IWETHEY v. 0.3.0 | TODO
1,095 registered users | 0 active users | 0 LpH | Statistics
Login | Create New User
IWETHEY Banner

Welcome to IWETHEY!

IWETHEY Home / IWETHEY Board / Administrivia Forum / Yet another Update for uptime stats.
Post #259,141
by folkert
Picture of folkert
6/16/06 11:45:06 AM
Reply
New Yet another Update for uptime stats.
I have yet again upated my uptime stats for information included.

Now it is updated every 2 minutes, and it shows the currently blocked hosts.

These blocked hosts could be blocked for a few reasons.

Its cool!

[link|http://www.gregfolkert.net/stats/uptime.html|New and Improved UPTIME for Kannigette!]

Hosts are listed in this order:
  1. Trying to use a feature that isn't there (300 class of errors in apache)
  2. Trying to get something that doesn't exist, or won't succeed (400 class of errors in apache)
  3. Authorization failure, for Apache, SSH or E-mail.
Sorted by class new to oldest. Oldes t being removed after 20 minutes of on list time. If attempts continue, 20 minutes on, until 3 additional failures, on for 20 minutes, etc... forever like that. Eventually they'll realize that if they fail 3 times in a 20 minute period (after failing 5 time initially), they'll be banned.

So, then I'll have to worry about the greater than 20 minute failing 3 times people. Down the line. Seeing as this stuff is automated already.

I also had an interesting ICQ chat with an operator of one zombie network. Seems he is a bit agitated that I discovered him and his matrix of websites used in discovery of Open Proxies. Then the machines used in PPC Fraud and his (Pharma and pr0n) Websites he operates with tons of banner ads.

Personally, I was shaking myself with adrenaline. Now... if it takes me only a short amount of research to find them with public tools available already (Google, whois, DNS resolution, redirect cleaning and other tools) I wonder why law enforcement can't do the same. Total time invested in analyzing - 15 minutes. Total time ICQ chatting with the Operator... 30 minutes.

To start all I had was 20 weeks of 3M hits per week, apache logs. I found many interesting patterns once I shredded (analyzed) the data properly.

Oh, sent those logs off to that guy in Alabama, that does the working with the FBI thing. Hi first response was basically: "Muahahahaha!"
--
[link|mailto:greg@gregfolkert.net|greg],
[link|http://www.iwethey.org/ed_curry|REMEMBER ED CURRY!] @ iwethey
Freedom is not FREE.
Yeah, but 10s of Trillions of US Dollars?
SELECT * FROM scog WHERE ethics > 0;

0 rows returned.
Post #259,146
by boxley
6/16/06 12:06:09 PM
Reply
New you might want to contact this guy as well
[link|http://www-static.cc.gatech.edu/~feamster/|http://www-static.cc...ch.edu/~feamster/] he helped the feebs nail a local bigtime spammer.
thanx,
bill
Any opinions expressed by me are mine alone, posted from my home computer, on my own time as a free american and do not reflect the opinions of any person or company that I have had professional relations with in the past 50 years. meep
Post #259,149
by jb4
Picture of jb4
6/16/06 12:14:36 PM
Reply
New Law "enforcement"?!? Surely you jest...
You want the whole litany, or just the basics? The Basics? Fine:

1) This isn't Terrorism\ufffd, so it ain't sexy
2) Nobody made Director busting some guy scamming websites
3) Nobody's getting killed, maimed, poisoned, raped or whacked, so it ain't sexy.
4) It's just a bunch o' Geeks and their toys; I won't make Director worrying about them.
5) The "internet"? Whazzat?
6) "Apache"? Didn't Custer wipe all of them out?
7) "Duh..."

The bottom line is that "law enforcement" just doesn't consider this high enough of a priority to bother with. And you're a whole lot smarter, and more savvy, than the vast majority of said "law enforcement"; you know that the tools to do this are already out there, and you know how to use them (and to apply them to the task at hand). Give yourself some credit, what you're doing is not something that the average person (or even the average person who works in the field) would know how to do. And you have a vested interest in doing it, while "law enforcement" could care less.
jb4
"So don't pay attention to the approval ratings that say 68% of Americans disapprove of the job this man is doing. I ask you this, does that not also logically mean that 68% approve of the job he's not doing? Think about it. I haven't."
Stephen Colbert, at the White House Correspondent's Dinner 29Apr06
Post #259,154
by Another Scott
6/16/06 1:02:32 PM
Reply
New Thanks muchly! Write up the details!
You should write-up an article on the techniques you used and post it with a pointer to LinuxToday (or some such site) and maybe even send an e-mail to SJVN (who seems to be a reasonably on-the-ball member of the IT press). I'm sure it would help a lot of providers and even small companies that have servers on the Internet.

Cheers,
Scott.
     Update on Z's response times? Megapath dumping packets? - (Another Scott) - (10) - June 15, 2006, 08:12:59 AM EDT
         1,546,001 Click Fraud Proxy requests since Jun 11 7:36AM - (folkert) - (3) - June 15, 2006, 03:12:27 PM EDT
             "Click Fraud Proxy requests" - (broomberg) - (2) - June 15, 2006, 03:19:31 PM EDT
                 Okay. - (folkert) - (1) - June 15, 2006, 03:54:20 PM EDT
                     Sounds like you saw them working it in real time - (drewk) - June 15, 2006, 04:11:49 PM EDT
         It has been slow for me for many months - (lincoln) - June 15, 2006, 04:18:32 PM EDT
         Bwahahaha. - (folkert) - June 15, 2006, 08:47:35 PM EDT
         Yet another Update for uptime stats. - (folkert) - (3) - June 16, 2006, 11:45:06 AM EDT
             you might want to contact this guy as well - (boxley) - June 16, 2006, 12:06:09 PM EDT
             Law "enforcement"?!? Surely you jest... - (jb4) - June 16, 2006, 12:14:36 PM EDT
             Thanks muchly! Write up the details! - (Another Scott) - June 16, 2006, 01:02:32 PM EDT 

10 PRINT "HELLO LRPD"
20 GOTO 10

312 ms