about. Rumors are that they have also distanced themselves from members who were promoting the use of botnets to attack sites.
This now looks far more likely to be the work of people running, or hosting at, Webalta or the Heihachi cybercrime group. Possibly angered with the attention this wikileaks.info article brought to their dirty section of the internet. When one hosts spam servers, malware, Zeus and other botnet command and control (C&C) servers, bank phish sites and "backends", child exploitation sites and other badness, keeping off-the-radar is a must. Perhaps Russian authorities are now looking closer at this Webalta and its datacenter, as Russian citizens and banks are often the target of the people running systems there.
As we do when hit by these attacks, Spamhaus is working with both network experts and law-enforcement agencies to find and shut down the botnet used for the DDoS and to try and track who may be behind it.
When the king heard the words of the Book of the Law he tore his robes.2Kings22:11
Oh Good Lord, its the HOSTS file troll. I thought you only irritated people on Opera and other browser threads? For the rest of us you can either just use the free Comodo Dragon browser and pick the "yes I'd like to use the secure Comodo DNS" box on install, or if you are attached to your browser one can just go here for simple instructions on switching over to Comodo Secure DNS.
Either way you'll have real time blacklists that you don't have to maintain, phishing and DNS cache poisoning protection, and most importantly don't have to play "whack a mole" by futzing with HOSTS files. I mean jeez, what do you think this is, 1997?
ACs don't waste your time replying, your posts are never seen by me.
1. One server may have multiple IP addresses.
2. Even if it doesn't, one site may still use SSL with matching name in the certificate (others will get a mismatch error if user tried to access them with https).
Contrary to the popular belief, there indeed is no God.
Hey everybody, I'd like you to meet my new pet, please excuse the smell or the fact it seems to piddle on itself a lot.
This is the HOSTS file troll, which is a fourteen year old Halo player that recently discovered HOSTS files (you remember, those things we used in the mid 90s before EVERY single virus on the planet figured BUTT SIMPLE ways to get around them? Yeah those) and now, since he is so hopped up on Mountain Dew and hormones because he never gets laid, has taken it upon himself to have a HOLY CRUSADE where he uses lots of leet speak and weird CAPS IN SENTENCES to spread the gospel of the HOSTS file, which is older than Betty White and frankly isn't nearly as interesting.
But I hate to break the news to you, poor little lost LEAVE THE FUCKING CAPS LOCK ALONE! latchkey child, but this isn't Digg, or one of your gaming forums populated by little clueless I SAID PUT IT DOWN! hopped up basement dwellers such as yourself, you see this is /. where not only does everybody already know about your new religion, the HOSTS file, but we actually wrote the thing you now clutch like a security blanket because you soiled your regular one. And you know what? We gave up on that lame shit around the time of WinME.
I know trying to educate a moronic youth such as yourself is like pissing in the wind, because you've had all your opinions beaten into you by the MSM but what the hey, it is close to Xmas and the Feet isn't a complete grinch, so I'll try. You see grasshopper, your precious HOSTS file leaves you in what is known as an "arms race" which to explain that in little words you can understand, it is like CTF in Halo. You see all it takes is ONE, just one, bad guy to NOT be on your precious static text file and the next thing you know he is teabagging you while all his friends throw up gang signs and rip off all your stuff. The rest of us have long moved on to things we don't have to manually update where these good people known as "security professionals" constantly update and configure so we don't have to.
But don't worry, we understand. when your DSL is just too laggy for some DM and you have rubbed your little winkie raw to fan fic of Master Chief you really need something to do, so I suppose letting you play with the HOSTS file is better than letting a cretin like yourself anywhere near system32. BTW did you know putting in deltree C:/ in command line will speed up your HOSTS file by 500%? Try it! But thinking just because one of your butt buddies on the Army of Two match ladder thingie told you about HOSTS makes it the newest thing since the x360 doesn't mean it isn't as old as...well that pair of your mother's panties you keep sniffing which is wrong on SO many levels. All you do is make yourself look like an absolute tard by constantly spouting off about HOSTS like it is some new hotness. On second thought God only know what else your pathetically limited mind would speak about if you didn't blather on about HOSTS, so carry on.
ACs don't waste your time replying, your posts are never seen by me.
You want me to disprove something that EVERYONE ON THE PLANET already knows? How about the fact that EVERY SINGLE VIRUS in the free world can trivially change the HOSTS file dipshit. Want examples? Here are 18 billion of them.
You're like the idiot that thinks your computer is a "magic box" and by saying the right incantation you can protect yourself. Well I hate to break the news to ya kid, but this isn't your MMORPG and buffs don't actually work in real life. You trick actually worked for about 4 weeks in 1997 and after that every virus and his retard cousin blows through your precious HOSTS like you blow through tissues reading Master Chief fan fics.
But of course such things are beyond your tiny immature brain, because then you would have to learn about things like layered security and least permissions instead of blinding hanging onto HOSTS as a woobie to protect you from the big bad world out there. But please, keep insulting the paper degree I had to get to get the bank to approve my business loans (which BTW my shop is doing VERY well, thanks) while thinking a HOSTS file, shit everyone with a brain dropped in 1998, will protect you. The spammers I'm sure have already made your PC their bitch. May I suggest your local repair shop? They'll have to charge you extra because of the ID10T error, but I assure you those are VERY hard to fix.
ACs don't waste your time replying, your posts are never seen by me.
Nothing in your writing style suggests he was in any way incorrect in implying that you're crazy.
You might want to fix that.
Sigh, do you work at Best Buy? Because I frankly only deal with THIS level of stupid when I have to fix what the geek squad fucks up. BTW nice to see when you take your meds you can STOP putting CAPS all over the PLCE. Now I'm gonna use little words, do try to keep up. The reason why nobody recommends HOSTS file for anything more than keeping Little Billy off the chat sites? Well you see there is this little thing called privilege escalation. you know that HOSTS file? Yeah, you know who ALWAYS has access to it? THE SYSTEM. And hey, guess how the bugs drop their payload in your system folder? Why with system rights of course! Dumbass.
So I really hate to whizz all over your precious HOSTS file fantasy, but the malware writers figured out in....ohh around 1997, that an easy way to steal data was to infect THE VERY FILE YOU ARE DEPENDING ON so that when you go to mail.google. com you instead go to maill.google.com which presents you with a shiny google login, which since the HOSTS file troll has bet his ass on his HOSTS file, will promptly give away his data and enjoy a good pwning. And don't even bring Linux into this, we are not talking security by obscurity but thinking a HOSTS file will protect Windows. News Flash...it won't. All a HOSTS file does is put you in an endless race with malware writers, which since you are looking at around 100,000 new pieces of nasty a week, and around 2000-3000 infected websites, which changes constantly? Yeah you WILL lose. And of course the first piece of malware to get in will use a privilege escalation bug in...ohh lets say Adobe, because everyone forgets to update and new bugs are found in that shite daily, and then will promptly teabag your precious HOSTS file while flinging poo.
But please, don't believe me. Hang onto your HOSTS file like a magical woobie that protects you from all the nasties. Both the repair guys like me and the malware writers and botnet herders just LOOOOOVE when you believe in magical thinking. Because it makes us lots of $$$. Of course we repair guys are nice enough to laugh at you behind your back and call you PEBKAC and ID10T, whereas the botnet herder will blow through your bandwidth like shit through a goose if you are lucky, if not he will use your PC for illegal activity in which case please enjoy the conversation with the nice men in dark suits with crewcuts and large black guns.
ACs don't waste your time replying, your posts are never seen by me.
Server Name Indication (SNI) is what you are looking for.
SNI, combined with using a different port for each certificate (domain name) in case the client doesn't support it, will serve most clients - except the ones that a) don't support SNI AND b) are behind a firewall allowing SSL/TLS connections on port 443 only.
Hi man, you sound really smart, can you tell me which universities you got your degrees at and which courses you took at those unis? I'd love to learn from someone as clever as you.
Can you give me the names of any good books to read that will help me obtain your awesome level of knowledge and understanding?
Oh poor trollie, Afraid to place anything for your magical woobie on the front page? I thought you believed in your HOPES file? Maybe you should just paste your IP address here so we can all "see" what a magical woobie can do! And you STILL haven't figured out the math yet? Tsk tsk, I'm disappointed in you! I mean, surely there is a "statistics for dummies" book you could have perused by now? Well I understand, it is kinda hard for you to count only using your fingers and toes, especially with the tears in your eyes thanks to my cock slapping you in the face. Now pay attention, and learn! I'll even draw it in a nice simple picture format!
Now here is you...( ) with nothing but your magical woobie to protect your gaping hole from the train fucking that awaits it, and here is the bad guys....123498763487364983276492836 91827364981273649128764 981273649812736498127346 91823649812736498127364 18236491827639481263 9123874612938746219 9187236491287364981 9872634981263947 91827346912873469 9182743691827364 9128736491287364 91723469187236 91287364 91287364 91927346 91287364 1928734 691278364 912873 641927346 91287364917823491782 6491287364912634912873649128374619 91276349182 98712349
Now that is NOT to scale of course, otherwise your hole would be MUCH larger, and those cocks lined up to screw you would number...ohh around 230,000 at last count. Now pay attention trollie, here is the hard part! Of those 230,000 roughly 98,000 are what is known as transient avenues of attack, now I know that is a big word and hurts your little head, but what that means is a website could be dangerous right now...and now it is not...and now it is. A site can literally be "clean" and 2PM, be infected by 3PM, be clean by 4PM, and be reinfected by 5PM.
So it is actually simply trollie. For your magical woobie to work you will not only have to have EVERY site you visit that MAY OR MAY NOT be infected at that very moment in your magical HOPES file, but every single site they link to such as ad servers and your list has to be accurate to the minute or it is nothing but a woobie. So even if you subscribed to Securina and every single security site on the planet, and updated your woobie every single minute of every single day the math proves beyond a shadow of a doubt you WILL lose.
But you KNOW this already, don't you trollie? Or else you wouldn't be so desperate to get anyone to listen to your delusions. And the really sad part? You have bet your ENTIRE existence on a 20 year old tech nobody uses anymore! How fucking sad is that! It is like arguing for the superior sound quality of 8 tracks, or for the incredible versatility of the floppy disc. But answer me this trollie: If your HOPES file is so damned good why did everyone abandon them over a decade ago hmmm? The ONLY thing a HOPES file is good for anymore is for blocking ad servers, because their IP addresses never change unlike malware which changes by the minute. But here is your chance trollie, prove the math wrong. That is if you know how to do even the most basic of statistics. You DO know how to do statistics, don't you trollie? Because otherwise you are just praying to the magical woobie to save you, just like in my LOLCat example. Sad and pathetic, but cock slapping you is quite entertaining I must admit. It isn't often one gets to meet such a naive and easy mark. Poor little trollie.
And Correlation != Causation. I can set up an XP Sp2 machine with NO patches, NO AV or antispy, and then change the background to a LOLCat. Then when I use the machine only on the LAN I will have NO viruses, but I don't really think I can claim my magic LOLCat picture done saved me, do you trollie?
Now do try to keep up: For the HOSTS file to provide a truly effective protection he will have to have ALL the websites that he crosses that can infect him, as well as any and all of the sites THOSE link to, all loaded into his magical HOSTS file. Now considering we are talking on average
ACs don't waste your time replying, your posts are never seen by me.