mozdev Downed by Denial of Service Attack
Saturday July 5th, 2003
Pete Collins of mozdev wrote in to tell us why the site has been unavailable since yesterday. It appears that mozdev was hit with a massive denial of service attack targetting the Bugzilla and CVSweb CGI scripts. Pete and the mozdev team are working hard to bring the site back up and they plan to report this incident to the FBI. If anyone has any information about the attack, get in touch with Pete at petejc@optonline.net.
Update! Pete writes in: "People are coming forward to help out from all over the globe. Some are providing some tips about the attackers, others analysis of the logs and possible exploit used. Once again the community rises up to help out.
"In the mean time I have mozdev here in my basement and am working on getting the data over to the new server which we just purchased w/ donations the community has given mozdev.
"The worst case scenario is I'll have mozdev back up in days (I hope) w/ CVS and some other minimal services. We can't use the old system anymore. It is running an OS that is very old and is the root of our problems."
Another Update! The German magazine Heise has a report on the attack. A rough English translation is available from Google.
Full Article...
It's amaizng people do stuff like this. There is no point in any of it - I could understand to an extent if you were attacking a company who had annoyed you but why mozdev? There is no money to be gained in it so it's strange why people do it apart from them being generally losers.
I hope you find the attacker Pete.
The people who do things like this are no different than teenagers who smash mailboxes or paint obscene graffiti on something. Often they have nothing against the target of thier vandalism, it's just "cool" to do it.
I wonder if that has to do with this (sorry about the Foxnews link, but it was given to me):
<<http://www.foxnews.com/story/0,2933,90957,00.html>>
From what I read, the contest was supposed to be about defacements, not DOS. And it wasn't supposed to start until Sunday, I thought.
-wg <><
Sure, because what your "Department of Homeland Security" says, must be true. Surely it must have been terrorists with WMD's such as aol accounts. *snicker*
This is just terrible, I was afraid that something like this had happened...
I also noticed that David Tenser's help site was down for some time but now it's back up.
#7 I wonder if there is a tracking technology to ....
by zookqvalem
Saturday July 5th, 2003 9:09 PM
Reply to this message
I wonder if it is possible for anyone to implement a tracking technology to track all of the incoming attack and trace it to the source somehow. It would be cool if anyone is able to develop this technology... Yea, bad thing is anyone can mask their identity....
#8 Re: I wonder if there is a tracking technology to
by minh
Saturday July 5th, 2003 10:30 PM
Reply to this message
That's not possible, really. You'd have to sniff and track all major internet backbones, trace it further to smaller routers, determine the ISP from a part of the originating packets, and hope for help. Most likely, you'd find a compromised server. And don't forget the packets in most DoS attacks are spoofed.
You can't just catch a hacker (/cracker). If he's smart, he'll connect through a bunch of hacked systems in several locations to shield himself off. Something that takes out a whole machine on a fast net connection, is most likely not just a dude with a broadband internet connection, from that home connection.
Even when you manage to trace him back all the way to the first system he uses to operate through, that would be a 'secure root' (a very low maintenance hacked box) that doesn't log his presence at all, and if he doesn't log into it anymore (he could be using proxies...), there's no way you'll ever track down his home ip.
That's ofcourse assuming it's a smarter individual, instead of a dumbass script kiddie... Still, a DoS attack of an opensource site is a pretty lame thing to do.
Don't they have anything better to do?
Is Microsoft getting upset?
Who knows, maybe Mozilla is making some breaks
into IE's territory and some sympathizers don't appreciate it...
By the way. Is there a mailing address we can send checks to MozDev if we want to make donations? I tried with PayPal the other day and it wouldn't work so if we can have an alternative it would be nice.
Yes there is. Please send an email to me and i'll forward it to Dave who just got back in town.
Thanks
As soon as Mozdev will be available, I'll maka a good donation, Mozdev is too important for everyone.
The best you can do in a situation like this is draw the lessons to stop it happening again. I'm quite a newbie with computers, we only got this at christmas, so I don't know the ins and outs of how to make a server more secure or whatever, but I know what I like, and I like Firebird. It seems to me that the strength of Mozilla is that it's not monolithic, its more amorphous in nature. There's a world wide community that can help, not just by sending money, though that's obviously a good idea, but perhaps people could mirror parts of the so it isn't all gone if one server is taken down.
I'm curious. The translation from Google seems the same as from Altavista's Babelfish (babelfish.altavista.com). Anyone know if Google is using Altavista? I prefer Babelfish to Google's Language Tools page because it has more languages and loads faster (surprise!).
When I tried to access the Mozdev website yesterday and couldn't, I suspected something like this might have happened. Reading about it just reinforces my opinion that somewhere, a line has been crossed. Mozdev has done nothing but loads of good by providing a free site for developers and users to come together in the interest of Mozilla apps. To disrupt such a service for no good reason other than "just because I can" is an act most abominable and smack of moral cowardice. The relevant authorities should be called in and the perpetrators must be pursued and convicted to the *FULLEST* extent of the law.
When I tried to access the Mozdev website yesterday and couldn't, I suspected something like this might have happened. Reading about it just reinforces my opinion that somewhere, a line has been crossed. Mozdev has done nothing but loads of good by providing a free site for developers and users to come together in the interest of Mozilla apps. To disrupt such a service for no good reason other than "just because I can" is an act most abominable and smack of moral cowardice. The relevant authorities should be called in and the perpetrators must be pursued and convicted to the *FULLEST* extent of the law.
Who had interests in doing such a thing? Who earns money if the Open Source name gets down?
From <http://uptime.netcraft.co…up/graph/?host=mozdev.org>
PHP 4.2.1 ain't that old. But Apachge 1.3.23 definitely is
Is mozdev.org mirrored somewhere?
The downloads are mirrored (search the forums), but not the www parts.
...but all the links give 404's so far. Guess it's taking them a while to get things reconfigured.
The evil side of me is wondering if we now approach the point where someone needs to grab the Spamhaus list and start making housecalls.
I know it is immoral as anything, but perhaps MSN, AOL/Time-Warner, Earthlink, Yahoo, eBay, and others might make under-the-table donations to pay the defense costs for someone who thinned the spammer/cracker/DOS-er herd a bit for us.
Bear with me for a minute here. If there were tangible risks involved for the crackers or spammers (who are often the same nowadays) they might think a little harder about fucking with our infrastructure. The FBI may be a deterrant to some, but they move parts of the business overseas (or never come to the US or UK in the first place) and feel pretty safe from official prosecution. A few dead high-profile spammers might make a stronger case to those who remain that it is time to polish up the resume and go find a legitimate job.
Word gets around to the script kiddies that we are not coming for their computers but for their hides and maybe they leave well enough alone.
When writing a virus becomes writing your own obituary, perhaps you just return to surfing for pr0n (preferably with Mozilla! ;-) ).
Killing abortion doctors is morally indefensible because a valid moral argument can be made for what they do for a living. Before you can claim that you are killing a murderer you have to win the argument that they are in fact murderers.
Spammers, virus writers, crackers, defacers, and their ilk have no such defense...
======================================
Please, nobody take this seriously. If you don't know what to make of this, go read "A Modest Proposal" by Jonathan Swift. If you still don't follow (or work for the Feds and are investigating me for making terrorist threats), look up hyperbole in the dictionary. Also note the subtle fact that I'm only making speculative remarks.
| 
