Saturday, July 24, 2010

Thanks for Visiting: Script Kiddy

Everybody knows that hackers fall into two categories: script kiddies and Chinese cyber warriors raised from birth to destroy the American power grid.

Well, I've got this little VM floating around the clouds of the internet. Nothing exciting. It hosts http://dougbunger.com, which is mostly 404 pages and dead links. But... its my little cloud VM, and I love it.

So all week long, somebody has been slamming my server, trying to hack in. Why? There's nothing of value. Not quite true: chances are, if they were to compromise my server, they would probably use it as a file drop for pirated media or pr0n. (And not the good kind... of either.)

I don't think its the Chinese: they are too busy hacking Google to read their dissident's email. No, its the Script Kiddies. How do I know? They are hitting the server with thousands of PHP and SQL exploits. Unfortunately, the server has neither. So, I implemented an Apache redirect:
AliasMatch ^$ /var/www/html/index.html
RedirectMatch (.*[pP]+[hH]+[pP]+.*) \
    http://english.cpc.people.com.cn
RedirectMatch (.*[sS]+[qQ]+[lL]+.*) \
    http://english.cpc.people.com.cn
I inserted two lines that evaluate the URL and redirect anyone that ask for anything containing PHP or SQL to another website. My regex was not sufficiently righteous, and redirected blank URI's, so the first line ensures you get an index page.

And where does something like http://vypress.bunger.us/sql.php redirect? Why to the Chinese Communist Party home page, of course. Their people are trained for this kind of thing. I'm sure they will appreciate the practice.

No comments:

Post a Comment