22nd of January 2005
Script Kiddies...
I just noticed someone has attempted to gain access to my machine this morning, around 5am, using no less than 81 webserver exploits. I've had this when I was connected directly to the 'net once, but they were all IIS hacks that were used (and failed, of course). These were a mixture of Windows-specific and Unix hacks.
What this fool failed to realise is that:
1. My logs were open and being monitored live (I'd been debugging scripts a few days ago)
2. I have little tolerance for people trying to hack me
3. Performing a traceroute back to his machine gave me his username (the network uses the owner's username as part of the hostname)
Now, I could have just sent my logs to I.S. and let them deal with the problem. However, I like to play with things a while before annihilation. So I used good old finger to get his full name, and noted that he is indeed a compsci. Plus he's one of this year's new intake. Tut tut, he really should be revising rather than attempting to be a h@><0r. So now that I had his name and email address, I decided to send him an email.
Mr <first name> <middle name> <last name>,
I'd just like to inform you that Information Services take network abuse very seriously, as do I. I have logged your recent attempted intrusion of my machine, and should I ever find any further attempts the logs will be sent to Information Services along with dates, times, IP address, name and username.
Matthew Lowe
I'd be willing to bet he has no idea how I got his username, or how I got his full name. I'd also be willing to bet he is bricking himself.