NYCPHP Meetup

NYPHP.org

[nycphp-talk] [OT] SSH security question

max max at neuropunks.org
Mon May 2 11:58:11 EDT 2005 

You are absolutely correct, this solution needs to be used (if at all) on a "disclaimer" basis, where you would understand what you are getting yourself into.
So far, in my case, my server never had a problem spamming some poor admin of a chinese ip block with literally over 5 thousand emails. All that does for me, is make a small dent in the bandwidth available to my server.
Plenty of my friends who saw this script called me a spammer and a script kiddy for generating all the traffic and abusing some poor sap's mailbox, but you know, untill the law that says your system's security is your legal responsibility is passed, i am definetely sticking to this solution.
On technical note, this script while sending out those emails for say an hour generates load ave of no more than 3, and 10mbit connection that this server is on handles the throughput with no problem, including replies and errors. 
But you're probably right, im just waiting for it... I just let the hatred to script kiddies, hack bots and clueless server admins get to me sometimes.


On Mon, May 02, 2005 at 11:52:01AM -0400, inforequest wrote:
> max max-at-neuropunks.org |nyphp dev/internal group use| wrote:
> 
> >I got really fed up with this, and since i do believe in a bit of 
> >vigilantism, i made a little perl script which gets called from procmail 
> >in root's dir on every occurance of those emails. The script sends one 
> >email per attempt to security/technical contact for the ip address/block.
> >
> 
> I understand your desire to be proactive, but now every port scan (which 
> has been judged by the power-that-be to not practically impact system 
> performance) on YOUR system runs a script, queries a flat file, 
> constructs and generates an email (with potential for logging everything 
> that may generate a warningor error or bounce or whatever).
> 
> Seems to me like you're feeding the trolls.
> 
> Are you setting your system up for more trouble? (not to mention the 
> added complexity of another event-driven automated script running on 
> your system at someone else's prompting... DOS oppty?).
> 
> -=john andrews
> _______________________________________________
> New York PHP Talk Mailing List
> AMP Technology
> Supporting Apache, MySQL and PHP
> http://lists.nyphp.org/mailman/listinfo/talk
> http://www.nyphp.org
>

More information about the talk mailing list