[Site Home] [Forum Home] [Articles] [File DB] [News Archives]

The Cool Hangout Place -> idiot


(View original topic)


Red Squirrel - Oct-11-2004 server time
Well how fun is this. laugh.gif

http://www.google.ca/search?hl=en&q=%2224....le+Search&meta=

Red Squirrel - Oct-10-2004 server time
Haha. Or sabotagé. em320.gif

Yeah that IP will eventually get spidered on google. Interesting really. em320.gif

Still no sign of him though, only 2 alarms for that other IP, which is just a referrer spammer that I blocked months ago, just a cheap status 2 alarm. tongue.gif

Nathan - Oct-10-2004 server time
In France they invented a world to express the action you did :

cassé!

Triple6_wild - Oct-10-2004 server time
you might get some sort of revenge biglaugh.gif

that image is gonna be on google and the world will have access to that IP lol

Red Squirrel - Oct-09-2004 server time
Yep, so far nothing too interesting though...

Furball - Oct-09-2004 server time
Hehehe. Looks like you're pulling out the big guns. Trying to be crafty. Bwahaha. biglaugh.gif

Red Squirrel - Oct-09-2004 server time
Just gave him full access, under high supervision of course. em321.gif

I'll watch a 2 hour movie and come back to see what happends. I'll get popup notifications on my PC if I get scada emails hough so not to worry since I'll check 'em to see if it's him.

Red Squirrel - Oct-09-2004 server time
Well I fixed the issue so he won't be able to try and hack me anymore, not that his attempts were successful in first place.

htmlspecialchars() is what I used. Gets rid of < and > in HTTP headers as they are put in logs.

Red Squirrel - Oct-09-2004 server time
The way I look at it, the worse thing that can happen is that someone requests a string that has html to an image to fetch my IP. But if someone hacks my lan, they really have nothing to do.

I'm trying to find a way to kill html in those logs though, but it's not easy to do if I want it to be efficient.

Andy - Oct-09-2004 server time
LOL yeah Seems like someone don't know Java or flash scrips either. biglaugh.gif

Sorry red to see "Idiot" problems are still trying their best to give everyone here high blood presser. cool.gif

Red Squirrel - Oct-09-2004 server time
yeah lol.

He does not realize all the processing that would be required to reparse the logs to block html. Have to replace < with &lt; and > with &gt; which requires the use of a php function twice. That's for one field, there's more then one field.

I tested it on my server and it ain't pretty, get's pretty slow. Sometimes you just have to sacrifice "security" for performance.

Andy - Oct-09-2004 server time
I like the message

CODE
omg wtf bbq. i've been banned from a site i never visit. big deal. and i didn't search for it. your log viewer passes html in user agents. look at mine;)

Red Squirrel - Oct-09-2004 server time
He might just post something nasty, that's as far as he can really go, unless there's a bad security issue somewhere else which I doubt. He would probably attempt to post stuff on the home page, but I have to validate it before it goes on, anyway.

Oh and he did get on when he had full access, all he did was refresh the page a few times for some odd reason then left. Over night he did not even try again. huh.gif

Not sure what he wants, really.

Triple6_wild - Oct-09-2004 server time
in an effort to throw this train back on the rails i think i will post lol

im curious to know how far buddy will get if we just leave him be lmao

Red Squirrel - Oct-09-2004 server time
haha yeah, I don't get why they made them like that, like what's the point? lol. Whenever it turns it beeps, whenever the door opens etc.... lol

Fuzzy_Fox - Oct-09-2004 server time
I hate to go off topic after all that, but.....those beeping buses annoy the heck out of me! banghead.gif

Red Squirrel - Oct-08-2004 server time
Wow, we sure did a good job at derailing this thread. laugh.gif

It's always fun to do that. Too much security talk gives the guy attention anyway. wink.gif

Furball - Oct-08-2004 server time
Ya. Some UPS betteries have lifetime warantees on them (Which really ISN'T lifetime, more like 5 years). I forget which ones, but I always kind of wondered how they handle that stuff. When somebody brings it in, do they actually fix it up or give them a new one? Or do they pay them in cash. Heck, I think they don't even do anything about it (Which would suck).

Red Squirrel - Oct-08-2004 server time
I heard a myth that the average life of a ups battery is like 2 years but the one I have upstairs is aproaching that, if older, and so far no problems. UPSes usually have VRLA batteries which, as long as not deep cycled too much, can last virtually for ever. If ever it goes caput I'll get a care battery as replacement, since a PSU battery is too expensive.

Furball - Oct-08-2004 server time
Ya, I'll bet that must suck up the battery juice like nothing. But all you really need is 5 minutes to save and get out!

Red Squirrel - Oct-08-2004 server time
Yep, I even have the nework downstairs plugged into the UPS, though I did not bother to plug in the modem. Since a router, 2 computers is quite an overload (when I checked I had like 5 watts left). Basically enough power so I can remotely shut down both machines from up here, then shut this one.

Furball - Oct-08-2004 server time
LOL. Ya, those beeping buses rolleyes.gif . Hehehe, ya, UPS rocks. Gotta love the fact that you can still use your computer when the power goes out. biglaugh.gif

Red Squirrel - Oct-08-2004 server time
Yep 2 power bars, and a UPS. Safety is high too. Both power bars are surge protected, and are plugged into a UPS, which also is surge protected. laugh.gif

Same with downstairs, I have a similar setup. Almost everything is double surge protected. If I wanted to I'd plug multiple UPSes in each other, though I'm not sure how good that is, since cheap UPSes don't produce a real sine wave, so it would maybe affect the ups plugged into it.

Basically, when the power goes out here, you hear lot of beeping. Almost as bad as that newer bus we went into a few weeks ago. em320.gif

Furball - Oct-08-2004 server time
Wow, is that TWO powerbars? Tsk tsk, I hope they're surge protected. tongue.gif. Nice case by the way. Love the blue LED fans wink.gif.

Furball - Oct-08-2004 server time
Looks like Red's got the "Security munchies". Acting just like the Timmins police officers eh? Hehehehe. Well, if he IS dumb enough, he'll fall into this trap and do something that can easily be traced (Like a post tongue.gif). Then he'll be in trouble. BWAHAHA

Red Squirrel - Oct-08-2004 server time
Just testing his stupidity. tongue.gif If he'll actually fall for it. Or perhaps he's so dumb that he's not even viewing this with a proxy.

But as you can see, I'm not too concerned about the situation... laugh.gif

Furball - Oct-08-2004 server time
It's all just to get the guy fired up. Squirrel's got him in checkmate now. If he tries to post anything, Squirrel's only got more evidence of bad conduct to give to the authorities. If that guy were smart, he'd disappear without doing anything. Everything can and probably WILL be traced. Then he'll end up in a lot of trouble tongue.gif

Fuzzy_Fox - Oct-08-2004 server time
And your posting your maniacle plans for him publicly, who's the idot now tongue.gif .

Red Squirrel - Oct-08-2004 server time
Just for fun I'll let him on for a bit, he'll probably come here and post something nasty. That way I'll have more data to send to Comcast, his ISP. em320.gif

Red Squirrel - Oct-08-2004 server time
well well well....

This guy is really asking for some. He put a string in his user agent to make it do a popup when I check my logs. VERY easy to do.

But in the message he threatened that he can steal my cookies and gain access to the system. Well what he does not know is that I don't check the logs online but on my lan server, so if he does get cookies he'll get my LAN server ones... big deal.

So this guy is going DOWN. I'll contact his ISP about it if he continues, and with the logs, I'm sure he may get his account suspended or what not.

If not, I'll just crash his system from here. But I'll pick the legal route first. Only problem is that he'll just use a different isp and I'll have to track him down again.

The security system is fairly old, but still fairly strong, but I've been planing to rebuild it to be even stronger, and this might have changed those plans to umm, now. em320.gif

Notheless, I will make sure nothing bad happends to the site. Even if he would happen to log on that system, big deal, the only thing he can do with that system is delete IP rules, create them etc.... that may be an inconvenience for me, but big deal, he can't even change anything on the site that way.

But main thing is, he's asking for it, and he's going to get it.

n2attack.gif

Red Squirrel - Oct-07-2004 server time
I know exactly where they're from. wink.gif PC *cough* and A

rovingcowboy - Oct-07-2004 server time
hey i was going by google one time and got stuck trying to get in to this forum? no matter what i did it would not let me in?
i even tried to get to the control panel still it did not work.

banghead.gif

I guess i will just have to keep logging in to post em320.gif

blink.gif deal.gif dancingbanada.gif dancingbanada.gif stir_pot.gif stir_pot.gif

really it was not me red. i also got lost in that log like fuzzy fox did

still this seems like somebody we might know red you think they started up again on a different isp thinking you would not know them.?

scared.gif enough said you should know what i mean red. xyxthumbs.gif

B b f
u e e
t....w


stir_pot.gif

Furball - Oct-07-2004 server time
That'll teach him to try to hack into places where he doesn't belong tongue.gif . Even funnier would be if he went to jail for that. He'd probably kick himself if that ever happened rolleyes.gif

Red Squirrel - Oct-07-2004 server time
Actually the logs look more complicated because of the word wrap. But I noticed a bug in my security script, well a very small one. When a rule matches the number of matches is supost to increment but it does not, I'll have to look at that when I feel better. But the security part is working fine. wink.gif

Anyone who would gain unauthorized access to that control panel could do some nasty stuff, such as turn logging off and screw up my stat acursy. ohmy.gif Or worse yet, he could change the password. ohmy.gif (which would take 30 seconds to change back with ftp access).

But I'll keep logging his access since if he keeps trying I'll contact Comcast (his ISP)

Fuzzy_Fox - Oct-07-2004 server time
Those logs tell me nothing. I'm probably worse than a noob bigcry.gif . ....but then again, it's not like I'm a hacker, or I want to hack, so all is well smile.gif .

Red Squirrel - Oct-07-2004 server time
Some guy trying to gain unauthorized access to the site.

CODE

24.17.127.109 - - [21/Sep/2004:22:27:02] "http://www.iceteks.com/forums/archive/f/16/" (http://64.233.167.104/search?q=cache:dT0yi2s-YvoJ:www.iceteks.com/forums/archive/t/1637/+%22program+e%22+undefined&hl=en) - - Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7; oogabooga<img src=http://gotdoof.com/oops/oops.php style=display:none>) Gecko/20040803 Firefox/0.9.3 Channel: 0
24.17.127.109 - - [21/Sep/2004:22:27:05] "http://www.iceteks.com/forums/archive/" (http://www.iceteks.com/forums/archive/f/16/) - - Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7; oogabooga<img src=http://gotdoof.com/oops/oops.php style=display:none>) Gecko/20040803 Firefox/0.9.3 Channel: 0
24.17.127.109 - - [21/Sep/2004:22:27:06] "http://www.iceteks.com/forums/" (http://www.iceteks.com/forums/archive/) - - Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7; oogabooga<img src=http://gotdoof.com/oops/oops.php style=display:none>) Gecko/20040803 Firefox/0.9.3 Channel: 0
24.17.127.109 - - [21/Sep/2004:22:27:12] "http://www.iceteks.com/forums/index.php?&act=Members" (http://www.iceteks.com/forums/) - - Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7; oogabooga<img src=http://gotdoof.com/oops/oops.php style=display:none>) Gecko/20040803 Firefox/0.9.3 Channel: 0
24.17.127.109 - - [21/Sep/2004:22:27:15] "http://www.iceteks.com/forums/index.php?&act=Search&f=" (http://www.iceteks.com/forums/index.php?&act=Members) - - Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7; oogabooga<img src=http://gotdoof.com/oops/oops.php style=display:none>) Gecko/20040803 Firefox/0.9.3 Channel: 0
24.17.127.109 - - [21/Sep/2004:22:27:20] "http://www.iceteks.com/forums/index.php?act=Search&CODE=01" (http://www.iceteks.com/forums/index.php?&act=Search&f=) - - Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7; oogabooga<img src=http://gotdoof.com/oops/oops.php style=display:none>) Gecko/20040803 Firefox/0.9.3 Channel: 0
24.17.127.109 - - [21/Sep/2004:22:27:29] "http://www.iceteks.com/forums/index.php?act=Search&CODE=01" (http://www.iceteks.com/forums/index.php?&act=Search&f=) - - Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7; oogabooga<img src=http://gotdoof.com/oops/oops.php style=display:none>) Gecko/20040803 Firefox/0.9.3 Channel: 0
24.17.127.109 - - [21/Sep/2004:22:27:32] "http://www.iceteks.com/forums/index.php?act=Search&CODE=01" (http://www.iceteks.com/forums/index.php?&act=Search&f=) - - Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7; oogabooga<img src=http://gotdoof.com/oops/oops.php style=display:none>) Gecko/20040803 Firefox/0.9.3 Channel: 0
24.17.127.109 - - [24/Sep/2004:18:26:50] "http://iceteks.com/" () - - Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7; oogabooga<img src=http://gotdoof.com/oops/oops.php style=display:none>) Gecko/20040803 Firefox/0.9.3 Channel: 0
24.17.127.109 - - [24/Sep/2004:18:27:01] "http://iceteks.com/tools/" () - - Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7; oogabooga<img src=http://gotdoof.com/oops/oops.php style=display:none>) Gecko/20040803 Firefox/0.9.3 Channel: 1
24.17.127.109 - - [03/Oct/2004:18:21:54] "http://www.iceteks.com/forums/index.php?showtopic=2549&" (http://216.239.57.104/search?q=cache:_Ww6j-nn3rwJ:www.iceteks.com/forums/archive/t/2549/+icetekslogs.php&hl=en) - - Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7; oogabooga<img src=http://gotdoof.com/oops/oops.php style=display:none>) Gecko/20040803 Firefox/0.9.3 Channel: 0
24.17.127.109 - - [04/Oct/2004:18:17:06] "http://scada.iceteks.com/" () - - Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7; oogabooga<img src=http://gotdoof.com/oops/oops.php style=display:none>) Gecko/20040803 Firefox/0.9.3 Channel: 0
24.17.127.109 - - [04/Oct/2004:18:17:21] "http://scada.iceteks.com/index.php?act=viewlogs&act2=show" () - - Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7; oogabooga<img src=http://gotdoof.com/oops/oops.php style=display:none>) Gecko/20040803 Firefox/0.9.3 Channel: 0
24.17.127.109 - - [04/Oct/2004:18:17:59] "http://scada.iceteks.com/" () - - Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7; oogabooga<img src=http://gotdoof.com/oops/oops.php style=display:none>) Gecko/20040803 Firefox/0.9.3 Channel: 2
24.17.127.109 - - [04/Oct/2004:18:18:03] "http://scada.iceteks.com/" () - - Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7; oogabooga<img src=http://gotdoof.com/oops/oops.php style=display:none>) Gecko/20040803 Firefox/0.9.3 Channel: 2
24.17.127.109 - - [04/Oct/2004:18:18:14] "http://scada.iceteks.com/" () - - Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7; oogabooga<img src=http://gotdoof.com/oops/oops.php style=display:none>) Gecko/20040803 Firefox/0.9.3 Channel: 2
24.17.127.109 - - [04/Oct/2004:18:18:41] "http://scada.iceteks.com/index.php?setoverride=1" (http://66.102.7.104/search?q=cache:KTBUUuh_hxUJ:scada.iceteks.com/+%22scada.iceteks.%2Bcom/%22&hl=en) - - Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7; oogabooga<img src=http://gotdoof.com/oops/oops.php style=display:none>) Gecko/20040803 Firefox/0.9.3 Channel: 2
24.17.127.109 - - [04/Oct/2004:18:22:35] "http://www.iceteks.com/" () - - Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7; oogabooga<img src=http://gotdoof.com/oops/oops.php style=display:none>) Gecko/20040803 Firefox/0.9.3 Channel: 2
24.17.127.109 - - [06/Oct/2004:00:08:45] "http://www.iceteks.com/" () - - Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7; oogabooga<img src=http://gotdoof.com/oops/oops.php style=display:none>) Gecko/20040803 Firefox/0.9.3 Channel: 2
24.17.127.109 - - [07/Oct/2004:01:51:39] "http://www.iceteks.com/" () - - Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.7.3) Gecko/20040913 Firefox/0.10.1 Channel: 2
24.17.127.109 - - [07/Oct/2004:23:04:58] "http://www.iceteks.com/" () - - Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.7.3) Gecko/20040913 Firefox/0.10.1 Channel: 2
24.17.127.109 - - [07/Oct/2004:23:07:19] "http://www.iceteks.com/omgwtfbbq.+i've+been+banned+from+a+site+i+never+visit.+big+deal.+and+i+didn't+search+for+it.+your+log+viewer+passes+html+in+user+agents.+look+at+mine+;)" () - - Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.7.3) Gecko/20040913 Firefox/0.10.1 Channel: 2
24.17.127.109 - - [07/Oct/2004:23:11:12] "http://www.iceteks.com/" () - - Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.7.3) Gecko/20040913 Firefox/0.10.1 Channel: 2
24.17.127.109 - - [07/Oct/2004:23:13:08] "http://www.iceteks.com/news/pictures/pic_21704finalproduct.jpg" (http://64.233.167.104/search?q=cache:GPw3_KW98N4J:forum.grid.org/phpBB/viewtopic.php%3Ft%3D14178+red+squirrel+iceteks&hl=en) - - Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.7.3) Gecko/20040913 Firefox/0.10.1 Channel: 2
24.17.127.109 - - [07/Oct/2004:23:25:39] "http://www.iceteks.com/" () - - Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.7.3) Gecko/20040913 Firefox/0.10.1 Channel: 2
24.17.127.109 - - [07/Oct/2004:23:35:56] "http://www.iceteks.com/" () - - Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.7.3) Gecko/20040913 Firefox/0.10.1 Channel: 2
24.17.127.109 - - [07/Oct/2004:23:36:15] "http://www.iceteks.com/" () - - <script> tag, right here --> <script<alert("OMG PWN3D RIGHT BACK TO YOU. look. i didn't mean to cause trouble.\nyour script doesn't escape html when parsing user agents. i have an image tag in my user agent pointing to a script of mine.\ni noticed a hit with a referrer of your script, and went to check it out.\nnice security system, though. i could have stolen your cookies with this. better fix your script.\nif you want to talk, iceteks@gotdoof.com");</script<<-- Channel: 2
24.17.127.109 - - [08/Oct/2004:01:09:05] "http://www.iceteks.com/" () - - Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7; oogabooga<img src=http://gotdoof.com/oops/oops.php style=display:none>) Gecko/20040803 Firefox/0.9.3 Channel: 2
24.17.127.109 - - [08/Oct/2004:17:52:10] "http://www.iceteks.com/" () - - Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7; oogabooga<img src=http://gotdoof.com/oops/oops.php style=display:none>) Gecko/20040803 Firefox/0.9.3 Channel: 2
24.17.127.109 - - [08/Oct/2004:20:42:38] "http://www.iceteks.com/" () - - Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.7.3) Gecko/20040913 Firefox/0.10.1 Channel: 0
24.17.127.109 - - [08/Oct/2004:20:43:17] "http://www.iceteks.com/" (http://www.iceteks.com/) - - Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.7.3) Gecko/20040913 Firefox/0.10.1 Channel: 0
24.17.127.109 - - [08/Oct/2004:20:43:18] "http://www.iceteks.com/" () - - Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.7.3) Gecko/20040913 Firefox/0.10.1 Channel: 0
24.17.127.109 - - [09/Oct/2004:17:45:02] "http://www.iceteks.com/" () - - Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.7.3) Gecko/20040913 Firefox/0.10.1 Channel: 2


Chanels: 0 = normal log, 1 = errror log, 2 = access denied

Basically he got blocked automaticly apon the second entry since he tried to login to the scada control panel. Sad part is, he left the username and password field blank!

Notice how he attempts to use google's cache to hack. roflmao.gif N00B


- updated log! -

(Showing 50 last posts, newest on top)