Security Issues and Spam
Topics
|
Welcome to Security @ the Pigstye WelcomeWelcome to Security @ the Pigstye.
The continual hack and spam attempts on my computer systems annoys me. In the past I have collected the most obvious hack and spam attempts and displayed them in a searchable database for all to see. You can see that database here List of Lamers trying to Hack the Pigstye. This has annoyed some hackers and increased attacks -- usually after a while they realize that their attacks here only make them more visible and quit. However some do not learn and so I have started this website to detail the attacks and hopefully bring them more fully into the light. I also hope to provide a useful repository of information for those who find their computers on my list. If you came here because your computer was in my list, see the page Have You Been Hacked? There you will find out how to contact me so that I can give you the information I have from my logs to help you contain the incursion, And when you have cleaned up your computer or we determine it was a spoof, I will remove your server from my list. If you have stories about what it took to clean up your computer from a hack or anything else you think might be helpful to those who come here please submit it for publication. Note all submissions, comments, trackbacks, pingbacks, etc require you to be logged in. Accounts are free, but they are also moderated -- I anticipate this site to attract more than its fair share of hack and spam attempts. 
Latest Sql Injection Attacks I have been experiencing an escalating number of attacks trying to exploit sql injections on ASP, ColdFusion and Perl. The attempts contain the DECLARE and CAST directives in the url. The relevant part of the url looks like this: DECLARE%20@S%20CHAR(4000);SET%20@S=CAST The latest information from sans is here. You can see the latest list of computers attempting to attack my computers here.
Spam Emails I decided to generate a list of the worst spam email offenders. You can find the dynamic list of the computers that have attempted to send me spam email over 99 times here http://security.pigstye.net/staticpages/index.php/spam. Feel free to add these ips to your blacklist.
Index.php exploitsThere are numerous exploits involving parameters not being checked with index.php. These continue to be popular with the hackers. I have gathered up these exploits and the computers most often serving the exploit code for them. You can find this exploit attempt at http://security.pigstye.net/staticpages/index.php/index.
Mambo/Joomla mosConfig ExploitBack in 2004 Mambo/Joomla had a sql injection exploit with the mosConfig variable. Since them the hackers have been trying to find servers running the software they can exploit. I see many such attempts on the Pigstye computers and created a nice updating list of these attempts. You can find it at http://security.pigstye.net/staticpages/index.php/mambomosconfig. It lists the last 50 attempts and also the top 50 computers used to host the exploit code.
Email SpamMy estimates are that I get about 25 spams for every legitimate email. Someday I will do an analysis. Not today.Today I am setting up an email account meant only as a spam trap. It will be used nowhere and only available as a link on the web page. So any mail coming to it will be spam. I will of course keep track of the emails and where they came from. Here is the email address for all you spam harvesters black493@pigstye.net. How long before the first spam comes?
Geeklog Spam Flood The last few days I have been experiencing a spam comment and trackback flood on The Iraq Page. Apparently some spammer has hired a botnet to distribute his spam. Today I have recieved over 600 trackback spam attempts and almost 600 comment spam attempts. That is over one attempt a minute all day long. A partial list of the ips in the botnet follow. You can look at the lamer list and all got caught by bad behavior because they did not have a user agent.
Worst Offenders Today I was looking over my server logs and discovered something I wouldn't have guessed. Other than hits from banned people the major attack vector was dictionary attacks against ssh. This year there have been 2839110 firewall hits and 1601863 illegal ssh user attempts. The importance of a good password is most obvious. Stats Follow
PHP Shell Attempts 4/11/07The number of attempted shell exploits amazes me everyday. Below I have listed the attempts made on 4/11/07 on my servers. Keep in mind that this only includes computers that have not already been banned from my systems because of previous hack attempts. Many of the attempts are exploits for know holes, but many are just guesses. All of the attempts to scripts in my error directory will fail because none of them accept direct input - all of them compare the input to a predefined list of acceptable answers. Many of the requests will fail because they are poorly formed. This just shows that they are the result of an automated bot probably controlled by an irc bot.
|
SearchWho's OnlineGuest Users: 4Hack AttemptsThere have been 10,552,163 attempts to hack the Pigstye computers by 157,596 different computers since 2008-01-03 08:58:17.On average there have been 21 attempts per minute What's NewStoriesNo new storiesComments last 2 daysNo new commentsTrackbacks last 2 daysNo new trackback commentsLinks last 2 weeksNo recent new links |
|
Copyright © 2008 Security @ the Pigstye All trademarks and copyrights on this page are owned by their respective owners. |
Powered By Geeklog Created this page in 0.08 seconds |