I had to drop my web server. Took me a while to figure out what was going on.
I killed every task on the computer I could and it stayed bogged down like crazy. I'd telnet into my machine even using 127.0.0.1 from the local computer and have to wait a few minutes before I'd get to the login prompt! It was so slow, once it connected, you got nothing at all, I had time to burn a CD, check back and it was checking my ip address.... Start another CD burning on my laptop and oh look now I can enter my name.... Wait.... Password.... etc. Frustrated with that and it wanted to crash 2-3 times, I was wanting to see if I might have missed an update or something....Checking the version number I looked at the Synchronet's screen and saw lines flying like crazy.... Closer inspection late last night I noticed it was my web server with lots of non-existing files.... Apparently some web server's infected with the code-red or similiar virus, but either way it's rampant attack on my server has brought mine to its knees..... I shut it down temporarly till I have the time to dig through and see the IP address I need to bann....


---
■ Synchronet ■ Roach Guts - roachguts.com

Re: Apparently Hackers are Rampent
By: John Guillory to All on Fri Jul 09 2010 07:22 am

I had to drop my web server. Took me a while to figure out what was going on I killed every task on the computer I could and it stayed bogged down like crazy. I'd telnet into my machine even using 127.0.0.1 from the local compu and have to wait a few minutes before I'd get to the login prompt! It was so slow, once it connected, you got nothing at all, I had time to burn a CD, ch back and it was checking my ip address.... Start another CD burning on my laptop and oh look now I can enter my name.... Wait.... Password.... etc. Frustrated with that and it wanted to crash 2-3 times, I was wanting to see I might have missed an update or something....Checking the version number I looked at the Synchronet's screen and saw lines flying like crazy.... Closer inspection late last night I noticed it was my web server with lots of non-existing files.... Apparently some web server's infected with the code- or similiar virus, but either way it's rampant attack on my server has broug mine to its knees..... I shut it down temporarly till I have the time to dig through and see the IP address I need to bann....

Ouch man! Sorry to hear that. You should really be running a resident antivirus on your server to prevent malicious code being uploaded or executed on your web server. Hell, even something free is better than nothing!


---
■ Synchronet ■ Dark Sanctuary darksanctuary.servebbs.com

John Guillory wrote to All <=-

I had to drop my web server. Took me a while to figure out what was
going on. I killed every task on the computer I could and it stayed
bogged down like crazy. I'd telnet into my machine even using
127.0.0.1 from the local computer and have to wait a few minutes before I'd get to the login prompt! It was so slow, once it connected, you got nothing at all, I had time to burn a CD, check back and it was checking
my ip address.... Start another CD burning on my laptop and oh look now
I can enter my name.... Wait.... Password.... etc. Frustrated with that and it wanted to crash 2-3 times, I was wanting to see if I might have missed an update or something....Checking the version number I looked
at the Synchronet's screen and saw lines flying like crazy.... Closer inspection late last night I noticed it was my web server with lots of non-existing files.... Apparently some web server's infected with the code-red or similiar virus, but either way it's rampant attack on my server has brought mine to its knees..... I shut it down temporarly
till I have the time to dig through and see the IP address I need to bann....

---
■ Synchronet ■ Roach Guts - roachguts.com

That does not sound like fun. Sorry about the frustrations with what happened.
Best of luck
in tracking down the cause of the VERY slow response. Should virus software not catch
something like the code-red or similiar virus. Maybe update the anti-virus. ... The number you have dailed...Nine-one-one...has been changed.
--- MultiMail/Win32 v0.49
■ Synchronet ■ Diamond Mine Online BBS - bbs.dmine.net

Re: Apparently Hackers are Rampent
By: Mit to John Guillory on Fri Jul 09 2010 04:13 pm

Ouch man! Sorry to hear that. You should really be running a resident antivirus on your server to prevent malicious code being uploaded or execute on your web server. Hell, even something free is better than nothing!

He's not running code on my server. The other machine's more than likely
infected or trying to infect mine with a glitch that only affects Microsoft
IIS. I don't run IIS, I run Synchronet's web server only. But his machine
effectively was doing the equivilent of pointing your web browser to a
non-existing path and pressing F5 (refresh) like 1000 times a second. The
URL was actually trying to be fetched so much that it couldn't display it
fast enough in the listbox! It was the same URL over and over. He didn't
infect me with nothing, but the repeated attempts caused it to bog my
computer down to a crawl. I wished Synchronet had a thing to temporarly
ban the IP address after repeated non-existing URL's like the attempted
password hacking attempts.... If it did, the machine would auto-speed
up till the hacker or infected website gave up....

---
■ Synchronet ■ Roach Guts - roachguts.com

John Guillory wrote:

Re: Apparently Hackers are Rampent
By: Mit to John Guillory on Fri Jul 09 2010 04:13 pm

Ouch man! Sorry to hear that. You should really be running a resident antivirus on your server to prevent malicious code being uploaded or execute
on your web server. Hell, even something free is better than nothing!

He's not running code on my server. The other machine's more than likely
infected or trying to infect mine with a glitch that only affects Microsoft
IIS. I don't run IIS, I run Synchronet's web server only. But his machine
effectively was doing the equivilent of pointing your web browser to a
non-existing path and pressing F5 (refresh) like 1000 times a second. The

I had someone doing a namelist to try to get into the mail server. :o

One time I got the IP address from someone that was hitting the web
server and was able to remote desktop to their server (win 2003). I
started installing patches and crap. Eventually I had to restart it and
I never went back on though. Might just have been easier to set up a
format on restart somehow. :)

-Mindless Automaton
---
■ Synchronet ■ Eldritch Clockwork BBS - eldritch.darktech.org

Re: Apparently Hackers are Rampent
By: John Guillory to Mit on Fri Jul 09 2010 03:39 pm

He's not running code on my server. The other machine's more than likely infected or trying to infect mine with a glitch that only affects Microso IIS. I don't run IIS, I run Synchronet's web server only. But his machi effectively was doing the equivilent of pointing your web browser to a non-existing path and pressing F5 (refresh) like 1000 times a second. The URL was actually trying to be fetched so much that it couldn't display it fast enough in the listbox! It was the same URL over and over. He didn' infect me with nothing, but the repeated attempts caused it to bog my computer down to a crawl. I wished Synchronet had a thing to temporarly
ban the IP address after repeated non-existing URL's like the attempted password hacking attempts.... If it did, the machine would auto-speed
up till the hacker or infected website gave up....

I believe we call that a D.O.S. attack. Usually done with syn flooding but this seems to work also :)

It would be nice for some type of throttling on the synch services. Some polite notification telling the user to "chill out for a sec" if it's requesting to much in a givin amount of time.


---
■ Synchronet ■ Dark Sanctuary darksanctuary.servebbs.com

Re: Re: Apparently Hackers are Rampent
By: Mindless Automaton to John Guillory on Fri Jul 09 2010 11:10 pm

I had someone doing a namelist to try to get into the mail server. :o
One time I got the IP address from someone that was hitting the web
server and was able to remote desktop to their server (win 2003). I started installing patches and crap. Eventually I had to restart it and
I never went back on though. Might just have been easier to set up a format on restart somehow. :)

Awesome! You could patch his friggen IIS to get rid of the code-red worm,
put a web page up to announce for everyone to see that says "I'm Infected,
go away!" ;-) That's too much.... What really sucks is my schedule doesn't
allow much time to really play around with finding this rascal.... I'll have
to wait till next week to really have the time to mess with it....

---
■ Synchronet ■ Roach Guts - roachguts.com

Re: Apparently Hackers are Rampent
By: Mit to John Guillory on Sat Jul 10 2010 04:17 pm

I believe we call that a D.O.S. attack. Usually done with syn flooding but this seems to work also :)
It would be nice for some type of throttling on the synch services. Some polite notification telling the user to "chill out for a sec" if it's requesting to much in a givin amount of time.

Call it whatever, just find a patch for it... ;-) It bogged my system down
bad! He must have used all his resources to target my machine.... Who
knows, he might have got several of his friends together to all target
my computer.... Of course, either way, since I'm providing the upload
end and he'd be attempting the download end, naturally my end would be
the slowest.... Either way, someone feel free to find a solution....
I'm all for hackers experimenting, but when they do something for malicious
purposes they need to be stopped!

---
■ Synchronet ■ Roach Guts - roachguts.com