Forced Access II

Posted by Viktoria Michaelis on November 24, 2013 in Internet, News & Opinion |

Is someone else trying to test out what I wrote yesterday, to see what happens when they try certain commands from the front end (what you see here) of my site? It certainly looks that way, until you read a little further down through the log and see that not only are the attempts close to one another – closer than most would be able to type – but that they are also from different IP addresses within the same string and, most interesting, caused or initiated by a Generic Java Crawler: a bot.

Viktoria Michaelis: Forced Access Logs

This tells me that someone out there is sweeping through the Internet and looking for blogs and websites with lax security or the ability for anyone to sign up as a contributor. It’s not some Chinese person behind drawn curtains in a back alley slum (I wrote a few days ago!), but an American person using a bot he or she has programmed in a small stinking, back alley office or den etc. etc.

Once upon a time I would have thought: Me? Not a chance. No one is likely to be interested in my small blog. Now, however, my thinking has changed and, as you can see from the several posts I’ve made or linked to on Internet security, there are good reasons behind this change.

It’s not about gaining access to some major website with influence any more. It’s about gaining access to any website which has vulnerabilities to exploit access to a complete server, to find personal information and to exploit unrestricted access, through that information, to a wider range of services including the ability to take over a server or site and use it as a base for further activities such as spamming.

Viktoria Michaelis: Personal Information

Photo Credit: katiemarinascott – Creative Commons

Finding vulnerabilities through one site – regardless of the software being used such as WordPress, Joomla, Drupal – gives an insight into possible access points in many more sites. An access point such as login.php can give a quick insight into how the software works to gain access to a wide range of other sites using exactly the same coding, the same systems. It can allow access, if the admin settings are loose, to such files as config.php which, in turn, gives access to the databank, the passwords and allows the attacker to get right into the root of a server.

For those of us running a simple site or blog such as this one, it can mean the end of many months, even years of hard work, the loss of everything we have created and many, many problems regaining it.

Security isn’t about having mortice locks on your front door, alarms against forced entry, cameras on the streets, it is about protection of the basics of your Internet life as well as personal information. It is an attack against your very soul, if you will. And this information, to my way of thinking, is worth protecting just as much as anything else that you may own, anything that a burglar might want to carry off in the middle of the night.

Anyone who doesn’t have adequate security on their website or blog is opening themselves up to losses which can hurt far more than material loss. A computer, a monitor, cash and jewelry, while painful to lose, can be replaced. But your posts and thoughts? The inner workings of your ind which you have compiled over many hours? They cannot be replaced. You might not be able to put a value on these things, but they have more worth than anyone imagines before they’re gone.

And yet such security measures are simple to install and, often, completely free of charge. A few clicks and you have all that you need, your security is good and, with the right software, constantly up-to-date. So, why don’t more people employ such security? The answer is simple: It won’t happen to me.

Sorry, but that’s the wrong way of thinking. Much better is: It won’t happen to me because I’m protected. Think about it for a while and then, make those few clicks and upgrade your security, before you find out the value of what you’ve created by losing it.

  • Viktoria Michaelis.

Tags: , , ,


  • Francois says:

    The tactic is to gain access to lower and lower levels of several machines until the attacker has a pool of servers for which root access is known.
    This pool is then used to mount real attacks against large web sites through distributed denial of service (the signature Anonymous technique) or, less often but more dangerous, to get into financial systems.
    The IP addresses on the logs mean nothing: they are very unlikely to match an actual domain. Same for the location, the likelihood that the attacker is actually in China or the US is the same: next to zero. It is interesting to look at the keywords of the URLs : crime, hidden.
    The attacker could also be a law enforcement agency in Germany / Europe.

    • In this case the IP set is one which has been recognized as someone (or something) actively out to gain access and is registered as such. Whether it is acting as a proxy for someone outside the USA makes little difference in the end, blocking the individual IPs or the whole set stops the attempts – from there. Of course, the attackers will simply move on when their IPs no longer gain as wide an access as they desire and, possibly, innocent users may be hit by the block when trying to visit individual sites which have them blacklisted but, to my way of thinking, the small loss is worth it when balanced against the greater danger.

      The attacker could be a law enforcement agency anywhere in the world, not just Europe. In the end it makes no difference. I don’t want them messing with my site, no mater who they are, so I will close and bolt my doors against them.

Leave a Reply

Your email address will not be published. Required fields are marked *

Copyright © 2010-2018 Viktoria Michaelis All rights reserved.
This site is using the Desk Mess Mirrored theme, v2.5, from BuyNowShop.com.

error: Content is protected !!