The "Freeola Customer Forum" forum, which includes Retro Game Reviews, has been archived and is now read-only. You cannot post here or create a new thread or review on this forum.
I just checked back on an old site I've been working on. Went to login, and it failed - the jist of the error was there was data missing from the database.
I logged into the database to find it empty, except for one table (name was a naughty word), with 2 columns, `q` and `w`, each with default values of naughty words, but no data actually in the table.
I wondered how they got in, so checked my FTP site and found I had a phpMyAdmin installation with automatic logon - ooops! My bad.
Fortunately there wasn't anything particularly sensitive on the database, and they were unable to get to my files. However, checking my server logs shows a record number of hits on any of my sites - 5800 unique hits so far this month, average of 200 per day. All refering hits were from porn sites or search queries designed to find unsecured phpMyAdmin installations.
I restored my database from backups, and removed the phpMyAdmin installation, but decided that wasn't enough. I want revenge! I've employed a few of my "hit counter" techniques on a new page in place of phpMyAdmin, along with a quaint little message:
Ooops!
Muhahaha! Let's track 'em down and seek revenge. Any thoughts on more specific ways to get revenge (legal if possible - and doable from my PC cos I can't be bothered to get up to seek revenge), would be welcomed.
NB: yes, I know I brought it on myself for leaving the insecure phpMyAdmin there, but that's not the point.....
I logged into the database to find it empty, except for one table (name was a naughty word), with 2 columns, `q` and `w`, each with default values of naughty words, but no data actually in the table.
I wondered how they got in, so checked my FTP site and found I had a phpMyAdmin installation with automatic logon - ooops! My bad.
Fortunately there wasn't anything particularly sensitive on the database, and they were unable to get to my files. However, checking my server logs shows a record number of hits on any of my sites - 5800 unique hits so far this month, average of 200 per day. All refering hits were from porn sites or search queries designed to find unsecured phpMyAdmin installations.
I restored my database from backups, and removed the phpMyAdmin installation, but decided that wasn't enough. I want revenge! I've employed a few of my "hit counter" techniques on a new page in place of phpMyAdmin, along with a quaint little message:
Oh dear, looks like someone fell into the honeypot!
Your IP address and details of all your visits have been carefully logged, and you have now been blacklisted.
Muhahaha! Let's track 'em down and seek revenge. Any thoughts on more specific ways to get revenge (legal if possible - and doable from my PC cos I can't be bothered to get up to seek revenge), would be welcomed.
NB: yes, I know I brought it on myself for leaving the insecure phpMyAdmin there, but that's not the point.....
Yeah, I picked that particular URL cos it's one of the few I can post in here without having to blank bits out.
Nimco wrote:
> I'm just checking through my access logs, and I have a lot of entries
> like this:
>
> 70.84.142.132 - - [29/Mar/2005:10:28:17 +0100] "GET /
> HTTP/1.1" 200 7434 "http://birdsinthe.net/"
> "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
>
> What exactly does that mean? Does it mean they came from that site to
> mine?
Looks like this site is running a bit of a scam. A newish trick is to spider or visit a site and leave a link in the sites logs. So rather than show an ISP name they drop in a web address. Legit search engine bots do it with a link pointing to an information page so that webmasters can get some additional info about the bot (how to exclude pages, etc.) Now others are using web logs as another method to spread the word. birdsinthe.net looks like it was a legit birding site up until the end of 2003 (archive.org) but now looks seems to have moved into the internet directory market as much as birding.
> I'm just checking through my access logs, and I have a lot of entries
> like this:
>
> 70.84.142.132 - - [29/Mar/2005:10:28:17 +0100] "GET /
> HTTP/1.1" 200 7434 "http://birdsinthe.net/"
> "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
>
> What exactly does that mean? Does it mean they came from that site to
> mine?
Looks like this site is running a bit of a scam. A newish trick is to spider or visit a site and leave a link in the sites logs. So rather than show an ISP name they drop in a web address. Legit search engine bots do it with a link pointing to an information page so that webmasters can get some additional info about the bot (how to exclude pages, etc.) Now others are using web logs as another method to spread the word. birdsinthe.net looks like it was a legit birding site up until the end of 2003 (archive.org) but now looks seems to have moved into the internet directory market as much as birding.
I'm just checking through my access logs, and I have a lot of entries like this:
70.84.142.132 - - [29/Mar/2005:10:28:17 +0100] "GET / HTTP/1.1" 200 7434 "http://birdsinthe.net/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
What exactly does that mean? Does it mean they came from that site to mine?
70.84.142.132 - - [29/Mar/2005:10:28:17 +0100] "GET / HTTP/1.1" 200 7434 "http://birdsinthe.net/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
What exactly does that mean? Does it mean they came from that site to mine?
I just checked back on an old site I've been working on. Went to login, and it failed - the jist of the error was there was data missing from the database.
I logged into the database to find it empty, except for one table (name was a naughty word), with 2 columns, `q` and `w`, each with default values of naughty words, but no data actually in the table.
I wondered how they got in, so checked my FTP site and found I had a phpMyAdmin installation with automatic logon - ooops! My bad.
Fortunately there wasn't anything particularly sensitive on the database, and they were unable to get to my files. However, checking my server logs shows a record number of hits on any of my sites - 5800 unique hits so far this month, average of 200 per day. All refering hits were from porn sites or search queries designed to find unsecured phpMyAdmin installations.
I restored my database from backups, and removed the phpMyAdmin installation, but decided that wasn't enough. I want revenge! I've employed a few of my "hit counter" techniques on a new page in place of phpMyAdmin, along with a quaint little message:
Ooops!
Muhahaha! Let's track 'em down and seek revenge. Any thoughts on more specific ways to get revenge (legal if possible - and doable from my PC cos I can't be bothered to get up to seek revenge), would be welcomed.
NB: yes, I know I brought it on myself for leaving the insecure phpMyAdmin there, but that's not the point.....
I logged into the database to find it empty, except for one table (name was a naughty word), with 2 columns, `q` and `w`, each with default values of naughty words, but no data actually in the table.
I wondered how they got in, so checked my FTP site and found I had a phpMyAdmin installation with automatic logon - ooops! My bad.
Fortunately there wasn't anything particularly sensitive on the database, and they were unable to get to my files. However, checking my server logs shows a record number of hits on any of my sites - 5800 unique hits so far this month, average of 200 per day. All refering hits were from porn sites or search queries designed to find unsecured phpMyAdmin installations.
I restored my database from backups, and removed the phpMyAdmin installation, but decided that wasn't enough. I want revenge! I've employed a few of my "hit counter" techniques on a new page in place of phpMyAdmin, along with a quaint little message:
Oh dear, looks like someone fell into the honeypot!
Your IP address and details of all your visits have been carefully logged, and you have now been blacklisted.
Muhahaha! Let's track 'em down and seek revenge. Any thoughts on more specific ways to get revenge (legal if possible - and doable from my PC cos I can't be bothered to get up to seek revenge), would be welcomed.
NB: yes, I know I brought it on myself for leaving the insecure phpMyAdmin there, but that's not the point.....