too much crap

Today I’m feeling like throwing in the towel on this web server business: there’s just too much crap to deal with.

A friend’s server was broken into and defaced last week by a script kiddy. I’ve been double-checking my box over the last few days, and I’m astonished at the amount of crap flowing in from the Internet. As a security professional I knew it was bad, but I was fooling myself; I didn’t know it was this bad!!!

I monitor the site regularly, mainly to ensure that we’re not abusing bandwidth that is generously donated, but also to make sure everything is working, and to watch for obviously suspicious activity. In the last week a major portion of the traffic to this server has been:

  • referrer spam (which doesn’t do anything for the spammer, since I don’t display referrers anywhere; it only abuses my bandwidth). About 15% of my bandwidth for the last month has been referrer spam; they seem to breed faster than I can block them out!
  • people trying comment spam on weblogs with no comments (and no comment script!). This includes attempts to invoke old security holes in Movable Type.
  • people probing for security defects in software that I don’t even have installed.
  • people probing for security defects in software that I do have installed (fortunately that was password protected, so they didn’t get in :).
  • probes for network sockets (both for software with vulnerabilities, and for software installed by hackers). This box is heavily firewalled (in both directions; blocking outbound traffic has saved my bacon more than once!), but I still see the logs.
  • password guessing attempts (mainly via SSH, which has been locked down to a small number of IP addresses for months now, since the last major SSH vulnerability).

The promise of Open Source software was that more eyes staring at code would lead to fewer defects. I’m seeing the opposite; it seems that the rate of vulnerability annoucements, and resulting patches, is increasing. Just last week I just upgraded three packages here as a direct result of security announcements (and, as mentioned above, caught someone probing for one of them…)

The Internet has become the cesspool predicted in several recent science fiction novels (notably Peter Watt’s Behemoth, which specifically mentions automated virus / hacking activity). After three days of looking two closely at my logs I feel like pulling the plug. If it were just me using the server, I probably would…

posted at 10:57 am on Wednesday, February 02, 2005 in Personal, Rants, Security, Site News | Comments (1)

1 Comment

  1. Jeff K says:

    The Internet has always been a pigsty… and the pigs love it!

RSS feed for comments on this post.

Sorry, the comment form is closed at this time.