My own conspiracy against the hackers………
For grins and giggles I sometimes put a honeypot of sorts out on the internet on a dynamic IP just to see what the port scanner people will try to do
with it.
But, more often than not, the response by the little botnets have been pathetic. An obvious sign that all the hacking is being done by automated
programs on the hacker’s computer and slave bots. There is obviously no one looking at the data.
I put an obvious port 80 server on line, with some juicy stuff, and let it sit there. The botnets will probe the port time and time again, and verify
that it is there, then they go right to the FTP, windows server, phpmyadmin and webmin attacks. They don’t even take the freaking time to look at
what is on the server they found.
When they find a secure FTP server then they just sit there an brute force attack it hour after hour………….
I know what they are wanting to do. They are wanting to gain access to the root directory and load their own program for the server to run. Or their
own files that they can point infected computers to.
If you just have port 80 visible, and hide all the others, then they just probe port 80 once, then try to get a response on all the other ports, when
that fails, then they move on. I have left a port 80 server online for days that way, and I didn’t have a single hacker actually look at what was on
the damn thing!!!!!!!
What was really pathetic was I had put a lot of work into making a website that would make a person go WTF!!!!!!! I had finally got tired of seeing
Chinese botnets hit my firewall. The page I made was patterned after a military webpage. It had top secret plastered all over it. has a couple
document sections laid out. “Critical problems and contingencies. Works in progress. Target lists. Ordnance selection guidelines."
The basic jest of the website was……… “The Chinese hacking problem had reached a critical point where something had to be done!!”
…..and…….. “Because the Chinese government has shown complacency in their actions… The only viable method of stopping them based on the
limited positioning information you can get by their IP is limited strategic nuclear strikes to take out the hackers.”
Then I went into cost benefit analysis of weighing the civilian losses, to the possible gains by eliminating the people that are causing the problem,
and the shear intimidation of anyone else that would even think about hacking.
Ordnance selection was based on how many civilians may die, verses the probability of not taking out the hacker. It is obvious that if you don’t
take out the hacker, then all the civilian losses are for nothing.
None the less…… that was a while ago….. and I don’t have that up anymore.
I am currently thinking of a way to screw with their botnet minds.
If I put an open FTP server, or a secure server that has an easy password to guess…. Then I know that they will gain access…… but….. If it is
a fake root directory or a totally unrelated machine from the one that is providing the webpage…. Then….They will try to load a program for the
server to run… But it won’t do anything. Or they will load a file on the HTTP directory and expect it to be available on the port 80
server…..But it won’t……….
I could keep them scratching their heads for hours…..
(evil maniacal laughter)
The other thing I have found out is………. If you start pinging them, or port scanning them back, then they quickly run and hide……. Once they
find out there is a live person on the other end sending stuff back at them, then they lose their bravado and run off and hide like ants.
After pinging/port scanning a couple attacking computers the incoming attacks have disappeared….. I have been sitting here for over 2 hours while
working on other stuff with the packet sniffer running on one of the computers on the network link to the “honey pot” and I haven’t seen
crap!!!!!!!!!
The last good attack I have sustained was from
66.11.123.195
AKA
cms.suavemente.net (I would NOT suggest that you visit the site)
A web hosting provider website server!!!!!!!!!
The server has probably been hijacked by a hacker and is being used to attack other servers…… Or…… The people that are running the website
are using the server to attack other servers. One or the other….. it doesn't portray a good image for the company.
edit on 26-2-2011 by Mr Tranny because: (no reason given)