Running a Web Site, Watching Hack Attempts in Real Time
I run walkran.com, and like many webmasters (of small-med sites) I like to keep a copy of my web logs running on a second monitor. It’s actually very compelling watching. I can see all sorts of interesting things, including:
- Who is visiting (IP address)
- When they visited
- Where they are from / what ISP they use
- What page they requested
I do this in part because I like to keep an eye on security, and watching web logs is one way to see some of what’s going on. I am fairly certain my automated and malicious traffic outnumbers my legitimate traffic by a factor of three or four to one. Some of this is search bots and requests for pages on servers that used to be located at this IP address. That’s stuff is usually uninteresting. But then there is the malicious traffic.
At least a couple times an hour, I see requests along the lines of:
/wp-admin/admin.html
/cgi-bin/test.cgi
/cgi/admin.cgi
Basically, people are trying common administrative login URLs. In my case, I don’t have wordpress nor a cgi directory, so there’s nothing there to attack; they get 404 (not found) errors and move on.
Security is Paramount
If I did have those files in place, in the default locations (like many wordpress sites), the hacker would then check to see if I was running a vulnerable version. If so, he would exploit them. Depending on the skill level of the person involved, this could all be done on an automated basis. Push a button, go to sleep, wake up with a list of exploited servers. There are many out there who are capable of this. For this reason and many more, security should really be at the top of everyone’s list.
How did they find my site?
Who knows, but likely, randomly. That’s one of the ways of finding vulnerable hosts. Using a tool like nmap, they scan random network segments, log the results, and go from there. That’s why it really doesn’t matter who you are. Many people think “I have nothing people would care about”, so I’m not worried about getting attacked. Big misconception. Often people are targeted randomly, and the computer of “joe schmoe” can be useful for many things beyond the data it contains. One trend is installing crypto miners .. meaning your system performance goes to hell, as it is busy making them money rather than doing your work. Another is to send spam. Another is to use the compromised host as a “jump off” point.
What do I do when I see people scanning my site?
Usually I ignore it. Sometimes I’ll look up their IP address to see where they are coming from. China, and Eastern Europe stand out, and seem to be a common point of origin for malicious traffic. Nigeria is up there. Occasionally I will fire off a port scan at the originating IP: it’s kind of like sending out a ping from a submarine, letting the would-be hacker know that you’ve seen them. I suspect in most cases, it’s not noticed, but it’s nice to think that maybe, the odd time, I make one of them sit up straight.
Speaking of messing with people, I was able to freak someone out rather nicely the other day. I’d mentioned my web site and said “check it out.” A day or so later, they did: I was able to see this through the logs, as their geographic location stood out. A minute or two later, I picked up the phone:
“Hello?”
“Hey, what did you think of the site?”
“What?”
“My site. how do you like it?”
“How did you...”
“I see everything.”
We had a good chuckle and I explained, but the point was illustrated: if you click something, someone, somewhere, knows you did. I don’t think the average person appreciates just how open all of their Internet actions are. Moral of the story: use a virtual private network and web proxy! You never know who is out there, watching what you do.
[ @xwalkran ]
Seeking truth, meaning and enlightenment.
Philosophy, Technology, News, Conspiracy, Homesteading, Fiction, $$ and more.
Check out my news/conspiracy aggregation site @ http://walkran.com
Hey xwalkran,
For the informationwar tag please keep the use of it to something about fighting against propaganda, fighting for freedom, or debunking propaganda type posts.
Our Purpose
Sure: I thought the computer/security/privacy side would be part of it, but I hear what you are saying. Apologies for the confusion.
Yeah, if you gear it towards how people might protect themselves from spying(like what hardware/software/encryption they could ), or detail how the government is spying on you via facebook/google/smartphones/whatever would count also.
Or like how cryptocurrency is a good thing to invest in because the US Government prints endless amounts of money via the FED(Which also never is audited and is all smoke and mirrors).
If you wanted to take a quick look at the Our Purpose post or browse through the trending section of #informationwar it might make more sense.
https://tinyurl.com/infowar3318
:)
I'm sorry, I lol'd that you changed the tag to "notinformationwar"
Are Macs less likely to be hacked for all those nefarious purposes, than PCs? I seem to dimly recall somebody saying that once upon a time. I can't imagine ours would be attractive for anything like crypto mining because our wifi is so sloooooooow and as a result the computer is too. Either that or somebody is mining crypto because dang this thing is poky :)))
I am a pretty high end smart ass, so.. you know.l.
Mac security is generally better than pc security, I would guess, but I still don't like it. Jobs/Cook were/are not my favorite people, and their approach (sell overpriced hardware with shiny on it) is not the most customer friendly.
I had a Macbook Pro for a lot of years and it was a great machine .. I fully understand the appeal. They're just part of the bad guys team, so not an option!