Dealing with Intruders? 656
drakyri asks: "I've been running a server for a small company for a few months. Recently, the number of attempted intrusions has jumped from about one every week to several per day - and these are only the really obvious attempts, like idiots who try to log in as root from the outside.
The problem is that I'm not sure what to do about this. I've got their IP addresses and can usually tracert their ISP's - is there an accepted type of letter to send them without seeming like one of the corporate cease-and-desist gnomes?"
just forget it (Score:1, Funny)
DMCA (Score:5, Funny)
Skript kiddiez (Score:4, Funny)
I tried to log in as root.. (Score:5, Funny)
Letter (Score:2, Funny)
Not a cease-n-desist gnome... (Score:5, Funny)
Do what Mr Burns does... (Score:5, Funny)
I swear I won't do it again! (Score:3, Funny)
Re:Not a cease-n-desist gnome... (Score:2, Funny)
Dear Blankety-blank:
Hi. I'm real, real sorry to take your time. I mean, if you don't have time, I understand, and, after all, I don't want to sound like a corporate gnome ]:-)
Sincerely,
D.U. Fus, the Administrator
Tepid Water Suppositories, inc.
And the problem is... (Score:2, Funny)
It's wasting your time.
It makes you worry.
It makes you ask silly questions on slashdot.
The solution is to trash it, you don't need it, Linux is unbreakable anyway.
Re:DMCA (Score:4, Funny)
Call their parents (Score:5, Funny)
I'm sorry... (Score:2, Funny)
Hack them back! (Score:5, Funny)
At the very least it's more fun than writting an e-mail!
normal for this time of year (Score:5, Funny)
As far as reporting them, you could try all day and not be able to report all of them, and even if you did, they're most likely attacking from someone else's vunerable machine. The only thing you can really do is watch out for anyone who's aggressivly attacking you (i.e. one person who's running lots of attacks on you trying desperately to break into your machine at any cost), and report those ones, or if you can find a way to contact that person, tell them to stop before you report them to their isp and/or authorities, this will usually scare most people off.
Once you do start paying some decent attention to security releases, a lot of these stupid things people try won't surprise you, like the ssh root attempt is because some tool came out recently that just scans netblocks for anyone running ssh and try's logging in as two different users with no password, root being one of them. If your not familiar with where to find security releases, here's some good places to start:
packetstorm security [packetstormsecurity.org]
Security Focus [securityfocus.com]
Tactical nuke (Score:3, Funny)
Re:I had someone trying to brute force ssh.. (Score:2, Funny)
Re:Tactical nuke (Score:2, Funny)
Re:Somewhat offtopic, but how do people deal with (Score:3, Funny)
Re:Create a honeypot (Score:2, Funny)
I was entertained by the more "pissed" hackers that ran into that. espically the ones with so little self control they would email me insults at administrator@myisp (A true sign of a poser-cracker, a real cracker is not stupid enough to start emailing the target.... a real cracker is silent as a mouse.)
go ahead and piss them off, the real ones dont get pissed.
Re:I tried to log in as root.. (Score:5, Funny)
Arabic isn't a race. Arabs, technically, are caucasians. They're just curly haired, tanned white people. Not entirely unlike Italians.
LK
Re:Ignoring it == making the problem worse (Score:5, Funny)
Re:Somewhat offtopic, but how do people deal with (Score:3, Funny)
Ack! Now even slashdot is promoting offshoring!!! Ugh...
Re:Ignoring it == raising criminals (Score:5, Funny)
Re:Abuse@ (Score:4, Funny)
Northern Ireland, Gibraltar, Hong Kong (not any more), Palestine (not any more), Australia (not any more), Canada (not any more), India (not any more), Malaysia (not any more), Yemen (not any more), Rhodesia (not any more), US (not any more)
Damn. We're getting smaller. When did that happen?
Easy, really (Score:5, Funny)
The online cartoons - once again - show us how the world works. Here you can find the difference between Hollywoods form of dealing with intruders, and The Real Worlds:
Bigger Than Cheese [biggercheese.com]Prevention Program (Score:1, Funny)
If you want to do something, then you can send a letter to the ISP. Otherwise, you have to make like the Brittons; batten down the hatches and hope the Luftwaffe pass you by.
I guess you can go hunting, too. Hack the ISP, grab a ballbat, and send a "cease and desist" request yourself. An ounce of assbeating is worth more than a pound of Congressional Legislature.
How we handle these situations in Finland (Score:1, Funny)
Being a little pissed off as the attacking continued for some time consuming his precious bandwith, he tracked his IP and with some social engineering he found out the attacker was just some high-school script kiddie, along with the information of where he lived. So he went where the attacker lived and left a note on his home door with something like "stop bruteforcing my server or else...".
Suddenly, the attacks stopped
Re:I tried to log in as root.. (Score:3, Funny)
Take advantage of being r00ted (Score:1, Funny)
If they put an irc bot on your server, you can steal their channels. They're practically giving you, someone they don't know, access to their botnet.
If they set up a warez ftp, you can have some fun with them by putting trojans into their files. Since they've already saved you the time of putting warez on your computer, be sure to copy anything good first.
If they're using your machine for DDOS floods, you may be able to hijack their DDOS network, use it against your enemies or competitors, and blame it on some dirty hackers.
If they steal your database of credit card numbers, it's a sign that you should quit your job and find a new career.
There's no porn at http://example.com... (Score:3, Funny)
--LordPixie
Re: "Arabs are white people." (Score:3, Funny)
WTF? Italians are white people?
Re:Companies don't care. (Score:2, Funny)
Re:I tried to log in as root.. (Score:2, Funny)
Log in as a normal user, and su, of course.