MozillaZine

Full Article Attached mozdev Downed by Denial of Service Attack

Saturday July 5th, 2003

Pete Collins of mozdev wrote in to tell us why the site has been unavailable since yesterday. It appears that mozdev was hit with a massive denial of service attack targetting the Bugzilla and CVSweb CGI scripts. Pete and the mozdev team are working hard to bring the site back up and they plan to report this incident to the FBI. If anyone has any information about the attack, get in touch with Pete at petejc@optonline.net.

Update! Pete writes in: "People are coming forward to help out from all over the globe. Some are providing some tips about the attackers, others analysis of the logs and possible exploit used. Once again the community rises up to help out.

"In the mean time I have mozdev here in my basement and am working on getting the data over to the new server which we just purchased w/ donations the community has given mozdev.

"The worst case scenario is I'll have mozdev back up in days (I hope) w/ CVS and some other minimal services. We can't use the old system anymore. It is running an OS that is very old and is the root of our problems."

Another Update! The German magazine Heise has a report on the attack. A rough English translation is available from Google.


#1 How pathetic

by Hymagumba

Saturday July 5th, 2003 1:21 PM

Reply to this message

It's amaizng people do stuff like this. There is no point in any of it - I could understand to an extent if you were attacking a company who had annoyed you but why mozdev? There is no money to be gained in it so it's strange why people do it apart from them being generally losers.

I hope you find the attacker Pete.

#6 Re: How pathetic

by Dobbins

Saturday July 5th, 2003 8:53 PM

Reply to this message

The people who do things like this are no different than teenagers who smash mailboxes or paint obscene graffiti on something. Often they have nothing against the target of thier vandalism, it's just "cool" to do it.

#2 Hrm...

by PsychoCS

Saturday July 5th, 2003 1:34 PM

Reply to this message

I wonder if that has to do with this (sorry about the Foxnews link, but it was given to me): <<http://www.foxnews.com/story/0,2933,90957,00.html>>

#4 Re: Hrm...

by PsychoCS

Saturday July 5th, 2003 1:35 PM

Reply to this message

Well links don't work like they used to here.

<http://www.foxnews.com/story/0,2933,90957,00.html>

#5 Not what it's supposed to be

by webgremlin <junk@transientweb.com>

Saturday July 5th, 2003 2:04 PM

Reply to this message

From what I read, the contest was supposed to be about defacements, not DOS. And it wasn't supposed to start until Sunday, I thought.

-wg <><

#25 Re: Hrm...

by wvh <wouter-mozzine@fort-knox.rave.org>

Monday July 7th, 2003 11:27 PM

Reply to this message

Sure, because what your "Department of Homeland Security" says, must be true. Surely it must have been terrorists with WMD's such as aol accounts. *snicker*

#3 Terrible

by nosebleed <nosebleed@myrealbox.com>

Saturday July 5th, 2003 1:34 PM

Reply to this message

This is just terrible, I was afraid that something like this had happened...

I also noticed that David Tenser's help site was down for some time but now it's back up.

#7 I wonder if there is a tracking technology to ....

by zookqvalem

Saturday July 5th, 2003 9:09 PM

Reply to this message

I wonder if it is possible for anyone to implement a tracking technology to track all of the incoming attack and trace it to the source somehow. It would be cool if anyone is able to develop this technology... Yea, bad thing is anyone can mask their identity....

#8 Re: I wonder if there is a tracking technology to

by minh

Saturday July 5th, 2003 10:30 PM

Reply to this message

IPv6?

#26 Re: I wonder if there is a tracking technology to

by wvh <wouter-mozzine@fort-knox.rave.org>

Tuesday July 8th, 2003 7:50 AM

Reply to this message

That's not possible, really. You'd have to sniff and track all major internet backbones, trace it further to smaller routers, determine the ISP from a part of the originating packets, and hope for help. Most likely, you'd find a compromised server. And don't forget the packets in most DoS attacks are spoofed.

You can't just catch a hacker (/cracker). If he's smart, he'll connect through a bunch of hacked systems in several locations to shield himself off. Something that takes out a whole machine on a fast net connection, is most likely not just a dude with a broadband internet connection, from that home connection.

Even when you manage to trace him back all the way to the first system he uses to operate through, that would be a 'secure root' (a very low maintenance hacked box) that doesn't log his presence at all, and if he doesn't log into it anymore (he could be using proxies...), there's no way you'll ever track down his home ip.

That's ofcourse assuming it's a smarter individual, instead of a dumbass script kiddie... Still, a DoS attack of an opensource site is a pretty lame thing to do.

#9 Another attack of the script kiddies?

by netdemon <netdemonz@yahoo.com>

Saturday July 5th, 2003 10:56 PM

Reply to this message

Don't they have anything better to do?

#10 Mon Bidoux

by offmdan

Sunday July 6th, 2003 6:50 AM

Reply to this message

Is Microsoft getting upset? Who knows, maybe Mozilla is making some breaks into IE's territory and some sympathizers don't appreciate it...

By the way. Is there a mailing address we can send checks to MozDev if we want to make donations? I tried with PayPal the other day and it wouldn't work so if we can have an alternative it would be nice.

#11 Re: Mon Bidoux

by petejc <pete@mozdev.org>

Sunday July 6th, 2003 8:18 AM

Reply to this message

Yes there is. Please send an email to me and i'll forward it to Dave who just got back in town.

Thanks

#12 Time to donate!

by alemine

Sunday July 6th, 2003 11:33 AM

Reply to this message

As soon as Mozdev will be available, I'll maka a good donation, Mozdev is too important for everyone.

#13 Don't let the bastards grind you down

by Persist

Sunday July 6th, 2003 2:54 PM

Reply to this message

The best you can do in a situation like this is draw the lessons to stop it happening again. I'm quite a newbie with computers, we only got this at christmas, so I don't know the ins and outs of how to make a server more secure or whatever, but I know what I like, and I like Firebird. It seems to me that the strength of Mozilla is that it's not monolithic, its more amorphous in nature. There's a world wide community that can help, not just by sending money, though that's obviously a good idea, but perhaps people could mirror parts of the so it isn't all gone if one server is taken down.

#14 Google and Altavista

by tseelee

Sunday July 6th, 2003 3:11 PM

Reply to this message

I'm curious. The translation from Google seems the same as from Altavista's Babelfish (babelfish.altavista.com). Anyone know if Google is using Altavista? I prefer Babelfish to Google's Language Tools page because it has more languages and loads faster (surprise!).

#17 Re: Google and Altavista

by minh

Sunday July 6th, 2003 10:52 PM

Reply to this message

Both translation services are provided by SYSTRAN. <http://www.systransoft.com/>

#15 Could the hacker contest be causing it?

by netdemon <netdemonz@yahoo.com>

Sunday July 6th, 2003 3:37 PM

Reply to this message

#16 Despicable and Shameful

by blacksheep

Sunday July 6th, 2003 10:17 PM

Reply to this message

When I tried to access the Mozdev website yesterday and couldn't, I suspected something like this might have happened. Reading about it just reinforces my opinion that somewhere, a line has been crossed. Mozdev has done nothing but loads of good by providing a free site for developers and users to come together in the interest of Mozilla apps. To disrupt such a service for no good reason other than "just because I can" is an act most abominable and smack of moral cowardice. The relevant authorities should be called in and the perpetrators must be pursued and convicted to the *FULLEST* extent of the law.

#18 Despicable and Shameful

by blacksheep

Monday July 7th, 2003 12:42 AM

Reply to this message

When I tried to access the Mozdev website yesterday and couldn't, I suspected something like this might have happened. Reading about it just reinforces my opinion that somewhere, a line has been crossed. Mozdev has done nothing but loads of good by providing a free site for developers and users to come together in the interest of Mozilla apps. To disrupt such a service for no good reason other than "just because I can" is an act most abominable and smack of moral cowardice. The relevant authorities should be called in and the perpetrators must be pursued and convicted to the *FULLEST* extent of the law.

#19 Guess who?

by watchman

Monday July 7th, 2003 1:50 AM

Reply to this message

Who had interests in doing such a thing? Who earns money if the Open Source name gets down?

#20 The site mozdev.org is running Apache/1.3.23

by mcbridematt

Monday July 7th, 2003 3:22 AM

Reply to this message

From <http://uptime.netcraft.co…up/graph/?host=mozdev.org>

PHP 4.2.1 ain't that old. But Apachge 1.3.23 definitely is

#21 Is there a mirror?

by kousik

Monday July 7th, 2003 4:47 AM

Reply to this message

Is mozdev.org mirrored somewhere?

#23 Re: Is there a mirror?

by alanjstr

Monday July 7th, 2003 9:20 AM

Reply to this message

The downloads are mirrored (search the forums), but not the www parts.

#22 The server's responding again...

by zontar

Monday July 7th, 2003 9:14 AM

Reply to this message

...but all the links give 404's so far. Guess it's taking them a while to get things reconfigured.

#24 Will AOL make donations to defend a "lone wolf"?

by Kommet

Monday July 7th, 2003 11:19 AM

Reply to this message

The evil side of me is wondering if we now approach the point where someone needs to grab the Spamhaus list and start making housecalls.

I know it is immoral as anything, but perhaps MSN, AOL/Time-Warner, Earthlink, Yahoo, eBay, and others might make under-the-table donations to pay the defense costs for someone who thinned the spammer/cracker/DOS-er herd a bit for us.

Bear with me for a minute here. If there were tangible risks involved for the crackers or spammers (who are often the same nowadays) they might think a little harder about fucking with our infrastructure. The FBI may be a deterrant to some, but they move parts of the business overseas (or never come to the US or UK in the first place) and feel pretty safe from official prosecution. A few dead high-profile spammers might make a stronger case to those who remain that it is time to polish up the resume and go find a legitimate job.

Word gets around to the script kiddies that we are not coming for their computers but for their hides and maybe they leave well enough alone.

When writing a virus becomes writing your own obituary, perhaps you just return to surfing for pr0n (preferably with Mozilla! ;-) ).

Killing abortion doctors is morally indefensible because a valid moral argument can be made for what they do for a living. Before you can claim that you are killing a murderer you have to win the argument that they are in fact murderers.

Spammers, virus writers, crackers, defacers, and their ilk have no such defense...

======================================

Please, nobody take this seriously. If you don't know what to make of this, go read "A Modest Proposal" by Jonathan Swift. If you still don't follow (or work for the Feds and are investigating me for making terrorist threats), look up hyperbole in the dictionary. Also note the subtle fact that I'm only making speculative remarks.