Re: "suspicious" apache log entries
Ok. So it is good to warn owners of cracked boxes. Does that mean it
is good for me to walk into a house that has been robbed, and write a
note to the owner that it has been robbed?
In this case the analogy doesn't work so well, as the owner is more
likely going to notice that the place was done over. But in both cases
(robbed house, cracked box) my actions to try and warn the owner were
cases of illegal trespass.
Contacting the owner in a non-illegal manner still seems more
appropriate. If you are willing to go the trouble of exploiting a
nimda hole, when it shouldn't be too much extra work to look at the
web pages of the machine, and try and track down a used email address
I think you are opening yourself to unwarranted liability by secondary
cases of cracking. The admin (or house owner) will see evidence of
your activity, and there is nothing stopping them leaping to the
conclusion that you were responsible for the initial attack. On the
flip side, if it became an accepted practice, crackers could exploit a
tactic of secondary exploitation and putting up warning messages after
they have finished using the box.
Besides, the admin shouldn't only re-install from trusted media.
He/She should do some sort of analysis as to the nature of the attack,
what was exploited, what further computers were exposed, and possibly
feed this information on to either an appropriate law enforcement or
organizations like AusCert so they know what sort of attacks are going
on. Secondary attacks do lead to more work in these areas.
What you are saying does sound sort of reasonable. But it sounds like
it would be easy to take it too far in vigilante type of way. The line
gets very thin between
* make the computer beep and display a warning message
* make the sound card play music and display a w4rn1n6 message
* make the sound card play a voice over saying how stupid the owner
* makeing sure you delete all their files, so that potential real
crackers can't steal them
Each of these actions are supposedly for the benefit of the owner. But
you don't know if they are really going to appreciate them.
On Thu, Sep 12, 2002 at 11:14:37PM -0300, Peter Cordes wrote:
<snipped, to help prevent the extinction of those electronic trees>