Archive for November, 2008

Filthy Rotten Scriptkiddies – Blackmailing Siteowners

A friend of mine owns a site which has very little traffic and sells a niche product. Because he gets so little traffic, alarm bells immediately sound when suddenly there is a spike.

If there would be a spike, he would be rich probably, but the chances of that happening are very slim.

Anyway, this night, the guy called me up at 3:30 saying he received an email from some hotmail address saying something like ;

I understand how much revinue you bring in each month, I can bring that down to 0 if I wish. Think I’m kidding? Think this is a joke?

And then his demands.

So, me thinking this was indeed a joke, asking why he )(@#%()#@% woke me. But it wasn’t a joke. The site was down. Very much so for 1.5 hour already. Costing my friend money.

A bit groggy from sleeping I could not imagine this being anything else than some lame DOS attack; one or a few computers bonking away on :80.

Unfortunately that was not the case at all.

This was a quite (for this kind of lame threat / blackmail) heavy DDOS. After a few minutes I already collected (and blocked) over 200 unique ips (from different classes mostly).

In this blog I have shown more than ones some ideas for catching and blocking DDOS attacks from within Linux and this one was rather a simple one and could be simply blocked using;

List of Linux tricks

Few notes here; Apache (or whatever you might use) queues all those income connections and leaves them connected even though they are blocked. Because of this,
during the attack, I run from the cron; */10 * * * * service httpd restart. Making Apache immediately kill of those bad connections, but finish off the real ones with a real response. At least you’ll have service for most people using this method.

Ofcourse it required a bunch of tweaking as the attacker changed his strategy quite often to make it more difficult.

I don’t get people who do this and I certainly don’t understand how they can mount such a huge attack with so many different IPs.

Edit: attack has been going on for 9 hours now… site doing fine.

MacOSX / Bootcamp / Installing Windows XP without SPs / there is not enough disk space on $ntservicepackuninstall$ to install service pack bla

Sometimes you have to do things you don’t want. Today I needed to install something under Windows to convert some fileformat (media file format) for which I cannot find Linux or Mac converters. Not even Mplayer can play it. Only some weird proprietary Windows app.

So basically; I needed Windows. And I hate Windows. And not without passion; I really hate it. But ok, enough about that.

I have a Mac Mini standing on my desk gathering dust (oh did I mention I hate Mac OS X too?), so I thought ; I can install on that.

Not that easy. Requires an XP disk with SP2. And ofcourse I didn’t have that. As I really don’t want to pay for stuff I already have, I took an XP version from 2001 (so without any SPs) and tried to find a way to install that on the Mac Mini. Legal as I don’t even have the computer anymore on which is belonged, but I have the ‘authentic Windows crap sticker’ still.

The installation from within Bootcamp went ‘smooth’, although Windows doesn’t want to shutdown or restart, you have to force it down by holding the shutdown button.

And almost none of the software/drivers Apple provides work without SP2. Even worse (well… not much worse); Mac OS X doesn’t boot anymore.

Anyway; I got the SP2 download and burnt it on a CD under Linux and tried to install it under the non-SP version on the Mac Mini. Unfortunately, it started yelping about some missing 4 mb’s of space……. 4 mbs. Ofcourse I have more than 20 gb free so that could not be right.

Quite annoyingly, the Mac community is not of the technical details; when searching for these kind of problems, people keep repeating in forums that I insulted my Mac by installing Windows OR that I did not read and MUST HAVE SP2 Windows install CD OR that I should just reinstall everything. All very helpful. Not.

So I was faced with two problems;

– no more Mac OS X
– Windows couldn’t install the SP so I couldn’t install any drivers etc

The former was not that important for me as I don’t like Mac OS X that much and certainly never use it if I can avoid it.

But for the latter I started this whole adventure, so I couldn’t give that up.

I read all messages about this problem and the solution turned out to be very (very) simple;

Windows-R (Start->Run)
regedit

Add a String

key = BootDir
value = C:

To

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionSetup]

And rerun the SP2 installer.

Why didn’t they just SAY so?

Anyway; if/when I have Mac OS X back I’ll report it here and people can use nice old CD’s of XP they find in car boot sales, instead of paying money to that company we all love.

Edit: Well, that was ofcourse kind of simple;

– remove the read only flag from c:boot.ini
– edit boot.ini
– put at the end c:CHAIN0=”Mac OS X”
– save
– put this file in you c:
– reboot

Not Boot Camp, but working fine.