Fun with script kiddies

I am having far too much fun for a Sunday night. I ‘m at work tending to the datacenter when I receive a notice of an outgoing DoS attack. I scramble to find an ircbot/DoS perl script on the servers /tmp dir. It was most likely placed there through a crappiply coded web app.

I decide to view the source of the file and figure out what it does. Its coded in Spanish. I dont speek spanish but this isnt a huge deal. Its almost like reverse engineering a virus or worm. You have to assume that the variables are named to be misleading or vauge to make it harder on the person reverse engineering it.

So I figured out the irc server, port, name sceme and chans that it connects to and I configured iRCN to connect to them disguised as a part of the botnet.

Once connected I kill the pid for the bot on the infected server and watch it drop off in the bot net channel. How neat.

Now Im waiting for commands to be issued to me to start DoSing people. 🙂

I ‘m back!

Whats up people?! Wow its been a long time since I have posted to this site. I just looked at the logs and see that a TON of people are visiting for some reason; so I ‘m going to start posting all regular and stuff.

Man, a lot has happened since my last posts. I got a new gig as a linux administrator at an awesome local data center. The people I work with are amazingly cool, the environment is WAY laid back and the work is kinda fun.

My company, GuardianLogic, Inc. is doing some amazing stuff. I almost have metaguard (our login mechanism) ready to start selling. I have received a few emails asking about it already and the slowly growing traffic to the site is encouraging.

I just got published! ColdFusion Security Best Practices just ran in this months issue of ColdFusion Developers Journal. I have a few follow up articles that will be released on different cf news sites as well as a maillist and rss feed on ColdFusion and web application security. Check out guardianlogic.com for that (in a couple weeks).