I recently deployed a demo server for some work stuff, it has pretty nice security overall but it's a tiny server, and the security needs to be scaled; but it is just a demo.
Wrong, it began to be attacked so renlentless in one day the server restarted 4480 times due to running out of memory (400Mb is all it had available) as it kept being hammered by more requests than it could handle, who is DDoSing this shit wtf?...
I designed some optimizations on top, even though any sane developer would probably just have downloaded more ram, as to be fair, I take the challenge, it's taking it better, and I plan to deploy more optimizations, I mean sever running in a 1GB machine and is taking all this heat, hah... I wonder why, I am sure if I was in the botnet side I'd defeat my own server.
I then went through the http traffic logs, and realized something off, these attacks were garbage; the most script kiddie nonsense ever, all the way to fuzzying, where they just put random input hoping something works, that's like making a monkey do the hacking for you.
Then I realized a very small amount of these requests are marked as checks from American security companies particularly Palo alto networks it seems (I am not even in USA, I am in Finland), like some sort of bizarre advertising.
None of this makes sense to me, I have been around some Russian spyware attack and it wasn't this dumb and had a lot more social engineering involved; it was also incredibly silent, it was clever.
I once had an unsecured server, password 123456, don't ask me I was just doing some dumb testing and forgot it was facing the internet; they got in, dumped the empty database and restarted the server but not without making sure to leave all the traces possible to ensure I realize, including altering my tables.
I am going to put a tinfoil hat right now, it does seem that the intent is to annoy; yes they will download the data if they get the chance, but it seems like its primary purpose is to be annoying as hell.
What's to be earned?... Tinfoil hat 2.0, maybe that's how they get you enrolled with these American cybersecurity companies that will handle firewalling and SSL for you, they will solve it, make this all go away, so you don't have to worry; how is it possible some of them offer free plans?... cloudflare montlhy plans at 0$ month.
This doesn't add up, or rather is going to make me go full conspiracy. Maybe this is how they spy on people?... maybe that's how these cybersecurity companies can fend off real attacks to ensure competitors go away, while having some backdoor there for their own government.
Like I just can't make sense of any of this, it's so dumb; it's a waste of botnet. Are the hackers who made the botnets really that dumb?... is that the real explanation?... plain stupidity?...
It seems that the only safe thing to do is to use opensource tools.
I don't know if I am delirious right now, but anyway, I go check the logs again, let's see how it's going; 1GB vs the world.
[link] [comments]
from hacking: security in practice https://ift.tt/GNE38uP
Comments
Post a Comment