Jerame Davis

A Warning and Plea to Everyone

Filed By Jerame Davis | May 29, 2007 12:13 PM | comments

Filed in: Site News
Tags: denial of service attack, open proxy, site update, spam

After what has happened in terms of the sustained attacks we've received over the past few days, I think it's appropriate to send out a warning to all of our readers and the rest of the people out there on the IntarWebs...

I've spent the better part of a week fending off what are called spam-bots. These are really just scripts that jerks write who want to get past the spam filters on the comments and trackbacks sections of a website in order to post their own drivel like "Make your member larger" and "Buy Cialis" or "Come see my log-like male member". You know, the really high-brow kinds of comments everyone really wants on their site. *deadpans*

How they work is they use what's called anonymous open proxy servers to repeatedly and doggedly bombard a site's comment or trackback feature with spam messages. An over-simplified explanation of an anonymous proxy is rather like an old-school mail forwarding location (remember Mailboxes Etc.) that allows you to visit a website (or attack it) without exposing your own IP address (your address on the net) to the attacked computer. There are legitimate uses for them, but legitimate use is about 2% of the overall use of these proxies.

Anyway, the point of this is to send out a warning to all of you out there. Get some damned virus protection. I've had to ban over 100,000 IP addresses and counting from accessing any site on our server. A large chunk of those IP are attached to home computers, computers just like yours, that have been taken over by a virus and the owner doesn't even know it.

There are literally millions of what we geeks call "zombie bots" out there on the Internet that have been taken over by some asshole who is using someone's ignorance to attack our site and thousands of others.

So, if you find yourself blocked from this site or other sites in the future, run a virus scan. Check to see if you've been compromised. If you're running Windows, you're already 50 times more likely to be compromised and I can't even begin to calculate the likelihood of being targeted.

In this day and age it just amazes me to no end the number of people out there not protecting themselves and making the Internet a shitty place for the rest of us. Virus protection is cheap. Firewalls come built in for every major operating system. USE THEM PEOPLE!!! Otherwise, you're going to find yourselves repeatedly locked out, shut down, and that's not fun for anyone.

Which leads me to a special note to those webmasters and server administrators out there that have allowed their machines to get hacked and have become massive open proxy servers for millions of spam messages a day: You're all assholes. Put some basic protections on your systems! Run your updates regularly to patch the known vulnerabilities! And watch your freaking bandwidth usage! If one machine is attacking me enough to use 18+Mbps in bandwidth, your bandwidth usage has to be off the hook. Any trained monkey can look at a bandwidth usage graph and understand it. Perhaps you shouldn't be hosting websites if you're not going to be ensuring the security and integrity of the machines you're putting on the Internet.

We're still seeing attacks from time to time, but we've now automated the banning feature, so the attacks aren't sustained like they were before. I still have to intervene from time to time to refresh the banlist, but the jerks get added to it automatically now.

Please get some virus protection and a firewall on your computer folks. It's really not optional anymore. I can't stress this enough. Those of you without these basic protections ruin it for the rest of us. Please feel free to contact me (jerame at bilerico.com - replace the at with @ and put it all together) if you need help or advice in this area. I'd rather be bombarded with pleas for help than pleas to buy Viagra or see big boobs.


Recent Entries Filed under Site News:

Leave a comment

We want to know your opinion on this issue! While arguing about an opinion or idea is encouraged, personal attacks will not be tolerated. Please be respectful of others.

The editorial team will delete a comment that is off-topic, abusive, exceptionally incoherent, includes a slur or is soliciting and/or advertising. Repeated violations of the policy will result in revocation of your user account. Please keep in mind that this is our online home; ill-mannered house guests will be shown the door.


A. J. Lopp | May 29, 2007 2:07 PM

I'm so sorry, Jerame, that you have had to go through all this! As a former systems programmer on IBM mid-size mainframes, I know what fun it is to spend your holiday weekends doing systems and networking troubleshooting and patch-ups.

I'm sure there are many out there that are running Windows XP, as I do. For those of you with WinXP, here's a quick "Network Security for Dummies" rundown:

FIREWALL: For those of you who may not know, you turn the firewall ON and OFF by going to the Control Panel and clicking on the "Windows Firewall" applet. When you start this applet, the initial screen shows whether your firewall is ON. (And for gosh sakes, if you find that it is OFF, turn it ON immediately!)

Jerame may have different advice to give, but I would say that, in the absence of specific problems, it is OK to activate your "Exceptions" list --- these are programs that you may have installed that legitimately interact with webpages or servers out there on the Internet. However, you do have to be careful with this Exceptions list, because it is possible that a renegade program can install itself into your Exceptions list if your firewall has been down for a period.

If weird things are going on and you think you maybe are being attacked, you may want to turn the Exceptions off. If this does not solve the problem, the next thing you might want to try is going to the "Advanced" tab and clicking on the "Restore Default Settings" button. Unless you have tightened your firewall manually, this will usually tighten the settings on your firewall.

ANTI-VIRUS: There are several good anti-virus products available, but I'm intimately familiar with only one. I use Norton AntiVirus 2006 and have it configured to update itself automatically. It also does a complete local scan on my computer at least twice a week. I find that this works great, and I can highly recommend this product. It is commonly available at office stores such as Office Depot or Staples, available online at Amazon.com and many other software websites. The software manufacturer's website is www.symantec.com --- Of course, I'm running the 2006 version, but you should buy the latest version available.

(Jerame, feel free to correct me if any of the advice above is less than perfect.)

I think your advice is accurate, Allen. I would add that Norton Anti-Virus Personal edition is crappier than the Corporate edition, so if you have access to the corporate edition, use it instead. Anyone affiliated with Indiana University (or IUPUI or any satellite campus) has access to this software along with free virus definition updates.

There are also free anti-virus apps out there as well. Please don't install the first thing you find, do some research. Not all AV products work as advertised and some of them actually install their OWN spyware and other crud.

As for a firewall, you shouldn't need exceptions unless you're doing specific things - like file-sharing on a home network or some other things that require certain ports to be open. Most legitimate apps will install these exceptions for you, but you should regularly check your exceptions list for exceptions you didn't put there. Trust me, there are many many ways these jerks can alter your PCs settings to let themselves in.

The Windows XP (and Vista) built-in firewall is rather limited. It's a good start and should be enabled no matter what unless you know you are on a firewalled network. Even then it's probably better to leave it on when you're dealing with Windows.

Macs have a very robust firewall called iptables built right in. The interface that Apple provides for it isn't the greatest, but there are a million tutorials and GUI front-ends for iptables that can help you get a very sophisticated net filter up and running on Mac.

Linux people shouldn't need my help. If you can't setup a firewall in Linux, you shouldn't be on Linux. Period.

I can't reiterate enough these two things are NOT optional parts of computer use. The firewall is both your first and last line of defense. It's designed to both keep the junk out but also to keep any junk that does sneak in from being able to use you to spread more junk across the net. It's an absolutely essential part of surfing today's web...Just like anti-virus.

You must use anti-virus and you MUST keep it up to date! Do you buy a car and never have to do maintenance, upgrades, or add fuel? No - and the same goes for a computer. You have to take care of it or it will screw you over - just like a car that isn't taken care of.