[SATLUG] Apache access.log and script kiddies?

Bamm Visscher bamm at satx.rr.com
Wed Dec 8 13:25:50 CST 2004 

Not webserver specific, but I use to get a kick out of adding a 'twist' statement to my hosts.allow and have it cat some ascii art. I was doing some debugging w/a road runner tech b/c I was having some upstream bandwidth problems. After arguing with him, I finally told him to download a file via anon ftp from my box and see for himself. His first comment was "Uh, all I get is Beavis and Butthead". Forgot to restart inetd after modifying the hosts.allow. He was getting this:

           ,())))),    Hey Beavis, heh, heh,
         ,()))))))),.  Check it out someone      ,---,,,_
         ()))))))//((\ is trying to log into  (         ))
        (\\( \))( \(/) our box. What a loser. (            )
        /(          \\   I'm gonna kick his    (            )
        //       _   \      ass.               (_(_((((     )
        //   \  /    \   /                     (    , \    )
        \   (.  .    \  /                      |   /   )   )
        (,     |    ,)    Yeah, yeah, he's a   |\ /    (   )
         \   ^\/^   /   Luser.  We're gonna    (.(.)    S  )
         \          /   kick his ass.          /_       \ )
          \ (-<>-) /                   \      /__)   ^   \/
           \  --  /                     ----   /____/    |
            \ __ /                             )______    |
             |  |                                     \   |
          __-|__|-__                                __-\__|-__
         (          )                              (          )
         |_| Got  |_|                              |_|  /.  |_|
         | | r00t?| |                              | |      | |


Bammkkkk



On Wed, Dec 08, 2004 at 01:11:49PM -0600, Charles D Hogan wrote:
> I think the "traeats" idea is a great thing.  That idea could also be 
> used for other common vulnerabilities, say have a "dear human" letter 
> pop-up on the infected boxen asking for antivirus to be run, and patches 
> applied, purportedly coming from the infected computer.  If you are able 
> to find more info on the "treats" please post it.
> 
> Charles
> 
> Kase Saylor wrote:
> 
> >All,
> >
> >Since I've set up a server at my home I've had anumber of WebDAV(?) 
> >attacks. I know I really have nothing to worry about 'cause 
> >Apache/Linux is not vulnerable, but I would love to give the kiddies a 
> >little "treat" when they try to hack me. Someone posted on another 
> >board about leaving treats (insane pop-ups, .exe's that played loud 
> >and obnoxious sounds, etc.) Maybe I should just leave it be, but a 
> >part of me thinks it would be fun to mess with them. Any thoughts?
> >
> >Kase
> >

More information about the Satlug mailing list