Getting hammered by bots. Working on it

Jeff · December 08, 2017, 10:42:40 AM

The Forestry Forum is suffering from a DOS attack this morning. I am working on it trying to fend them off. I apologize for the intermittent connectivity.

Jeff · December 08, 2017, 11:02:16 AM

I HATE BOTS SPAMMERS SCAMMERS AND WHOEVER CAUSES ALL THESE PROBLEMS!

Okay, that made me feel better.

chet · December 08, 2017, 11:08:05 AM

Much better connectivity up here in Yooper land now. 8)

Kbeitz · December 08, 2017, 11:23:06 AM

To bad you can't just send them back from where they come from...

Jeff · December 08, 2017, 11:25:11 AM

I'm pretty sure they are from Hell, so that ain't a bad plan.

Don P · December 08, 2017, 11:36:40 AM

Tureakistan :D
Yup its all messed up out where the electrons wear out :D
I was blamin the snow, looks like our first real one of the year.

Got a scam phone call the other day from "windows technical support". I invited him to come on over, bring a bucket and rags and clean my windows. I kept telling him the password was Windex but he didn't seem to understand ??? Judging from the sound of traffic outside his mud hut I'm not really sure he knows what a window is, of any kind.

Grizzly · December 08, 2017, 11:37:32 AM

Boss, you need to go get a mug of some good herbal tea, maybe set up a aromatherapy thing, and do some goat yoga, and all that stress is just supposed to melt away. Soothing and peaceful is what I hear..... well ok. It was a great thought though!! :D :D :D

21incher · December 08, 2017, 12:38:07 PM

I wonder if the hack the forum Christmas contest is seen as a challenge to the hackers. :-\
Thanks for all your hard work behind the scenes keeping us safe.

Jim_Rogers · December 08, 2017, 12:47:08 PM

Quote from: 21incher on December 08, 2017, 12:38:07 PM
I wonder if the hack the forum Christmas contest is seen as a challenge to the hackers. :-\
Thanks for all your hard work behind the scenes keeping us safe.

x2

Jeff · December 08, 2017, 12:54:18 PM

:D no. They are not after the website, they are after the server. They have no idea about the contest. They are not looking at anything on pages. That's actually kinda like a thief trying to steal a car because there might be a pack of gum locked in the trunk.

Roxie · December 08, 2017, 02:01:51 PM

Quote from: Chet on December 08, 2017, 11:08:05 AM
Much better connectivity up here in Yooper land now. 8)

If he that smelt it dealt it, let's blame Chet. :D

Ljohnsaw · December 08, 2017, 02:38:20 PM

Sure would be nice if the ISP's would do their job

(block malicious activity) or if we could collectively just reverse DOS them! ;) :D

Jeff · December 08, 2017, 03:10:02 PM

It's not that easy. The bad guys are continuously coming at you from compromised systems. You block one I.P., they come at you from another. It might even be your home computer is the malicious host and you might never know it other than you think it might be running slow at times.

POSTON WIDEHEAD · December 08, 2017, 03:41:11 PM

This week in Mecklenburg County where Charlotte N.C. is located, Iraq or Iran bots sent a worm email.
Somebody opened it.
Now the whole county server is being held hostage for $23,000 in ransom....that is 2 - bit coins.
The time ran out and the county didn't pay. Now the ransom is up to $75,000 I think.
The county is trying to bring back the files from a backup system and it may takes months.

No taxes can be paid because no one knows what is owed at this time. :D

Ljohnsaw · December 08, 2017, 04:47:57 PM

Quote from: Jeff on December 08, 2017, 03:10:02 PM
It's not that easy. The bad guys are continuously coming at you from compromised systems. You block one I.P., they come at you from another. It might even be your home computer is the malicious host and you might never know it other than you think it might be running slow at times.

YEARS ago, I went up to Portland, Oregon to attend a special class. We were being trained on a fancy full-size PC with some unique hardware. There were about 30 or 40 of us in the hotel ballroom at the conference. It was required that we all log into a particular site to get some credentials so we could configure the computers. The hotel's router/firewall saw that there was a sudden "target" being "attacked" by our machines and we were blocked from reaching it. It took the hotel staff about an hour o figure out what was going on. :D

thecfarm · December 08, 2017, 05:08:53 PM

I was blaming all this on my Dinosaur Computer

Peter Drouin · December 08, 2017, 06:51:44 PM

Is there a way to send them a virus back to them?
I mean the

back at them.

WDH · December 08, 2017, 09:23:50 PM

Peter,

They would not know pecan even if the met one in the road.

:D :D.

Peter Drouin · December 08, 2017, 09:39:27 PM

There must be a way to disable them when they try to get in. Maybe leave a hole, door, easy to hack. And when they go in, there pc fills with junk. One less, next, :D
I don't know, just thinking,

paul case · December 08, 2017, 09:49:43 PM

I had nuttin to do with it being filled with junk.

Keep yer chin up boss, You are doing good!

https://www.youtube.com/watch?v=AW1Hj4eSlIA

PC

Ianab · December 08, 2017, 11:28:19 PM

Quote from: Peter Drouin on December 08, 2017, 09:39:27 PM
There must be a way to disable them when they try to get in. Maybe leave a hole, door, easy to hack. And when they go in, there pc fills with junk. One less, next, :D
I don't know, just thinking,

It's called a "honeypot".

If you want to know what the bad guys are up to, you leave out a vulnerable machine in plain sight, and monitor it. It's not actually a real machine, just a virtual system, that has it's actual access locked down tight, and isolated from the rest of the system. But you can watch who attacks it, from where, and what they try and do with it. Knowing that, it's easier to check and harden the defenses on your real systems.

One guy did get one over the Indian scammers. Strung him along on the phone, and managed to send him a copy of a "Crypto-locker", telling him it was a screen shot of his system. And he opened it. :D

Peter Drouin · December 09, 2017, 05:22:28 AM

MbfVA · January 03, 2018, 02:01:15 AM

Ponder this one while you're on the topic of cyber-jerks.

It's against the law in most places to conceal your ID in public, as with a mask.

Why then do our diligent & productive lawgivers, federal - state - local, resist (under pressure from the Verizons and others who make money from it) prohibiting ANYONE from concealing their ID when they CALL US or send us email??

It happens every d**g day. Riddle me that.

My homegrown solution to email spam is simple. Tax everyone who sends email one cent for each one. Everybody gets a 500 or so monthly exemption, or something like that. Details later, think on concept lines for now.

Think about it. Spammers would be out of business almost at once. The ISPs who have to collect the tax would clamp down IMMEDIATELY.

Wow, I feel better after the above pontification. Do you?
:new_year:

Jeff · January 03, 2018, 09:05:42 AM

They would not only be spammers then, they would be tax evading spammers, and the tax, would be inflicted upon the people whom had their systems exploited to send the spam. On the server we had before this one, many years ago, a red hat system, we had a slowdown. We discovered a security hole that had allowed a spammer to set up shop using our server sending hundreds of thousands of spam from our system. It was shut down as soon as it was discovered. I can just imagine being deemed responsible and having to pay a tax on those spam emails.

Spammers are
Hackers and they do not use legitimate means to send email.

A message to whom it may concern I can see through the veil of promotion. Stop it.

Southside · January 03, 2018, 08:31:39 PM

I don't know how you do it Jeff. To me it was a lot easier when I was handed an M-60 and told "those are the bad guys".

MbfVA · January 04, 2018, 01:14:47 AM

Granted you and the FF are dealing with a different problem from simple time wasting spam, which is a problem for everyone on the net, but my point is that it is easy to stop the time wasters. Not an expert nor trying to sound like one but I think you will find that even the jerks who attack your system and others have to have help somewhere along the way from someone/some entity in the legit world who makes money by looking the other way. It's that way in lot of things that go on that irritate us.

I spent 4 years active in the political world as an elected local supervisor, which included in particular an eyeopening meeting as part of a lobbying group for the National Association of Counties with a senior now retired US Senator in DC. It was an important but very mundane issue, but it brought me face to face with the reality of "yes, you are right but it is not going to happen because of powerful interests out of our control". Don't laugh, but it involved "trash".

Politics including, yes, the business world (a VERY political place), is on the inside a lot like the duck whose major struggles and activity are unseen and frankly, not understood by many/most.

Some of it is "necessary" but some of it would make you mad enough to take up arms and not for killing deer 🦌.

ps--never doubt the "power of taxation", check the story of Al Capone's downfall.

Ianab · January 04, 2018, 02:34:20 AM

Problem is, spam is a global issue, with much of it originating in countries that lack any effective government. Basically any law that the US passes won't apply to some Russian bouncing his spam of a network of compromised machines in China. US already has laws against spamming, and if you use your own servers (in the US) to do it, you get arrested. So the spammers look to compromise other peoples machines, and use those to relay spam (as Jeff gave an example of). If someone traces the spam "source", things point back to the FF server, and Jeff. After that the trail either goes cold, or leads to some foreign country. Meanwhile the FF server gets "blacklisted" as a spam source, and even legit emails will be blocked by other servers.

The underlying issue with email and spam is that the original system had very little security or authentication built in. Servers receive and forward emails without actually verifying that they came from the source they claim. So you can put a from "support@ebay.com" or "customer_services@xyzbank.com". The SMTP protocol doesn't check that against any security certificate, it just passes the message on to the destination server.

Then a spam filter has to actually look at the message header (and contents) and try and guess if it's a legit message, or spam. Filter too aggressively, and legit email gets lost. Too lenient and too much spam gets through.

So putting a tax on emails would first be a nightmare to administer, there is no central accounting of emails, and as a spam deterrent, it would be useless anyway, as the spam isn't coming from legit sources.

Andries · January 08, 2018, 08:42:45 PM

Quote from: Ianab on December 08, 2017, 11:28:19 PM
. . . and managed to send him a copy of a "Crypto-locker", telling him it was a screen shot of his system. And he opened it. :D

So, Ianab may have a source for code called a crypto-locker.
Jeff - how are you at lobb-ing out some 'hurt-lockers'?

Ianab · January 08, 2018, 11:00:03 PM

QuoteSo, Ianab may have a source for code called a crypto-locker.

He just fished it out of his spam email folder, renamed the "Fedex_docket12345.pdf.exe" to "Screenshot.pdf.exe" and sent it to the scammer. After leading him on for 1/2 an hour trying to get the Teamviewer software to work.

"Nah it's not working, can I send you a screenshot of what's going on?"

Scammer still thought he had a live one hooked, supplied a gmail address, and opened the file.

It's a sport for some of the techy guys to mess with these scammers.

Heck even my neighbour, who fixes farm milk chillers, is wise to them. "Yeah, I've got Windows open, but it's getting a bit cold in here now..."