Main /
WeirdAndWonderfulMain.WeirdAndWonderful HistoryHide minor edits - Show changes to output Added lines 9-10:
''P.S. I even had a persistent and concerted PMWiki attack from '''Germany''' ( ???? ) probing for 777 permissions in the wiki.d and pagelist.php script directories. Poor slob, what a waste of time ... but what can you expect from those people ? :-)'' Changed lines 6-8 from:
I'm starting to get ssh attacks on this site with user name 'pi'. Forewarned is forearmed. Firewalls up and bombs away to:
I'm starting to get ssh attacks on this site with user name 'pi'. You'd never guess from what part of the world ( right first time !). Forewarned is forearmed. Firewalls up and bombs awaaaaaaay ... ------------------------------ Added lines 3-9:
!!! July 4th 2015 - A Patriotic Message to Raspberry Pi Users I'm starting to get ssh attacks on this site with user name 'pi'. Forewarned is forearmed. Firewalls up and bombs away ... Added lines 3-61:
!!! April 6 2015 - Bringing the War Back Home IP addresses associated with the Asia Pacific Network Information Centre (APNIC) account for about 90% of all port 22 attacks on this site and over 90% of attacks annoying enough to warrant a DROP record in ''iptables'' ... A grand list of APNIC IPs - https://www.apnic.net/publications/research-and-insights/ip-address-trends/apnic-resource-range ... hmmm, tempting. How much legitimate traffic do I get from New Zealand and Australia ? Probably not much. ------------------- !!! April 4 2015 ''Just found this post from Dec 2012'' http://www.raspberrypi.org/forums/viewtopic.php?f=36&t=23249 And indeed, it's often the Chinese. Sometimes I wonder if they are being encouraged somehow to attack the capitalists. There is an "official" bounty program for "information". And since official policy is complete denial when it comes to cybercrime every poor person with a little bit of IT knowledge will try getting a part of the bounty. They also carry out information gathering inside China, as long as it is dissidents being spied upon. There is even OSX malware, directed at Tibetan dissidents that was very probably government issued. ''So it is said, but who knows if it is actually true. It's certainly consistent with the facts, such as they are ...'' ---------------- !!! October 5, 2014 !!!! A Small Experiment '''Falun Dafa Falun Gong Occupy Hong Kong Democracy Tiananmen Square''' I want to see if I can get the [[http://www.greatfirewallofchina.org/ | Great Firewall of China]] working for me to stop [[http://en.wikipedia.org/wiki/Secure_Shell | Secure Shell]] attacks against port 22. It will be interesting to see if the GFWC blocks legitimate ip traffic to ''tainted'' web pages, but still allows hacker attacks on port 22. Implications, anyone ? Of course, it is also possible that this site will get blocked ''and'' the number of attacks from servers in China will dramatically increase at the same time ... for fairly obvious reasons. We'll see. !!!! Update November 7th: Sparse Findings My feeble attempts to provoke the Great Firewall have been utterly ignored, as far as I can tell. According to various sites purporting to determine if your domain name is present on DNS servers in China, I'm still there, defiant and ( frankly ) feeble in my protests for political change in China [ not that I know anything about the subject ]. But then, who has to know anything to have strong political opinions. For political purposes, it's probably better if you don't know anything about what you're talking about. More effective that way, less intellectual clutter. :-) However, for the purposes of reducing port 22 attacks, the experiment was a '''total failure'''. At this point, I have about 20 million IP address in China blocked. so that may be helping a bit. In fact, on November 6th there was the mother of all attacks, several hundred attacks from perhaps 100 different servers with 100 individual IP addresses from all over the world, attacking in rotation, boom boom boom, one after the other. It was awesome ... I felt vaguely honored to be the object of such attention, no joke. Really, why me ? Why is a lousy little one processor Linode site so important to break into. The economic value of this site is nearly zero to me and probably to them as well. So why ? Do they need another zombie server so much that the attackers feel they must waste ( presumably limited ) resources trying breaking into this site ? It's been interesting, however sparse the actual conclusions. At this point, about 90% of all connections to this machine are break-in attempts, so I'll just keep plugging away at it, slowly tightening up the site. Certainly, the 'bad hacker' industry is far larger than I knew and perhaps larger than anything I can imagine. -------------------- Deleted lines 109-165:
!!! October 5, 2014 !!!! A Small Experiment '''Falun Dafa Falun Gong Occupy Hong Kong Democracy Tiananmen Square''' I want to see if I can get the [[http://www.greatfirewallofchina.org/ | Great Firewall of China]] working for me to stop [[http://en.wikipedia.org/wiki/Secure_Shell | Secure Shell]] attacks against port 22. It will be interesting to see if the GFWC blocks legitimate ip traffic to ''tainted'' web pages, but still allows hacker attacks on port 22. Implications, anyone ? Of course, it is also possible that this site will get blocked ''and'' the number of attacks from servers in China will dramatically increase at the same time ... for fairly obvious reasons. We'll see. !!!! Update November 7th: Sparse Findings My feeble attempts to provoke the Great Firewall have been utterly ignored, as far as I can tell. According to various sites purporting to determine if your domain name is present on DNS servers in China, I'm still there, defiant and ( frankly ) feeble in my protests for political change in China [ not that I know anything about the subject ]. But then, who has to know anything to have strong political opinions. For political purposes, it's probably better if you don't know anything about what you're talking about. More effective that way, less intellectual clutter. :-) However, for the purposes of reducing port 22 attacks, the experiment was a '''total failure'''. At this point, I have about 20 million IP address in China blocked. so that may be helping a bit. In fact, on November 6th there was the mother of all attacks, several hundred attacks from perhaps 100 different servers with 100 individual IP addresses from all over the world, attacking in rotation, boom boom boom, one after the other. It was awesome ... I felt vaguely honored to be the object of such attention, no joke. Really, why me ? Why is a lousy little one processor Linode site so important to break into. The economic value of this site is nearly zero to me and probably to them as well. So why ? Do they need another zombie server so much that the attackers feel they must waste ( presumably limited ) resources trying breaking into this site ? It's been interesting, however sparse the actual conclusions. At this point, about 90% of all connections to this machine are break-in attempts, so I'll just keep plugging away at it, slowly tightening up the site. Certainly, the 'bad hacker' industry is far larger than I knew and perhaps larger than anything I can imagine. ------------------------ !!! April 4 2015 ''Just found this post from Dec 2012'' http://www.raspberrypi.org/forums/viewtopic.php?f=36&t=23249 And indeed, it's often the Chinese. Sometimes I wonder if they are being encouraged somehow to attack the capitalists. There is an "official" bounty program for "information". And since official policy is complete denial when it comes to cybercrime every poor person with a little bit of IT knowledge will try getting a part of the bounty. They also carry out information gathering inside China, as long as it is dissidents being spied upon. There is even OSX malware, directed at Tibetan dissidents that was very probably government issued. ''So it is said, but who knows if it is actually true. It's certainly consistent with the facts, such as they are ...'' ---------------- !!! April 6 2015 - Bringing the War Back home IP addresses associated with the Asia Pacific Network Information Centre (APNIC) account for about 90% of all port 22 attacks on this site and over 90% of attacks annoying enough to warrant a DROP record in ''iptables'' ... A grand list of APNIC IPs - https://www.apnic.net/publications/research-and-insights/ip-address-trends/apnic-resource-range ... hmmm, tempting. How much legitimate traffic do I get from New Zealand and Australia ? Probably not much. -------------------- Changed lines 99-100 from:
!!! April 6 2015 to:
!!! April 6 2015 - Bringing the War Back home Changed line 105 from:
... hmmm, tempting. How much legitimate traffic do I get from New Zealand and Australia ? to:
... hmmm, tempting. How much legitimate traffic do I get from New Zealand and Australia ? Probably not much. Added lines 98-107:
!!! April 6 2015 IP addresses associated with the Asia Pacific Network Information Centre (APNIC) account for about 90% of all port 22 attacks on this site and over 90% of attacks annoying enough to warrant a DROP record in ''iptables'' ... A grand list of APNIC IPs - https://www.apnic.net/publications/research-and-insights/ip-address-trends/apnic-resource-range ... hmmm, tempting. How much legitimate traffic do I get from New Zealand and Australia ? -------------------- Added lines 80-97:
!!! April 4 2015 ''Just found this post from Dec 2012'' http://www.raspberrypi.org/forums/viewtopic.php?f=36&t=23249 And indeed, it's often the Chinese. Sometimes I wonder if they are being encouraged somehow to attack the capitalists. There is an "official" bounty program for "information". And since official policy is complete denial when it comes to cybercrime every poor person with a little bit of IT knowledge will try getting a part of the bounty. They also carry out information gathering inside China, as long as it is dissidents being spied upon. There is even OSX malware, directed at Tibetan dissidents that was very probably government issued. ''So it is said, but who knows if it is actually true. It's certainly consistent with the facts, such as they are ...'' ---------------- Changed lines 61-77 from:
Of course, it is also possible that this site will get blocked ''and'' the number of attacks from servers in China will dramatically increase at the same time ... for fairly obvious reasons. We'll see. to:
Of course, it is also possible that this site will get blocked ''and'' the number of attacks from servers in China will dramatically increase at the same time ... for fairly obvious reasons. We'll see. !!!! Update November 7th: Sparse Findings My feeble attempts to provoke the Great Firewall have been utterly ignored, as far as I can tell. According to various sites purporting to determine if your domain name is present on DNS servers in China, I'm still there, defiant and ( frankly ) feeble in my protests for political change in China [ not that I know anything about the subject ]. But then, who has to know anything to have strong political opinions. For political purposes, it's probably better if you don't know anything about what you're talking about. More effective that way, less intellectual clutter. :-) However, for the purposes of reducing port 22 attacks, the experiment was a '''total failure'''. At this point, I have about 20 million IP address in China blocked. so that may be helping a bit. In fact, on November 6th there was the mother of all attacks, several hundred attacks from perhaps 100 different servers with 100 individual IP addresses from all over the world, attacking in rotation, boom boom boom, one after the other. It was awesome ... I felt vaguely honored to be the object of such attention, no joke. Really, why me ? Why is a lousy little one processor Linode site so important to break into. The economic value of this site is nearly zero to me and probably to them as well. So why ? Do they need another zombie server so much that the attackers feel they must waste ( presumably limited ) resources trying breaking into this site ? It's been interesting, however sparse the actual conclusions. At this point, about 90% of all connections to this machine are break-in attempts, so I'll just keep plugging away at it, slowly tightening up the site. Certainly, the 'bad hacker' industry is far larger than I knew and perhaps larger than anything I can imagine. Changed line 61 from:
Of course, it is also possible that this site will get blocked ''and'' the number of to:
Of course, it is also possible that this site will get blocked ''and'' the number of attacks from servers in China will dramatically increase at the same time ... for fairly obvious reasons. We'll see. Added line 1:
[[PageOutline]] Changed lines 3-4 from:
Aug 3, 2014 to:
!!! Aug 3, 2014 !!!! Sac Au Lait Fishin' Changed lines 43-44 from:
to:
!!!!Update: The domain sac-au-lait.com is associated with ip 50.116.44.179 which is assigned to Linode. Apparently, the sub-domain rovl.sac-au-lait.com is part of a Linode administrative backend of some sort. Changed line 52 from:
October 5, 2014 to:
!!! October 5, 2014 Changed line 54 from:
!!! A Small Experiment to:
!!!! A Small Experiment Changed line 55 from:
Of course, it is also possible that this site will get blocked ''and'' the to:
Of course, it is also possible that this site will get blocked ''and'' the number of hacker attacks from servers in China dramatically increases at the same time ... for fairly obvious reasons. We'll see. Added lines 46-47:
October 5, 2014 Changed lines 53-55 from:
I want to see if I can get the [[http://www.greatfirewallofchina.org/ | Great Firewall of China]] working for me to stop [[http://en.wikipedia.org/wiki/Secure_Shell | Secure Shell]] attacks against port 22. It will be interesting to see if the GFWC blocks legitimate ip traffic to ''tainted'' web pages, but still allows hacker attacks on port 22. Implications, anyone ? to:
I want to see if I can get the [[http://www.greatfirewallofchina.org/ | Great Firewall of China]] working for me to stop [[http://en.wikipedia.org/wiki/Secure_Shell | Secure Shell]] attacks against port 22. It will be interesting to see if the GFWC blocks legitimate ip traffic to ''tainted'' web pages, but still allows hacker attacks on port 22. Implications, anyone ? Of course, it is also possible that this site will get blocked ''and'' the numbers of hacker attacks from servers in China dramatically increases ... for obvious reasons. We'll see. Changed lines 47-49 from:
!!! '''Falun Dafa Falun Gong Occupy Hong Kong Democracy''' to:
!!! A Small Experiment '''Falun Dafa Falun Gong Occupy Hong Kong Democracy Tiananmen Square''' Changed line 47 from:
!!! An to:
!!! An Small Experiment Changed line 47 from:
to:
!!! An Experiment !!! Changed lines 47-53 from:
to:
=== An Experiment === '''Falun Dafa Falun Gong Occupy Hong Kong Democracy''' I want to see if I can get the [[http://www.greatfirewallofchina.org/ | Great Firewall of China]] working for me to stop [[http://en.wikipedia.org/wiki/Secure_Shell | Secure Shell]] attacks against port 22. It will be interesting to see if the GFWC blocks legitimate ip traffic to ''tainted'' web pages, but still allows hacker attacks on port 22. Implications, anyone ? ------------------------ Changed lines 6-8 from:
You can also reach me via http://rovl.sac-au-lait.com/. Hnnnh ? How weird is that ? I started researching Sac Au Lait ( "bag of milk" ??? to:
You can also reach me via http://rovl.sac-au-lait.com/. Hnnnh ? How weird is that ? I started researching Sac Au Lait ( "bag of milk" ) and found this little gem at http://www.songlyrics.com/tab-benoit/sac-au-lait-fishing-lyrics/ called "Sac-Au-Lait- Fishing". Changed line 42 from:
And here I was paranoid about Chinese zombie hackers and suchlike ... whatever to:
And here I was paranoid about Chinese zombie hackers and suchlike ... whatever happened to trust in the basic decency of our fellow human beings ... :-) Deleted line 43:
Changed line 42 from:
And here I was paranoid about Chinese zombie hackers and suchlike ... whatever happen to trust in the basic decency of our fellow human beings ... to:
And here I was paranoid about Chinese zombie hackers and suchlike ... whatever happen to trust in the basic decency of our fellow human beings ... :-) Changed lines 40-42 from:
'''Update:''' the domain sac-au-lait.com is associated with ip 50.116.44.179 which is assigned to Linode. Apparently, the sub-domain rovl.sac-au-lait.com is part of a Linode administrative backend And here I was paranoid about Chinese zombie hackers and suchlike ... whatever happen to trust in the basic decency of my to:
'''Update:''' the domain sac-au-lait.com is associated with ip 50.116.44.179 which is assigned to Linode. Apparently, the sub-domain rovl.sac-au-lait.com is part of a Linode administrative backend of some sort. And here I was paranoid about Chinese zombie hackers and suchlike ... whatever happen to trust in the basic decency of our fellow human beings ... Changed lines 40-43 from:
'''Update:''' the domain sac-au-lait.com is associated with ip 50.116.44.179 which is assigned to Linode. Apparently, the sub-domain rovl.sac-au-lait.com is Anyway, my sincere apologies to all the Chinese zombie hackers out there to:
'''Update:''' the domain sac-au-lait.com is associated with ip 50.116.44.179 which is assigned to Linode. Apparently, the sub-domain rovl.sac-au-lait.com is part of a Linode administrative backend. And here I was paranoid about Chinese zombie hackers and suchlike ... whatever happen to trust in the basic decency of my fellow human beings ... My sincere apologies to all the Chinese zombie hackers out there in cyberland. Deleted line 48:
Added lines 40-45:
'''Update:''' the domain sac-au-lait.com is associated with ip 50.116.44.179 which is assigned to Linode. Apparently, the sub-domain rovl.sac-au-lait.com is some sort of Linode administrative backend. And here I was paranoid about Chinese zombie hackers and suchlike ... whatever happen to trust in the basic decency of my fellow human beings ... it's been beaten out of me I guess. Anyway, my sincere apologies to all the Chinese zombie hackers out there. ---------------------------------- Deleted line 39:
Changed line 10 from:
There's somethin' in the water that's callin' my name ''[ to:
There's somethin' in the water that's callin' my name ''[IP 116.10.0.0/16 again ?]''. Changed line 34 from:
But if I keep gettin' nibbles ''[ to:
But if I keep gettin' nibbles ''[at port 22]'' , I may never go home. Changed lines 6-7 from:
You can also reach me via http://rovl.sac-au-lait.com/. Hnnnh ? How weird is that ? to:
You can also reach me via http://rovl.sac-au-lait.com/. Hnnnh ? How weird is that ? Makes reverse DNS a bit difficult, eh wot. Changed line 10 from:
There's somethin' in the water that's callin' my name '' to:
There's somethin' in the water that's callin' my name ''[Ed: IP 116.10.0.0/16 again ?]''. Changed line 34 from:
But if I keep gettin' nibbles '' to:
But if I keep gettin' nibbles ''[Ed: at port 22]'' , I may never go home. Changed line 10 from:
There's somethin' in the water that's callin' my name ''[Ed: 116.10.0.0/16 again ?]''. to:
There's somethin' in the water that's callin' my name '''[Ed: IP 116.10.0.0/16 again ?]'''. Changed line 34 from:
But if I keep gettin' nibbles ''[Ed: at port 22]'' , I may never go home. to:
But if I keep gettin' nibbles '''[Ed: at port 22]''' , I may never go home. Changed line 10 from:
There's somethin' in the water that's callin' my name. to:
There's somethin' in the water that's callin' my name ''[Ed: 116.10.0.0/16 again ?]''. Changed line 34 from:
But if I keep gettin' nibbles, I may never go home. to:
But if I keep gettin' nibbles ''[Ed: at port 22]'' , I may never go home. Changed line 6 from:
You can also reach me via http://rovl.sac-au-lait.com/. Hnnnh ? to:
You can also reach me via http://rovl.sac-au-lait.com/. Hnnnh ? How weird is that ? Changed line 40 from:
... that '''somethin' in the water that's callin' my name''' is to:
... may that '''somethin' in the water that's callin' my name''' is a [[http://en.wikipedia.org/wiki/Zombie_%28computer_science%29 | Chinese zombie server]] trying to break into my SSH account ... Added lines 39-40:
... that '''somethin' in the water that's callin' my name''' is probably a Chinese zombie server trying to break my SSH account ... Changed line 8 from:
I started researching Sac Au Lait ( "bag of milk" ??? ) and found this little gem at http://www.songlyrics.com/tab-benoit/sac-au-lait-fishing-lyrics/ to:
I started researching Sac Au Lait ( "bag of milk" ??? ) and found this little gem at http://www.songlyrics.com/tab-benoit/sac-au-lait-fishing-lyrics/ called "Sac-Au-Lait- Fishing". Changed line 38 from:
A 'Sac Au Lait' is a type of to:
A 'Sac Au Lait' is a type of [[http://en.wikipedia.org/wiki/Crappie | Crappie]]. I like to believe that somehow this will all make sense eventually ... Changed line 38 from:
to:
A 'Sac Au Lait' is a type of crappie. I like to believe that this will all make sense eventually ... Changed line 8 from:
I started researching Sac Au Lait ( "bag of milk" ??? ) and found this at http://www.songlyrics.com/tab-benoit/sac-au-lait-fishing-lyrics/ to:
I started researching Sac Au Lait ( "bag of milk" ??? ) and found this little gem at http://www.songlyrics.com/tab-benoit/sac-au-lait-fishing-lyrics/ Changed lines 10-36 from:
If I work another hour I'mma go insane. Driftin' to the places I would rather be... In my boat under a cypress tree. (Chorus) Hey, they're gonna see me comin' before the sun dries the mornin' dew. Hey, you know I can't wait to go Sac-au-lait fishin' down on whiskey bayou. There's some good Cajun music on the radio. Every Sunday mornin' it's a Fais do-do. The birds in the trees seem to know this song. I pop a crop to the beat while they're singin' along. (Chorus) Hey... One more cast before the sun goes down. That's just about the time the alligator come 'round. My baby, she's a'waitin' and she's all alone. But if I keep gettin' nibbles, I may never go home. (Chorus) to:
There's somethin' in the water that's callin' my name. If I work another hour I'mma go insane. Driftin' to the places I would rather be... In my boat under a cypress tree. (Chorus) Hey, they're gonna see me comin' before the sun dries the mornin' dew. Hey, you know I can't wait to go Sac-au-lait fishin' down on whiskey bayou. (End Chorus) There's some good Cajun music on the radio. Every Sunday mornin' it's a Fais do-do. The birds in the trees seem to know this song. I pop a crop to the beat while they're singin' along. (Chorus) Hey... One more cast before the sun goes down. That's just about the time the alligator come 'round. My baby, she's a'waitin' and she's all alone. But if I keep gettin' nibbles, I may never go home. (Chorus) Somehow this will all add up eventually ... ------------------- Changed lines 10-12 from:
>> There's somethin' in the water that's callin' my name. to:
>>There's somethin' in the water that's callin' my name. Changed lines 36-38 from:
(Chorus) << to:
(Chorus)<< Added lines 1-40:
------------------------------ Aug 3, 2014 This is a strange one. Somehow someone is linked into the semantastic.com site. You can also reach me via http://rovl.sac-au-lait.com/. Hnnnh ? I started researching Sac Au Lait ( "bag of milk" ??? ) and found this at http://www.songlyrics.com/tab-benoit/sac-au-lait-fishing-lyrics/ >> There's somethin' in the water that's callin' my name. If I work another hour I'mma go insane. Driftin' to the places I would rather be... In my boat under a cypress tree. (Chorus) Hey, they're gonna see me comin' before the sun dries the mornin' dew. Hey, you know I can't wait to go Sac-au-lait fishin' down on whiskey bayou. (End Chorus) There's some good Cajun music on the radio. Every Sunday mornin' it's a Fais do-do. The birds in the trees seem to know this song. I pop a crop to the beat while they're singin' along. (Chorus) Hey... One more cast before the sun goes down. That's just about the time the alligator come 'round. My baby, she's a'waitin' and she's all alone. But if I keep gettin' nibbles, I may never go home. (Chorus) << |