Jump to content

Taunting 404 Pictures


bwall

Recommended Posts

So I made a bunch of taunting 404 images on my server after I kept getting people checking to see if I had phpmyadmin. I figured I'd share them, and see if anyone else has some good ones.

3673bj.jpg

3673e5.jpg

3673b7.jpg

3673ct.jpg

3673ge.jpg

Link to comment
Share on other sites

I took a different approach. Try it on mine, and it sends the request and URL to the FBI. I do however have a funny one for general timthumb searches.

RedirectMatch temp ^(.+)thumb(.+)php$ http://www.youtube.com/watch?v=iRyF5aP3B7c

Edited by digip
Link to comment
Share on other sites

I took a different approach. Try it on mine, and it sends the request and URL to the FBI. I do however have a funny one for general timthumb searches.

RedirectMatch temp ^(.+)thumb(.+)php$ http://www.youtube.com/watch?v=iRyF5aP3B7c

This got me thinking. Maybe we should make a collective of ips found vuln scanning us, and block them in Apache, fireBwall, and/or iptables. I already have a long list of people who tried to port scan firebwall.com, who are now dropped from the server. So the idea would be setup commonly scanned pages that are traps, that send the IP to the others who use the service, possibly via P2P communication. The same with port scans detected. Probably would be a good idea to have a timeout value on the IPs' bans, just long enough for people to update any vulnerable software they are running.

Link to comment
Share on other sites

ReL1K has a tool called artillery, that auto bans attacks. https://www.secmaniac.com/download/

The port traps are actually pretty easy to implement in iptables. Just add the ip to a list when it syns to the trap port, and set a rule to block any IP on that list. I am a fan of the honeypot approach, as I wrote http://honeyports.sourceforge.net/ a few years back, but what I'm proposing is a cross system P2P block list between trusted peers to stop attacks that your computers might not be vulnerable to, but someone else's could be. Or if they aren't vulnerable to something you are vulnerable to, getting the word to others that they should block communication with that IP. We could easily add a way for artillery to submit to this list. I'm thinking that it would be a daemon running on the machine, that anything with access could write to the "new blocked IP" file, and it would continually check if it had new entries, then upload them, while also managing the P2P communication from the others.

Link to comment
Share on other sites

The only flaw I see in the P2P model, is one node gets whacked, it propagates to all trusted nodes?? You would need to have a way to prompt each node, to authorize the changes, so its not automatic. Otherwise, someone who gets on a few trusted nodes could wreck havoc for the rest and bring down the defenses.

Link to comment
Share on other sites

The only flaw I see in the P2P model, is one node gets whacked, it propagates to all trusted nodes?? You would need to have a way to prompt each node, to authorize the changes, so its not automatic. Otherwise, someone who gets on a few trusted nodes could wreck havoc for the rest and bring down the defenses.

How would they be prompted? If they can only add IPs to be blocked, it would not be very effective at taking down defenses. If a false IP is added, maybe a message signed with an administrative key could be sent out to remove the IP from the list. I guess that would be generated for every P2P net that used it.

Link to comment
Share on other sites

How would they be prompted? If they can only add IPs to be blocked, it would not be very effective at taking down defenses. If a false IP is added, maybe a message signed with an administrative key could be sent out to remove the IP from the list. I guess that would be generated for every P2P net that used it.

I see what you are saying now. I thought that it was a trusted list for firewall rules in and outbound that was propagated between nodes. Like if someone blacklisted update servers and white listed their own to propagate rule changes, but if it only blocks failed hack attempts and sends just that list, then that would be fine.

Link to comment
Share on other sites

I see what you are saying now. I thought that it was a trusted list for firewall rules in and outbound that was propagated between nodes. Like if someone blacklisted update servers and white listed their own to propagate rule changes, but if it only blocks failed hack attempts and sends just that list, then that would be fine.

It might be a good idea to have a white list for stopping IPs from getting on the list, but that would be something static I would imagine. So machines can make sure they don't block their update servers.

Link to comment
Share on other sites

This got me thinking. Maybe we should make a collective of ips found vuln scanning us, and block them in Apache, fireBwall, and/or iptables. I already have a long list of people who tried to port scan firebwall.com, who are now dropped from the server. So the idea would be setup commonly scanned pages that are traps, that send the IP to the others who use the service, possibly via P2P communication. The same with port scans detected. Probably would be a good idea to have a timeout value on the IPs' bans, just long enough for people to update any vulnerable software they are running.

I think it would be funner to make a honey pot.

Figure out some way to exploit them when they try. Maybe make a botnet of script kiddies. Could be fun.

How hard would it be to use some common exploits that install some kind of malware that we can use to follow where they go, or even use them against each other. It would only effect the people that are obviously trying to hack the site.

Link to comment
Share on other sites

I think it would be funner to make a honey pot.

Figure out some way to exploit them when they try. Maybe make a botnet of script kiddies. Could be fun.

How hard would it be to use some common exploits that install some kind of malware that we can use to follow where they go, or even use them against each other. It would only effect the people that are obviously trying to hack the site.

Depends on your host provider, but more than likely, it would get your account canceled and possibly issues with the law in your jurisdiction. If it was your home machine, maybe not so, but your ISP might see it and block you from getting online. I have always liked the idea of traps though. If you break into my system, I see no reason not to have an offensive-defense setup, but I am not a lawyer, so don't know how that works.

Link to comment
Share on other sites

  • 3 weeks later...

r8GV6.gif

That's what my current 404 is.

Yeah, got that last night when I foobared my bookmarks trying to find the decoder page again...lol. Got it worked out now. Found it using badjojo..lol

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...