crackers

wallpaper · Post by **wallpaper** » Thu Nov 17, 2005 4:05 am

I run a server, and I have a stats page.
I was lookin through my Apache access_log and found this.
##.##.###.### - - [16/Nov/2005:20:30:32 -0500] "GET /search/rslts.sh?player=%3Brm+-rf+%2F HTTP/1.1" 200 1207

%3Brm+-rf+%2F translates to ";rm -rf /"
someone is trying issue a command to to delete my entire root directory

no big deal...ain't gonna work, anyway.

My question is "Why do people do this?"
"Crackers" and "Script-Kiddies" are not cool.
It's not like the attacker can actually see it happen. What is the thrill?

I watch the dedicated-server console every once in a while when I am not with the family or at work...just to make sure there isn't any "creepy" shit going on.

Every once in a while, I see chat from certain players about how they can break into servers and etc, etc, blah, blah....

I have even watched a chat about breaking into my server.

I guess I just was wondering what the armagetronad community's opinion is on this topic.

Is it cool to exploit and/or break into a computer?
What would a cracker do if they got in?
Erasing my hard drive would give the cracker what thrill?

I think being interested in technology and hacking around is excellent, and I am all for it....but the cracking and script-kiddie shit is retarded.

Anycrap...would like to hear opinions from other people (especially those running servers of any kind)

btw...I edited the IP address of the bastard tryin to "rm -r -f" from the log...is it ok to post the actual ip?

Post by **Lucifer** » Thu Nov 17, 2005 4:35 am

I've got logging, and whenever someone attacks me I turn over my logs to the FBI. If they're americans, they get a trial by jury. If they're not, they're terrorists and they get it where the sun don't shine.

(Ok, I don't really turn my logs over, but not because I won't, because nobody's been a serious enough problem for me to take it that far)

Phytotron · Post by **Phytotron** » Thu Nov 17, 2005 5:03 am

I thought this topic was going to be about white people.

Fonkay · Post by **Fonkay** » Thu Nov 17, 2005 6:14 am

Stupid me, I thought it was going to be little crispie edible things called crackers.

iceman · Post by **iceman** » Thu Nov 17, 2005 12:15 pm

A very long while back I logged into the master server and one of the servers in the list started scanning me on every port from 1 - 65535 so it looks like someone had written a script waiting for their server to be pinged (which armagetron client does to all servers in the list) and then initiated the scan, kinda lame really it just caused my log file to grow slightly

I spoze everything has a bad side, internet community included
One day these youngsters will grow up? but until then we have to put up with this crap

wallpaper · Post by **wallpaper** » Thu Nov 17, 2005 12:22 pm

These two are funny. I think someone is trying to ask me something.

from httpd
--------------
[17/Nov/2005:04:11:15 -0500] "GET /do/you/have/any/music/i/can/download HTTP/1.1" 404 242

from sshd
-------------
Nov 17 04:14:54 basementunderground sshd[22205]: Failed password for invalid user canihaveyourpasswordandloginnameplease from ##.##.###.### port 49774 ssh2

iceman · Post by **iceman** » Thu Nov 17, 2005 12:42 pm

heh they have a warped sense of humor

post the I.P.

wallpaper · Post by **wallpaper** » Thu Nov 17, 2005 1:13 pm

I would love to post the IP. But that wouldn't be right (I think). Fun...but not right.

What does this mean?
------------------------------
PORT STATE SERVICE
1400/tcp closed cadkey-tablet

Does the cadkey-tablet service have something to do with a wireless handheld device? I can't find much on Google, except that it is a known port/service.

Jonathan · Post by **Jonathan** » Thu Nov 17, 2005 5:31 pm

wallpaper wrote:These two are funny. I think someone is trying to ask me something.

from httpd
--------------
[17/Nov/2005:04:11:15 -0500] "GET /do/you/have/any/music/i/can/download HTTP/1.1" 404 242

from sshd
-------------
Nov 17 04:14:54 basementunderground sshd[22205]: Failed password for invalid user canihaveyourpasswordandloginnameplease from ##.##.###.### port 49774 ssh2

Hehe. At least that looks like a funny rather than potentially harmful way to give away your IP address.

Post by **Tank Program** » Thu Nov 17, 2005 5:33 pm

Yes, stuff like this does suck

. It's the reason I shut down Tigers Network...

iceman · Post by **iceman** » Thu Nov 17, 2005 5:59 pm

will you ever reboot tigers ? I miss the servers

Post by **Tank Program** » Thu Nov 17, 2005 6:06 pm

I don't know if I'll ever be able to make it have the same feel with 0.2.8.0...

Walking Tree · Post by **Walking Tree** » Thu Nov 17, 2005 6:39 pm

if you can't just give the closest (in your opinion) a name containing "tigers network". then we can at least try to reunite the former tigers community

iceman · Post by **iceman** » Thu Nov 17, 2005 6:46 pm

you could compile the security fix code into 0260 classic and call it
tigers network retro classic

and run all other servers with 0280

I know you dont wanna step backwards but 1 retro server wouldnt be so bad

Walking Tree · Post by **Walking Tree** » Thu Nov 17, 2005 7:04 pm

iceman wrote:you could compile the security fix code into 0260 classic and

i think he'll leave you to do that part...