MozillaZine

Full Article Attached mozdev Downed by Denial of Service Attack

Saturday July 5th, 2003

Pete Collins of mozdev wrote in to tell us why the site has been unavailable since yesterday. It appears that mozdev was hit with a massive denial of service attack targetting the Bugzilla and CVSweb CGI scripts. Pete and the mozdev team are working hard to bring the site back up and they plan to report this incident to the FBI. If anyone has any information about the attack, get in touch with Pete at petejc@optonline.net.

Update! Pete writes in: "People are coming forward to help out from all over the globe. Some are providing some tips about the attackers, others analysis of the logs and possible exploit used. Once again the community rises up to help out.

"In the mean time I have mozdev here in my basement and am working on getting the data over to the new server which we just purchased w/ donations the community has given mozdev.

"The worst case scenario is I'll have mozdev back up in days (I hope) w/ CVS and some other minimal services. We can't use the old system anymore. It is running an OS that is very old and is the root of our problems."

Another Update! The German magazine Heise has a report on the attack. A rough English translation is available from Google.

#1 How pathetic

by Hymagumba

Saturday July 5th, 2003 1:21 PM

It's amaizng people do stuff like this. There is no point in any of it - I could understand to an extent if you were attacking a company who had annoyed you but why mozdev? There is no money to be gained in it so it's strange why people do it apart from them being generally losers.

I hope you find the attacker Pete.

#6 Re: How pathetic

by Dobbins

Saturday July 5th, 2003 8:53 PM

The people who do things like this are no different than teenagers who smash mailboxes or paint obscene graffiti on something. Often they have nothing against the target of thier vandalism, it's just "cool" to do it.

#2 Hrm...

by PsychoCS

Saturday July 5th, 2003 1:34 PM

I wonder if that has to do with this (sorry about the Foxnews link, but it was given to me): <http://www.foxnews.com/story/0,2933,90957,00.html>

#4 Re: Hrm...

by PsychoCS

Saturday July 5th, 2003 1:35 PM

Well links don't work like they used to here.

http://www.foxnews.com/story/0,2933,90957,00.html

#5 Not what it's supposed to be

by webgremlin

Saturday July 5th, 2003 2:04 PM

From what I read, the contest was supposed to be about defacements, not DOS. And it wasn't supposed to start until Sunday, I thought.

-wg <><

#25 Re: Hrm...

by wvh

Monday July 7th, 2003 11:27 PM

Sure, because what your "Department of Homeland Security" says, must be true. Surely it must have been terrorists with WMD's such as aol accounts. *snicker*

#3 Terrible

by nosebleed

Saturday July 5th, 2003 1:34 PM

This is just terrible, I was afraid that something like this had happened...

I also noticed that David Tenser's help site was down for some time but now it's back up.

#7 I wonder if there is a tracking technology to ....

by zookqvalem

Saturday July 5th, 2003 9:09 PM

I wonder if it is possible for anyone to implement a tracking technology to track all of the incoming attack and trace it to the source somehow. It would be cool if anyone is able to develop this technology... Yea, bad thing is anyone can mask their identity....

#8 Re: I wonder if there is a tracking technology to

by minh

Saturday July 5th, 2003 10:30 PM

IPv6?

#26 Re: I wonder if there is a tracking technology to

by wvh

Tuesday July 8th, 2003 7:50 AM

That's not possible, really. You'd have to sniff and track all major internet backbones, trace it further to smaller routers, determine the ISP from a part of the originating packets, and hope for help. Most likely, you'd find a compromised server. And don't forget the packets in most DoS attacks are spoofed.

You can't just catch a hacker (/cracker). If he's smart, he'll connect through a bunch of hacked systems in several locations to shield himself off. Something that takes out a whole machine on a fast net connection, is most likely not just a dude with a broadband internet connection, from that home connection.

Even when you manage to trace him back all the way to the first system he uses to operate through, that would be a 'secure root' (a very low maintenance hacked box) that doesn't log his presence at all, and if he doesn't log into it anymore (he could be using proxies...), there's no way you'll ever track down his home ip.

That's ofcourse assuming it's a smarter individual, instead of a dumbass script kiddie... Still, a DoS attack of an opensource site is a pretty lame thing to do.

#9 Another attack of the script kiddies?

by netdemon

Saturday July 5th, 2003 10:56 PM

Don't they have anything better to do?

#10 Mon Bidoux

by offmdan

Sunday July 6th, 2003 6:50 AM

Is Microsoft getting upset? Who knows, maybe Mozilla is making some breaks into IE's territory and some sympathizers don't appreciate it...

By the way. Is there a mailing address we can send checks to MozDev if we want to make donations? I tried with PayPal the other day and it wouldn't work so if we can have an alternative it would be nice.

#11 Re: Mon Bidoux

by petejc

Sunday July 6th, 2003 8:18 AM

Yes there is. Please send an email to me and i'll forward it to Dave who just got back in town.

Thanks

#12 Time to donate!

by alemine

Sunday July 6th, 2003 11:33 AM

As soon as Mozdev will be available, I'll maka a good donation, Mozdev is too important for everyone.

#13 Don't let the bastards grind you down

by Persist

Sunday July 6th, 2003 2:54 PM

The best you can do in a situation like this is draw the lessons to stop it happening again. I'm quite a newbie with computers, we only got this at christmas, so I don't know the ins and outs of how to make a server more secure or whatever, but I know what I like, and I like Firebird. It seems to me that the strength of Mozilla is that it's not monolithic, its more amorphous in nature. There's a world wide community that can help, not just by sending money, though that's obviously a good idea, but perhaps people could mirror parts of the so it isn't all gone if one server is taken down.

#14 Google and Altavista

by tseelee

Sunday July 6th, 2003 3:11 PM

I'm curious. The translation from Google seems the same as from Altavista's Babelfish (babelfish.altavista.com). Anyone know if Google is using Altavista? I prefer Babelfish to Google's Language Tools page because it has more languages and loads faster (surprise!).

#17 Re: Google and Altavista

by minh

Sunday July 6th, 2003 10:52 PM

Both translation services are provided by SYSTRAN. http://www.systransoft.com/

#15 Could the hacker contest be causing it?

by netdemon

Sunday July 6th, 2003 3:37 PM

http://apnews.excite.com/article/20030706/D7S48SVO0.html

#16 Despicable and Shameful

by blacksheep

Sunday July 6th, 2003 10:17 PM

When I tried to access the Mozdev website yesterday and couldn't, I suspected something like this might have happened. Reading about it just reinforces my opinion that somewhere, a line has been crossed. Mozdev has done nothing but loads of good by providing a free site for developers and users to come together in the interest of Mozilla apps. To disrupt such a service for no good reason other than "just because I can" is an act most abominable and smack of moral cowardice. The relevant authorities should be called in and the perpetrators must be pursued and convicted to the *FULLEST* extent of the law.

#18 Despicable and Shameful

by blacksheep

Monday July 7th, 2003 12:42 AM

When I tried to access the Mozdev website yesterday and couldn't, I suspected something like this might have happened. Reading about it just reinforces my opinion that somewhere, a line has been crossed. Mozdev has done nothing but loads of good by providing a free site for developers and users to come together in the interest of Mozilla apps. To disrupt such a service for no good reason other than "just because I can" is an act most abominable and smack of moral cowardice. The relevant authorities should be called in and the perpetrators must be pursued and convicted to the *FULLEST* extent of the law.

#19 Guess who?

by watchman

Monday July 7th, 2003 1:50 AM

Who had interests in doing such a thing? Who earns money if the Open Source name gets down?

#20 The site mozdev.org is running Apache/1.3.23

by mcbridematt

Monday July 7th, 2003 3:22 AM

From http://uptime.netcraft.com/up/graph/?host=mozdev.org

PHP 4.2.1 ain't that old. But Apachge 1.3.23 definitely is

#21 Is there a mirror?

by kousik

Monday July 7th, 2003 4:47 AM

Is mozdev.org mirrored somewhere?

#23 Re: Is there a mirror?

by alanjstr

Monday July 7th, 2003 9:20 AM

The downloads are mirrored (search the forums), but not the www parts.

#22 The server's responding again...

by zontar

Monday July 7th, 2003 9:14 AM

...but all the links give 404's so far. Guess it's taking them a while to get things reconfigured.

#24 Will AOL make donations to defend a "lone wolf"?

by Kommet

Monday July 7th, 2003 11:19 AM

The evil side of me is wondering if we now approach the point where someone needs to grab the Spamhaus list and start making housecalls.

I know it is immoral as anything, but perhaps MSN, AOL/Time-Warner, Earthlink, Yahoo, eBay, and others might make under-the-table donations to pay the defense costs for someone who thinned the spammer/cracker/DOS-er herd a bit for us.

Bear with me for a minute here. If there were tangible risks involved for the crackers or spammers (who are often the same nowadays) they might think a little harder about fucking with our infrastructure. The FBI may be a deterrant to some, but they move parts of the business overseas (or never come to the US or UK in the first place) and feel pretty safe from official prosecution. A few dead high-profile spammers might make a stronger case to those who remain that it is time to polish up the resume and go find a legitimate job.

Word gets around to the script kiddies that we are not coming for their computers but for their hides and maybe they leave well enough alone.

When writing a virus becomes writing your own obituary, perhaps you just return to surfing for pr0n (preferably with Mozilla! ;-) ).

Killing abortion doctors is morally indefensible because a valid moral argument can be made for what they do for a living. Before you can claim that you are killing a murderer you have to win the argument that they are in fact murderers.

Spammers, virus writers, crackers, defacers, and their ilk have no such defense...

======================================

Please, nobody take this seriously. If you don't know what to make of this, go read "A Modest Proposal" by Jonathan Swift. If you still don't follow (or work for the Feds and are investigating me for making terrorist threats), look up hyperbole in the dictionary. Also note the subtle fact that I'm only making speculative remarks.