Slashdot Mirror
One Million Web Pages Attacked By Lilupophilupop
hankwang writes "The Internet Storm Center reported that one million web pages have been attacked by the Lilupophilupop SQL injection and contain a malicious Javascript link. Affected sites can be found using a Google search query. See also the technical details of the SQL injection. The attack is directed to sites running ASP or ColdFusion with an MSSQL backend. The payload of the Javascript leads, via redirects and obfuscated Javascript, to a fake download page for Adobe Flash and antivirus software."
The google query in the post returns "about 288,000" results, many of which come from the same domains. While agree that this is serious, the claim that 1M pages have been attacked (and who really cares about pages anyway -- the number of sites / domains seems far more important to me) seems exaggerated.
Facts have a liberal bias.
hmm ... lilupophilupop.com is unreachable for me.
NB: The message above might reflect my opinion right now, but not necessarily tomorrow or next year.
Turns up lots of tiny little "backwater" sites run by small businesses. Not surprising they would get nailed, they are the most vulnerable.
But...
Do I see ITT Tech in there as a victim?
Ouch!
Official Heretic from the "Church of Global Warming". Proven right thanks to whistle blowers. AGW = Flat Earth Theory
So I guess you've never made a typo before in your life?
The web site for the Portuguese Electric Company (EDP) is there. That seems a major site by my standards. I might be suspect of course, beeing Portuguese. :D
The malware site is hosted by Specialist Ltd in Transnistria, who are a totally black hat operation. They can get away with it because almost nobody recognises the existence of Transnistria, so it is effectively outside the reach of international law enforcement.
Never email donotemail@WeAreSpammers.com
My guess is that the T.B'er simply has no life.
Honestly, I thought it was a joke based on the utterly ridiculous name of the injection (no, smartass, I mean "Lilupophilupop", not "SQL"). Seriously, it looks like someone got frustrated trying to type up the REAL name of the injection, slammed his/her fist onto the keyboard, and called it a day.
Getting '503 Service Unavailable' when I try and wget the relevant URL. The slashdot effect for good!
https://www.google.com/search?q=%22script+src=%22http://lilupophilupop.com/sl.php%22 shows only 286,000 results. Where did 1 million come from?
Strange; earlier today (when I submitted the story), they were online.
The site redirected to this (http changed to hXXp): hXXp://plac41eadmi.rr.nu/n.php?h=1&s=sl
which redirected to hXXp://www3.smartnetworkzgx.Kwik.To/?92ut2bc2=Xafe2G%2BXmmKsk9Hb2KuYmuPir52umJ6tpuGxZZPJZ9agmKKkpJiY
which contained an obfuscated script that went on like this:
var xrPke='QiqpR';if('xmFR'=='ZqpZB')aSetrA();}
function ty6HJA7y3z10n0s(rFOaSw){var NLgXo="3845";var vJtxnk=132;var PmBBXq=[];var uqrx;var lTrQTu=0;
But also the kwik.to website is offline now.
Avantslash: low-bandwidth mobile slashdot.
No[e, never.
So I guess you've never made a typo before in your life?
In a piece of text that has been edited for presentation to a wide audience? No. Those are corrected by a review process.
I'm wondering...
classic asp + mssql combos aren't that common? It's usually iis (asp.net) + mssql or asp + mysql. Coldfusion isn't that large either.
As other people have said not even close to 1 million sites, point being there's probably not a million sites that run these combos.
Doesn't having a million-entry host file have some drawbacks? I expect either the whole thing is cached in memory (assuming 128 bytes per cache entry that's over 128 MB to cache the thing), or the file is linearly scanned every time you resolve a hostname, slowing down every single name resolution enormously. Either of those would kind of suck.
This has nothing to do with Microsoft. First, this is targeting classic ASP and Cold Fusion, that's a 15 year old technology that nobody uses anymore and a non-MS technology. Second, sql injection attacks are all about the application code, not the framework.
If you need web hosting, you could do worse than here
"Doesn't having a million-entry host file have some drawbacks? I expect either the whole thing is cached in memory (assuming 128 bytes per cache entry that's over 128 MB to cache the thing), - by pclminion (145572) on Wednesday January 04, @12:28PM (#38586542)
Not @ all - in fact? IT FLIES... I make this DSL connection websurf like FIOS using it in fact! Here's how/why:
It gets cached by 1 of 2 methods (depending on the size of the HOSTS file itself, because MS' DNS clientside cache service has "issues" with larger HOSTS files (it uses a fixed-size buffer/structure to cache is why, limited & inflexible)).
---
1.) DNS ClientSide cache service (default method, & works "ok" with relatively smaller HOSTS files)
or
2.) Local kernelmode diskcaching subsystem (the method I must use because of the issues in the DNS clientside cache - BUT, I save CPU cycles, RAM, & other forms of I/O not using it too, bonus... it's unneeded here is why/redundant!) - it caches HOSTS files like any other file!
---
* Generally, I'd recommend folks 'cut off' the local DNS cache client in Windows w/ larger custom HOSTS files, but... there IS another way to stop it from lagging:
TO BE ABLE TO USE DNS CLIENTSIDE LOCAL CACHE SERVICE WITH A LARGE HOSTS FILE:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters ... ... see Regedit Help under "Exporting Registry files"
Click Edit > New > DWORD Value (type) MaxCacheTtl
Click Edit > New > DWORD Value (type) MaxNegativeCacheTtl
Next right-click on the MaxCacheTtl entry (right pane) and select: Modify and change the value to 1
The MaxNegativeCacheTtl entry should already have a value of 0 (leave it that way - see screenshot)
Close Regedit and reboot
As usual you should always backup your Registry before editing
---
THIS COMMANDLINE BATCH WILL DISABLE DNS CACHE:
sc config DNSCache start= disabled
sc stop DNSCache
---
THIS COMMANDLINE BATCH WILL SET THE DNS CACHE TO MANUAL START (vs. default automatic):
sc config DNSCache start= demand
sc stop DNSCache
APK
P.S.=>
" or the file is linearly scanned every time you resolve a hostname, slowing down every single name resolution enormously. Either of those would kind of suck." - by pclminion (145572) on Wednesday January 04, @12:28PM (#38586542)
My name resolutions happen FAR FASTER from a HOSTS file (I read it up off a TRUE SSD (not FLASH based) in a Gigabyte IRAM 4gb DDR2 based SSD & once cached as noted above? FAST!) than they do from remote DNS servers (those take 30-100's of ms to get back... from that SSD? Less than 1ms!)... apk
Then the GP should've said "edit", not "type", since the wording suggested he was aiming his complaint at the submitter. Can't these people express themselves clearly anymore?
If you read the linked pages, it does appear that this is due to a vulnerability in MSSQL... so yet again (and we are all "shocked"), this has Microsoft's fingerprints all over it.
I don't read your sig. Why are you reading mine?
See subject-line... I got into a BIT of that in my other replies here (but, like I suspect what YOU'RE SEEING to be? DNSBL filtering's already taking place & with GOOD reasons).
* In any event? You MAY wish to read this (or not) on why I didn't see it & wouldn't have before today too (DNSBL filtering DNS servers, specializing in blocking out bogus sites/servers/hosts-domains vs. malware, malicious scripting, etc. + custom HOSTS files) -> http://it.slashdot.org/comments.pl?sid=2603836&cid=38586216
(You MAY find it useful, and informative... because what I do not only SECURES me better online, but? It also makes me FASTER by far... noticeably so, & getting my money's worth I shell out each month to be online out of pocket!)
APK
P.S.=> This is 1 time where DNSBL's are EXCELLENT vs. malware & the like bad stuff online - BLOCKING THEM THE "F" OUT! I suspect that's WHY you can't see it...
... apk
> this is targeting classic ASP and Cold Fusion, that's a 15 year old technology that nobody uses anymore
Really? - just because you don't use it....
It's actually technology that is simple, low profile and gets the job done - just like a bicycle is efficient for personal day-to-day transportation.
Large hosts files absolutely slow down lookups.
Furthermore, he says he uses 3 different DNS servers, so he's really just getting the security of the intersection of all 3 blacklists.
He also claims his hosts file and router prevent malware from dialing home, despite the fact that such malware often has hardcoded IPs and would never need to perform a DNS lookup.
The DNS/HOSTS troll has been around for a while, but the sad thing is it's not a copy-pasta. Each post is actually unique (though similar), so there's some moron begind the AC curtain actually typing that shit out every time. This troll is most easily identified by the formatting. it always has excessive sectioning, bolding, and use of asterisks, hyphens, and parentheticals. The end is always a "beat you over the head with it" moment. In this case it's a link to a Bing search on "how to secure" Windows XP/2000.
Basically, don't feed the trolls.
Liluphilupop? Otacon, is the DARPA Chief high on drugs? Or is Hideo Kojima on them?
Sweet. My custom /etc/hosts file saved me from the malware that is bing... So I was unable to check out your last link. Thanks for the comment.
http://www.google.com/search?q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&btnG=Search&sclient=psy-ab&hl=en&site=&source=hp&gbv=1&sei=VZsET6LOCZCUOofX3J8B
* :)
APK
P.S.=> Always more than 1 way to "skin a cat", lol... apk
Because I strongly wager that IF, for instance, I was running DNS servers @ an ISP/BSP, I'd be using things like this -> http://doc.emergingthreats.net/bin/view/Main/HoneywallSamples
(That's a DNSBL vs. malware/threats online in general I convert to HOSTS file format, & is an example of what ISP/BSP's use for blacklisting bogus sites/servers/hosts-domains)
It's also possible they're setup "recursively" & call out to "higher" level DNS servers than theirs & THEY have the hosts-domain for this malware blocked out already!
Don't discount THAT possibility, because this thing's "running amok" out there (per this article).
* Now, on ISP/BSP "level 1 support" being aware of what's PROBABLY done @ the "NOC" level? Low... but, perhaps they can connect you to someone who DOES control that much so you can inquire on if it was filter blocked or not!
APK
P.S.=> Good luck, but I do wager that's what happened on YOUR end... & you MAY wish to try those filtering DNSBL based DNS servers I noted in my init./1st post:
Norton DNS:
198.153.192.1
198.153.194.1
198.153.192.60
198.153.194.60
198.153.192.50
198.153.194.50
198.153.192.40
198.153.194.40
OpenDNS:
208.67.222.222
208.67.220.220
ScrubIT DNS:
67.138.54.100
207.225.209.66
From my initial/original post here where I noted them & in FAR greater detail than I did here, so others could look into using them also -> http://it.slashdot.org/comments.pl?sid=2603836&cid=38586216
... apk
somebody really needs to introduce APK to Michael Kristopeit
... Oh man I was worried for second! I thought the summary claimed that the javascript redirected you to download Adobe Flash. I was relieved to find out that it was a fake Adobe Flash download. Far less dangerous.
godamn, it's real
I'd like to send this letter to the Prussian consulate in Siam by aeromail. Am I too late for the 4:30 autogyro?
time here.
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
Your post got a +4 informative for trolling off topic too, after you downmodded my initial/1st post & the one where I challenged you to DISPROVE points I made on HOSTS file also here http://it.slashdot.org/comments.pl?sid=2603836&cid=38587006 ??
Make us laugh some more please!
(Because anyone KNOWS how simple it is to "game/cheat" the moderation system here by using alternate registered 'luser' accounts)
To wit/e.g.:
---
1.) Downmod with your registered 'luser' account
2.) Logout (to preserve your cookie state & karma points b.s.)
3.) Troll away as AC
4.) Downmod MORE with your other "alternate guises" (registered 'luser' accounts).
5.) "Rinse, Lather, & Repeat" steps #1 - 4
---
* Now, with that "all said & aside"? You RUN from disproving points I made on HOSTS files here -> http://it.slashdot.org/comments.pl?sid=2603836&cid=38587006, AFTER you downmodded me (either by this account of 'sexconker' OR another alternate one (most likely this latter)), & ran?
Please... lol!
APK
P.S.=> Do you HONESTLY feel you're "fooling anyone" with those 'tactics', sexconker? Guess again... HOWEVER- the "bright side" is this:
ALL THE DOWNMODS IN THE WORLD (in addition to modding yourself up for offtopic trolling illogical ad hominem attack attempts) don't stand up to facts I posted, which I INVITE YOU TO DISPROVE, and you cannot obviously - & all you have? Is downmodding my post, upmodding yourself via alternate registered 'luser' accounts you have here obviously, lol... poor/weak/effete/useless, vs. facts you RUN from!
... apk
I've read the linked pages, it's not a vulnerability in MSSQL, it's injected code which targets MSSQL so the blame lies with the application.
How did the post I replied to go from +1 Informative to -1 Troll? His detractors won't face a challenge put to them here either http://it.slashdot.org/comments.pl?sid=2603836&cid=38587006 and people wonder why slashdot's losing readers?
Having worked for a newspaper, I can assure you that they still make mistakes. Hell, the paper I worked for even got the date on the front page wrong (a year out) once due to a typo.
Get off your high horse & join us all in reality.
ASP is likely still more used than ASP.NET.
APK has been "amusing" for many years, under a variety of nicks.
Google: site:arstechnica.com APK
Any psychiatrists care to chime in on the characteristic "speech patterns" in the posts?
http://www.ntcompatible.com/postprint81050.html
"This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."
The mechanics of their design and execution make for interesting reading. Injecting a bunch of hex that then is decoded by a second script. I can't help but repect it.
You seem to have some reading comprehension problems, it is NOT a MSSQL vulnerability at all, it is bad application programming which then allows an attacker to leverage MSSQL with malicious code.
Fortunately he's a loon who posts AC. If he were a morpher with a million different IDs, then it would be expensive to mark posts from all his IDs with a score penalty, but fortunately, all you need to do is mark AC down, and you get rid of all of his irrational ranting, and lots more besides.
HTH, HAND.
Also FatPhil on SoylentNews, id 863
I'm glad I read his post. I downloaded this hosts file and am surfing faster already http://winhelp2002.mvps.org/hosts.htm so your opinion is worthless compared to my results. You can call the guy a loon but if that's crazy I don't want to be sane.
A "big talker" like you ought to be able to do that, vs. the points I posted here -> http://it.slashdot.org/comments.pl?sid=2603836&cid=38586216 or here -> http://it.slashdot.org/comments.pl?sid=2603836&cid=38586640 or here -> http://it.slashdot.org/comments.pl?sid=2603836&cid=38587006
Right?
* Go for it FatPhil... I am going to LOVE watching you "eat your off topic illogical ad hominem attack attempt words"...
(Of course, that's "expecting too much" from a useless troll such as yourself!)
APK
P.S.=> What I love about trolls like you, especially ones that attempt off topic illogical ad hominem attacks, is that your "kind" online (trolls) are usually QUITE stupid in technical matters of computing
... apk/b
ColdFusion (it hasn't been "Cold Fusion" since 1998) has had parameterized SQL commands for a decade. The problem is that there is still a high percentage of ColdFusion developers who are not educated enough to know what they are or why they should use them.
CFML is such an easy language to program in that it encourages people who have not taken the time to learn the appropriate software engineering basics. It's a bit of a double-edged sword, really. Also, there's still a lot of 10+ year old ColdFusion code out there that hasn't been touched in a long time because it "still works", except, of course, that it doesn't, as we can see from this example.
www.clarke.ca
I actually had to look up .nu, as I've never encountered it before.
From AegisLab Security blog in regards to this attack:
"The detailed attacking paths are as follows:
[script] hxxp://lilupophilupop.com/sl.php
[hop] hxxp://doutl31inesst.rr.nu/n.php?h=1&s=sl
[hop] hxxp://www3.simplerfnetwork.rr.nu
[hop] hxxp://www1.smartscanerjkm.rr.nu
[download] hxxp://www1.smartscanerjkm.rr.nu "
A little Googling and some interesting reading led me to the small South Pacific island country of Niue. Never heard of it.
http://en.wikipedia.org/wiki/Niue
From that article:
"Niue purported to establish diplomatic relations with the People's Republic of China on December 12, 2007.[17] However, in light of its Constitution it is uncertain whether Niue had the capacity to enter diplomatic relations with any country. Traditionally, Niue's foreign relations and defence have been regarded as the responsibility of New Zealand, which has full diplomatic relations with China. Furthermore the Joint Communique signed by Niue and China is different in its treatment of the Taiwan question from that agreed by New Zealand and China. New Zealand "acknowledged" China's position on Taiwan but has never expressly agreed with it, but Niue "recognizes that there is only one China in the world, the Government of the People's Republic of China is the sole legal government representing the whole of China and Taiwan is an inalienable part of the territory of China."
Interesting.
A little more searching and I find this article that discusses the tax-haven aspects of Niue in terms of Chinese businessmen...
http://www.ibls.com/internet_law_news_portal_view.aspx?s=latestnews&id=2447
The closing statement from that article...
"Niue's trust laws resemble the laws of offshore centers that are, or sometime were, British colonies. The important factor here is that, due to its location, Niue has become a financial center for wealthy Chinese who want to use the financial figure of offshore trusts. This means, Niue has a good prospective given the flourishing of the Chinese economy."
Indeed, the Chinese have been trying to buy their way into residency status on Niue (in effect giving them New Zealand residency status)...
http://www.niueconfidential.com/2011/03/immigration-rort-may-liquidate-company.html
I know it is a leap, but is it possible the Chinese are using Niue as a "Cyberwar base of operations"?
Funny how you RUN from that here -> http://it.slashdot.org/comments.pl?sid=2603836&cid=38587006
Man... lol, that you were upmodded for your off-topic illogical ad hominem attack attempt "boggles the mind" too (but then again, everyone KNOWS how easy it is to cheat the moderation system on /. ... piece of cake, that & I illustrated HOW that's done too in my other posts here so... in other words? You fool NOBODY but yourself!).
APK
P.S.=> Sometimes you fools ask me WHY I don't register here and be like you (a "registered 'luser'", lol, which doesn't hold true of the majority of registered users here, only the trolls such as yourself)...
1 reason's that trolls such as yourself, once I trash them on their computer technical weaknesses (which I have to yourself here with ease since you ran like the trolling coward you are)? They threatened to "mod my posts down to oblivion" IF I had a registered 'luser' account here... but then, that'd make ME, like YOU, & I do NOT want THAT (lol, for sure).
Another reason being is that I have CAUGHT people cheating the moderation system here (tomhudson's group, trolltalk.com do), & it's a sham because of that!
Folks also wonder WHY slashdot's losing readers, & dorks like you, off topic ad hominem attack attempting ones that FAIL & RUN when confronted are why... you're pitiful!
... apk
ASP is definitely a MS technology. Any exploit that depends on ASP from now till the end of eternity is MS's fault.
It does, but being on cable is so fast I don't notice it.
Okay I do notice it, but its more secure than not having the regularly updated HOSTS file.
So what if my time to resolve a host goes from 20 ms to 1020 ms. It's just a stupid webpage and it's literally 1 second.
This doesn't have an impact on connections that just go by IP address to begin with. (like games)
It also stops all those stupid apps that try to load ads in their window.
Like for instance Motioninjoy to use a ps3 controller on pc, it's a good tool, but it loads ads and someone might get infected by them.
Do people still really pass sql to the server to be executed instead of using stored procedures, or at the very least building the sql on the server? The payload was nothing more special than any other T-SQL script. I was expecting something a little more clever than someone merely exploiting bad server design. I would be willing to bet the sites that were affected by this probably have issues with this sort of thing all the time and will have them continue far into the future.
The exploit doesn't depend on ASP, it depends on poor code written by application developers in ASP or Cold fusion. You can't blame the technology for bad application developers.
aah...
Yeah. As sexconker and couchslug have indicated, this guy is not worth wasting time on.
"So what if my time to resolve a host goes from 20 ms to 1020 ms" -
If anything? It'll be faster IF you put your fav. sites into it with their CORRECT IP address to hosts-domain/subdomain name into your custom HOSTS file, "hardcoded" resolved there already @ the top of it!
(Plus, that also gets cached & operates @ the speed of RAM + the fact a kernelmode PnP subsystem's driving it (IP Stack))...
* Fastest there is, proof to DNS attacks, & even DNSBL + DNS request logs... & FAR faster than remotely calling out to a potentially redirect poisoned DNS server that takes 100's to 1000's of time longer for the same thing? No thanks!
APK
P.S.=> Nice job, good reply - thought I'd "brighten your day" on that part you actually thought you were "losing out" on using custom HOSTS files (you're actually GAINING in that area, if you do it right, & manyfold)... apk
LOL, that's all I have to say about that... see subject-line!
* :)
(As per my usual style? I walk away unscathed, & laughing @ my "naysayer" trolls, who run as expected when faced with my "superior technical firepower" in computing that I possess vs. "the likes of they" (trolls))
APK
P.S.=> This? This was just "too, Too, TOO EASY - just '2EZ'", as is per my usual vs. off-topic illogical ad hominem attack attempting technically weak trolls... such as the prime examples of such "ne'er-do-wells", lol, in couchslug &/or sexconker...
... apk
If I'm understanding it correctly, it relies on both of the two following things being true of a given web site (besides it using an MS SQL Server backend (or maybe it also works on Sybase database product(s) which also use the T-SQL language and might still have the involved system tables in common)):
1) SQL commands constructed via string concatenation including web form text field values, and
2) No sanitization of data coming out of the database before inserting into the HTML.
Attention zealots and haters: 00100 00100
If you're willing to do this much work to avoid malware, well, go for it. Your performance gains, when compared to network latency, are probably so slight as to be imperceptible. Personally, I use AdBlock Plus and a local DNS server, and have never had issues with either malware, unwanted ads, or network performance. To each his own. If you don't want to get modded Troll, you might want to tone down on the caps and excessive bolding. You may have a legitimate technical point to make, but it gets lost in a tone that reminds me of a child throwing a tantrum.
"Please describe the scientific nature of the 'whammy'" - Agent Scully
"If you're willing to do this much work to avoid malware, well, go for it." - by mandelbr0t (1015855) on Wednesday January 04, @08:53PM (#38591630)
See subject-line above: My HOSTS updates from a pristine temp every 15 minutes here, & normalized vs. repeats + alphabetized from reputable & reliable sources for HOSTS file & DNSBL data vs. malware & such, "automatigically" (phishing/spamming/maliciously scripted sites/known purveyors of trojans-virus-worms etc./et al)).
E.G. &/or I.E.-> I haven't had a malware infestation of ANY kind, since 1996 in fact, & I can post testimonials of the same from users of my guides... would you like that? They're easily verifiable too... just ask.
---
"Your performance gains, when compared to network latency, are probably so slight as to be imperceptible. " - by mandelbr0t (1015855) on Wednesday January 04, @08:53PM (#38591630)
Oh, really: CAN YOU READ?
In my earlier replies here, I posted:
---
1.) The words of your own /. peers here noting they're websurfing faster in addition to myself & others posting here.
2.) Even the testimonial quoted a SECURITY PRO from SECURITYFOCUS.COM (division of Symantec) said he's surfing noticeably FASTER using a custom HOSTS file too!
---
Let's see, that outnumbers you HOW much & not only by your peers here, including myself, but also a professional security journallist & security pro?
---
"Personally, I use AdBlock Plus" - " - by mandelbr0t (1015855) on Wednesday January 04, @08:53PM (#38591630)
Guess what? So do I in "WaterFox", but it's only GOOD for that browser & slower! NOT ONLY THAT, but AdBlock "ain't what it used to be" -> http://tech.slashdot.org/story/11/12/13/1430236/adblock-plus-developers-to-allow-acceptable-ads
How else as well especially compared to HOSTS files?
Well - HOSTS are GLOBAL & even cover external to browser email apps (any webbound app) & run @ ring 0/rpl 0/kernelmode PnP privelege of the IP stack itself (far faster & more efficiently than do usermode/ring 3/rpl 3 apps like browsers, & especially addons for them (which slows them up even more especially in FF IF you overdo it with too many of them)).
---
"and a local DNS server, and have never had issues with either malware, unwanted ads, or network performance. " - by mandelbr0t (1015855) on Wednesday January 04, @08:53PM (#38591630)
Maybe not, but... lol, how about DNS problems like a redirected poisoning due to recursion issues in DNS that are KNOWN?
Plus?
Hey - I don't waste CPU cycles, RAM, or other forms of I/O on a local DNS server OR the electricity for a dedicated rig for it either
(Instead - I use what I mentioned in my 1st reply here: You'd KNOW that, if you read it... I use known efficient & filtering vs. malware types in OpenDNS, Norton DNS, & ScrubIT DNS).
---
"To each his own" - by mandelbr0t (1015855) on Wednesday January 04, @08:53PM (#38591630)
That I can live with... absolutely, & for less CPU/RAM/Other forms of I/O + electricity usage by doing MY way, vs. yours (in DNS mostly).
---
"If you don't want to get modded Troll, you might want to tone down on the caps and excessive bolding." - by mandelbr0t (1015855) on Wednesday January 04, @08:53PM (#38591630)
I'll write as I please, if you don't like it? Don't read it.
---
"You may have a legitimate technical point to make" - by mandelbr0t (1015855) on Wednesday January 04, @08:53PM (#38591630)
I know DAMN WELL I do, & it kicks the trolls a
Trolls around /. fear apk's hosts file cuz they're botmasters/webmasters that lose money due to hosts files' use and they don't want the rest of the people to learn about them who read his posts so they try to bury them since ac people like apk don't get modded up as much and are hidden by default on slashdot for most readers, and downmodding unjustly hides that even more so they think. How stupid of them.
OR the electricity for a dedicated rig for it either
Don't spend it all in one place. The dedicated rig does other useful stuff that I wouldn't want bogging down my desktop.
I've actually passed English courses in college while earning 2 degrees no less (A grades usually) - have you??
Yep. This is, after all, a "News for Nerds" site. You're not the only genius here. And the rest of us don't tend to use terms like "superior technical firepower" and go off on rants about things that represent a minute portion of IT.
I know DAMN WELL I do, & it kicks the trolls asses SO BADLY, that when I challenge them to disprove my technical points I posted on ANYTHING I POSTED?
I'm not trying to disprove your technical points; I'm saying that people aren't listening to you because of the way you present your argument. I'm happy with what I've got, you're happy with what you've got.
talk about obvious, playing "pretend english professor on /." & "the MaSteR oF All ThiNgS PoStiNg MyStiCaL
This borders on delusional. I don't know how your mind got from a sincere comment on how I felt your writing represented yourself to making assumptions about the purpose of my post. The purpose of my post was to say that the content of your original post had technical merit. It still does. I just choose not to go down that road. If that requires you to tear apart my post looking for flaws not related to the original discussion, well, it's no wonder no one bothers to have a discussion with you based on technical merits.
"Please describe the scientific nature of the 'whammy'" - Agent Scully
Especially on HOSTS files in my 1st post, yet it was dowmodded here -> http://it.slashdot.org/comments.pl?sid=2603836&cid=38586216 Please - that's bullshit.
However - IF I made some technical error & was misleading others maybe... but for no reason? Bullshit!
(It went from +1 Informative, to 0 Informative, to -1, to -1 Troll... for what?)
---
"I'm not trying to disprove your technical points" - by mandelbr0t (1015855) on Wednesday January 04, @09:56PM (#38592078)
That'd be IMPOSSIBLE to DO ANYHOW, & I think you KNOW it...
---
"I'm saying that people aren't listening to you because of the way you present your argument." - by mandelbr0t (1015855) on Wednesday January 04, @09:56PM (#38592078)
Let's see - here are some of my posts on HOSTS files that were upmodded that disagree with you (would you like around 130++ more?)
BANNER ADS & BANDWIDTH:2011 -> http://hardware.slashdot.org/comments.pl?sid=2139088&cid=36077722
HOSTS MOD UP:2010 -> http://yro.slashdot.org/comments.pl?sid=1907266&cid=34529608
HOSTS MOD UP:2009 -> http://tech.slashdot.org/comments.pl?sid=1490078&cid=30555632
HOSTS MOD UP:2010 -> http://it.slashdot.org/comments.pl?sid=1869638&cid=34237268
HOSTS MOD UP:2009 -> http://tech.slashdot.org/comments.pl?sid=1461288&threshold=-1&commentsort=0&mode=thread&cid=30272074
HOSTS MOD UP:2009 -> http://tech.slashdot.org/comments.pl?sid=1255487&cid=28197285
HOSTS MOD UP:2009 -> http://tech.slashdot.org/comments.pl?sid=1206409&cid=27661983
HOSTS MOD UP:2010 -> http://apple.slashdot.org/comments.pl?sid=1725068&cid=32960808
HOSTS MOD UP:2010 -> http://it.slashdot.org/comments.pl?sid=1743902&cid=33147274
APK 20++ POINTS ON HOSTS MOD UP:2010 -> http://news.slashdot.org/comments.pl?sid=1913212&cid=34576182
HOSTS MOD UP:2010 -> http://it.slashdot.org/comments.pl?sid=1862260&cid=34186256
HOSTS MOD UP:2010 (w/ facebook known bad sites blocked) -> http://tech.slashdot.org/comments.pl?sid=1924892&cid=34670128
HOSTS FILE MOD UP FOR ANDROID MALWARE:2010 -> http://mobile.slashdot.org/comments.pl?sid=1930156&cid=34713952
HOSTS MOD UP ZEUSTRACKER:2011 -> http://it.slashdot.org/comments.pl?sid=2059420&cid=35654066
HOSTS MOD UP vs AT&T BANDWIDTH CAP:2011 -> http://tech.slashdot.org/comments.pl?sid=2116504&cid=35985584
HOSTS MOD UP CAN DO SAME AS THE "CloudFlare" Server-Side service:2011 ->
sexconker tries hidin apk's post I replied to by downmoddin it? Weak. That post knocked sexconker clean out n' sexconker ran cuz he can't make apk's points appear incorrect,
I'm not even a developer, and even I know the phrase "Sanitise your inputs".
There's no excuse for injection vulnerabilities. None.
Finally had enough. Come see us over at https://soylentnews.org/
Alexander Peter Kowalski is a prolific and persistent troll. He resets his IP address to circumvent the Slashdot post flood limit. When he was informed that intentionally circumventing restrictions, even by exploiting known flaws in the system, constitutes unauthorized access to a computer system, which is a felony, he ducked the issue. It didn't seem to dissuade him from exploiting it, however.
Sounds like you fear apk because you're unable to disprove his points and instead you try off topic illogical ad hominem attacks (failing miserably).
Between a custom HOSTS file, & using "filtering" DNS servers (that specialize in blocking out malicious script & malware serving domains + phishing/spamming ones)?
Can you please tell me how to modify my HOSTS file to block your stupid use of the bold tag? Fsck.
There's no place like
Turnin' ur system off n on again 4 gettin a new IP lease != law breaking.
Not our fault if ur 2 stupid 2 figure it out phool.
Again, "U FAIL": Like the other poster said & apparently does too?
I turn my systems OFF to save money on power bills & it's not every 2 minutes, because unlike you? I have to pay bills & own my own home where that's the case (instead of living in your mommy's basement like you do)!
Face it - YOU BLEW IT here -> http://it.slashdot.org/comments.pl?sid=2603836&cid=38603700
(LMAO!)
Poor little off-topic ILLOGICAL ad hominem attack attempt utilizing little troll... I make mincemeat out of you, EVERY TIME YOU TRY THAT weak b.s.!
APK
P.S.=> How many MORE of these "weak noobs" do I have to "slam"? You KNOW I just GOTTA SAY IT, as-is-per-my-usual style:
This? This was just "too, Too, TOO EASY - just '2EZ'"...
... apk
"Large hosts files absolutely slow down lookups." - by sexconker (1179573) on Wednesday January 04, @12:55PM (#38586810)
When I 'hardcode' in my favs into my HOSTS file it resolves far, Far, FAR FASTER than calling out to a remote DNS servers (that takes 30-100's of ms to happen & can be DNS poisoned misdirected to boot), you stupid stooge!
(Especially coming up off a TRUE SSD here, Gigabyte IRAM 4gb DDR2 RAM based unit - has less than 1ms access/seek time, & parsing the file once it's loaded into memory makes it even faster still (and, it does get cached, like any other file does))
* Then, once it caches into memory after the 1st request to it (I do that via the kernelmode diskcaching subsystem here vs. local DNS clientside cache (doesn't work well w/ larger HOSTS files in Windows, Linux has no such issue though, I'll give it THAT much))? Even FASTER still...
(AND, I make SURE in the registry that my HOSTS file is looked to 1st, which IS the "default" anyhow, and done prior to external DNS servers referencing (that could be downed or dns poisoned), even though I use excellent protective filtering DNS servers in Norton DNS, OpenDNS, & ScrubIT DNS working in unison here, for yet MORE added "Layered-Security"/"Defense-in-Depth" - the best thing we've got going for security online today in fact!).
APK
P.S.=> Most importantly - Whoever the dumbshit is who modded YOUR idiotic no-mind no understanding of how things really work on a computer is an utter fool!
Then again?
Well... of course, everyone KNOWS how easy it is to cheat the moderation system here anyhow so... there you are, shot down in flames by your OWN stupidity (and running away from a challenge in debating this point & others on HOSTS files) - tomhudson, couchslug, damn_registrars, gmhowell, jeremiahcornelius, countertrolling, & webmistressrachel of the "trolltalk.com" crew have been caught cheating it literally & countertrolling saying HOW to do it, here ->http://slashdot.org/comments.pl?sid=2245866&cid=36491652 )...
... apk
You exhibit total bullshit off-topic attempts @ ad hominem attack!
Face it - We KNOW You're full of shit on your ALLEGED 'credentials'!
So... How do I know this? Well, ok:
QUESTION - Have you performed a professional examination of myself in a professional environs?
* Answer = No.
Without that, shit for brains? You're libeling myself.
APK
P.S.=> Now, You can now kindly go fuck yourself... & quit libeling myself with your crap, because w/out a formal examination administered in a professional environs? You're just asking for a libel suit with those comments of yours!
... apk
Quit trying to play attorney, you're not good @ it:
"In this case the gp's comment could not be construed to be libel because it is a statement of opinion, not fact.:" - by Anonymous Coward on Wednesday January 11, @10:28AM (#38663616)
It's the OTHER WAY AROUND, goof: Without facts, it IS libel!
(Especially with your cartoon character PHD in psychiatric sciences post as AC earlier here too -> http://it.slashdot.org/comments.pl?sid=2603836&cid=38662634 )
* No small wonder you harass others via your ac posts, you're full of it, and LMAO - YOU CONTRADICT YOURSELF TOO:
"Additionally, were an actual examination to take place, if a diagnosis were made which supported the gp's assertions, it would also discount the claim of libel since the gp's assertions would be recognized as true." - by Anonymous Coward on Wednesday January 11, @10:28AM (#38663616)
Funny how it's EXACTLY as I stated:
I.E. -> You NEED a formal examination of someone's "alleged mental state" administered in a formal professional environs by LICENSED PRACTICING DEGREED PROS... the VERY THING YOU DO NOT HAVE (as well as your cartoon PHD you replied as before here -> http://it.slashdot.org/comments.pl?sid=2603836&cid=38662634 ).
(You're just another piece of SERIOUS SHIT little coward troll posting as ac to try to rile me, & all you're doing is making the 2 douchebags in couchslug, plus fatphil, and sexconker look all the more STUPID for running from challenges I put to BOTH of they!)
APK
P.S.=> The BEST part though, lol, is that couchslug AND sexconker along with fatphil aren't able to disprove points I made on HOSTS files or other tech points I stated...
That's proof in & of itself that 1 of you is just posting as ac to try "troll me" & FAILING badly (weak, & ineffectual - especially when I get "the last laugh" by showing they're unable to disprove the points I stated/made)...
... apk
Not a PHD in psychiatric sciences -> http://www.google.com/search?tbm=isch&hl=en&source=hp&biw=&bih=&q=Gretchen+Grundler&btnG=Search+Images&gbv=1
My guess as a professional: paranoid schizophrenia and borderline personality disorder. Poorly treated and managed, if at all.
U can also stop posting ac couchslug. U f'd up and u know it.
You're right. It was wrong of me to egg you on like that. I meant to do it in a humorous way, using the names of characters from a cartoon TV show, but that doesn't make it ok. It was mean of me, and wrong. I'm not ok with being mean-spirited. I apologize.
At least you have enough class/manners to explain that & apologize, per my subject-line above.
APK
P.S.=> Since you were nice enough to do that, I can explain MY response - I only "snapped" @ you because of the trolls around here that pull a LOT of "tricks" such as downmodding & running + stalking/harassing/trolling me in other ways as well... tends to make you "less trusting" + reflexively think more of it's going on!
(E.G>-> sexconker the poster I am challenging? He hasn't posted for more than a week now. That only tells me that he's an "alternate registered 'luser'"/sockpuppet account solely used for "trolling/harassing/stalking" others on /. by the REAL person doing it is all - yes, I've seen it done here before)...
... apk
Geek angst? Misery loves company?? Nothing better to do???
* Not REALLY sure myself, + don't really care...
(However - I'd strongly wager though that the root of it's over my correcting them on a computer tech error they made, & they cannot handle it: Hence "geek angst" being #1 above...)
APK
P.S.=> Besides - I've got REAL issues to deal with in this life (instead of their obvious mental ones & trying to figure them out)...
...apk
He sure ran off sexconker and couchslug though.
That I am being unjustly downmodded & stalked/harassed repeatedly via "MichaelKristopeit"'s numerous registered accounts or anonymous coward harassing/stalking/trolling ones as you yourself even noted here http://it.slashdot.org/comments.pl?sid=2603836&cid=38679784 .
APK
No, I have no need to "hide myself" that way. I'd even have a registeered user account, but, my "naysayer trolls" (from trolltalk.com, see my p.s. below) would mod ALL of my posts down they could find.
Think it's b.s.? This is an example of my being told that, LITERALLY, here:
---
http://it.slashdot.org/comments.pl?sid=2282088&cid=36626278
PERTINENT QUOTE/EXCERPT as "evidence thereof":
"If he had an account, all of his posts would start at -1 (due to downmods)"
---
AND MORESO here:
---
http://it.slashdot.org/comments.pl?sid=2177744&cid=36219132
PERTINENT QUOTE/EXCERPT as "evidence thereof":
"First off, why don't you just get an account instead of posting AC? Some (many) of us are tired of you're trolling and would like to be able to mod you down."
---
* There you go... & now you also know WHY I don't keep a regular registered 'luser' account here (in large part, I really do NOT require whatever being a registered user here requires).
APK
P.S.=> Note that BOTH of those are from AC's as to those saying they would "downmod me to oblivion" (whether my posts are solid fact based or not, they usually are) - here's EXACTLY who those ac's are, with proof of them doing it the past couple weeks now even, and many times before in the past year (trolltalk.com people):
They are a pack of trolls here, literally ADMITTED trolls, they run a domain called "trolltalk.com" in fact!
(gmhowell, tomhudson, webmistressrachel, squiggleslash, ountertrolling, mcgrew, & other registered LUSER 'guises'),
They regularly cheat/game the moderation system, literally, in 2 ways:
---
1.) Modding themselves up in collusion/teams
2.) Modding down those they are stalking/harassing/trolling
---
Think it's bullshit? Ok, fine - here's where they LITERALLLY ADMIT TO ALL OF THE ABOVE & how they cheat the mod system here:
---
A.) countertrolling telling others how to moddown opponents as registered lusers 1st, then to logout to save your karma/cookie state of your reg'd luser account, & then to troll others via ac replies -> http://slashdot.org/comments.pl?sid=2245866&cid=36491652
B.) mcgrew stating how he modded up webmistressrachel 5 times, & she's his "partner in crime" around here (probably SAME person with multiple guises is my guess) -> http://slashdot.org/comments.pl?sid=2212152&cid=36361542
C.) gmhowell admitting he's trolling me via AC posts (along with getting MichaelKristopeit all riled up & on my case):
http://slashdot.org/journal/276148/now-this-is-entertaining
D.) I've literally CAUGHT a fool named clone53421 posting in the same post as clone52431 (notice the #'s appended, not the same)
---
& plenty more I've caught doing bogus things around here to "fool the system/game the system"... would you like more? I can list them, in seconds!
... apk