| *MinceR_ (n=mincer@unaffiliated/mincer) has joined #boycottnovell-social | May 01 02:08 | |
| *MinceR has quit (Read error: 110 (Connection timed out)) | May 01 02:18 | |
| *MinceR_ is now known as MinceR | May 01 07:49 | |
| *MinceR has quit (zelazny.freenode.net irc.freenode.net) | May 06 17:36 | |
| **** BEGIN LOGGING AT Wed May 6 17:44:41 2009 | ||
| *Now talking on #boycottnovell-social | May 06 17:44 | |
| *Topic for #boycottnovell-social is: Communication about anything, including Microsoft, Novell, and Free software [publicly logged] | May 06 17:44 | |
| *Topic for #boycottnovell-social set by schestowitz at Mon Mar 16 02:04:07 2009 | May 06 17:44 | |
| **** ENDING LOGGING AT Wed May 6 17:48:12 2009 | ||
| *Disconnected (Connection reset by peer). | May 07 05:40 | |
| **** ENDING LOGGING AT Thu May 7 05:40:09 2009 | ||
| **** BEGIN LOGGING AT Thu May 7 05:40:43 2009 | ||
| *Now talking on #boycottnovell-social | May 07 05:40 | |
| *Topic for #boycottnovell-social is: Communication about anything, including Microsoft, Novell, and Free software [publicly logged] | May 07 05:40 | |
| *Topic for #boycottnovell-social set by schestowitz at Mon Mar 16 02:04:07 2009 | May 07 05:40 | |
| *#boycottnovell-social :[freenode-info] if you're at a conference and other people are having trouble connecting, please mention it to staff: http://freenode.net/faq.shtml#gettinghelp | May 07 05:40 | |
| *MinceR_ (n=mincer@unaffiliated/mincer) has joined #boycottnovell-social | May 08 02:03 | |
| *MinceR has quit (Read error: 110 (Connection timed out)) | May 08 02:18 | |
| *MinceR_ is now known as MinceR | May 08 06:41 | |
| *Disconnected (Connection reset by peer). | May 08 11:07 | |
| **** ENDING LOGGING AT Fri May 8 11:07:59 2009 | ||
| **** BEGIN LOGGING AT Fri May 8 11:10:05 2009 | ||
| *Now talking on #boycottnovell-social | May 08 11:10 | |
| *Topic for #boycottnovell-social is: Communication about anything, including Microsoft, Novell, and Free software [publicly logged] | May 08 11:10 | |
| *Topic for #boycottnovell-social set by schestowitz at Mon Mar 16 02:04:07 2009 | May 08 11:10 | |
| **** BEGIN LOGGING AT Fri May 8 12:09:09 2009 | ||
| *Now talking on #boycottnovell-social | May 08 12:09 | |
| *Topic for #boycottnovell-social is: Communication about anything, including Microsoft, Novell, and Free software [publicly logged] | May 08 12:09 | |
| *Topic for #boycottnovell-social set by schestowitz at Mon Mar 16 02:04:07 2009 | May 08 12:09 | |
| *MinceR has quit (lindbohm.freenode.net irc.freenode.net) | May 14 01:49 | |
| *Disconnected (Remote host closed socket). | May 14 02:02 | |
| **** ENDING LOGGING AT Thu May 14 02:02:51 2009 | ||
| **** BEGIN LOGGING AT Thu May 14 02:03:22 2009 | ||
| *Now talking on #boycottnovell-social | May 14 02:03 | |
| *Topic for #boycottnovell-social is: Communication about anything, including Microsoft, Novell, and Free software [publicly logged] | May 14 02:03 | |
| *Topic for #boycottnovell-social set by schestowitz at Mon Mar 16 02:04:07 2009 | May 14 02:03 | |
| *MinceR_ (n=mincer@unaffiliated/mincer) has joined #boycottnovell-social | May 15 02:03 | |
| *MinceR has quit (Read error: 110 (Connection timed out)) | May 15 02:18 | |
| *MinceR_ is now known as MinceR | May 15 05:58 | |
| schestowitz | <schestowitz> <oiaohm> says: Pardon the pm. Just noticed boycottnovel does not have a hosted by. Yes I know it a small thing for cheep hosting its up to you if you want to offer that to tessier in thanks. | May 18 19:18 |
|---|---|---|
| schestowitz | <schestowitz> 130.88.190.131 | May 18 19:18 |
| schestowitz | <tessier> unblocked | May 18 19:18 |
| schestowitz | <tessier> You know the DOS'er is surely on the channel right? | May 18 19:18 |
| schestowitz | <tessier> I would recommend creating a separate secret channel like #bn or something which only we have access to for discussion of such things. | May 18 19:18 |
| schestowitz | <tessier> We do not want to let the attacker know they are inconveniencing us. That is their reward. | May 18 19:18 |
| schestowitz | <schestowitz> Right :-) | May 18 19:18 |
| schestowitz | <schestowitz> Go to #boyocttnovell-social | May 18 19:18 |
| schestowitz | <schestowitz> But I know everyone in #boyocttnovell. They are regulars | May 18 19:18 |
| schestowitz | <schestowitz> I kicked a suspicious one out | May 18 19:18 |
| schestowitz | <tessier> ok | May 18 19:18 |
| schestowitz | <schestowitz> :-) | May 18 19:18 |
| *tessier (n=treed@kernel-panic/sex-machines) has joined #boycottnovell-social | May 18 19:34 | |
| tessier | schestowitz: My one and only concern about hosting the site is possible bandwidth overages. I get 5mb/s at 95th percentile with the rack I'm renting at the datacenter. Any more than that and they charge hefty overages. | May 18 19:46 |
| tessier | We have definitely gone over that the past day or so. But our normal usage is well under so as long as the average comes out less than 5Mb/s we're fine. | May 18 19:47 |
| tessier | I am seriously considering getting into the managed hosting business though. | May 18 19:47 |
| tessier | So unless your ad revenue is a significant amount of money I might prefer to have an ad and maybe a little testimonial or something placed on the site instead. But not just yet. I need to get the copilotco.com page set up to pitch my managed hosting business. | May 18 19:48 |
| schestowitz | tessier: we're well below that rate, b/w-wise | May 18 19:48 |
| tessier | Only reason I might be reluctant to get into hosting is that there is already a lot of competition there. But my infrastructure is rather unique being virtualized with an AoE SAN and everything behind it. | May 18 19:48 |
| schestowitz | In April we did about 6gb/per (average) | May 18 19:49 |
| schestowitz | Then I cut down the RSS feeds | May 18 19:49 |
| schestowitz | Most people read BN as RSS | May 18 19:49 |
| schestowitz | Full text | May 18 19:49 |
| schestowitz | So after shartening, this month in May we did about 4gb/day, SEs included | May 18 19:49 |
| schestowitz | After outages we may have been dropped by Google in part, so maybe it's below that point | May 18 19:50 |
| tessier | I doubt google would drop you that fast | May 18 19:50 |
| schestowitz | tessier: sounds great to me | May 18 19:50 |
| schestowitz | The ad thing | May 18 19:50 |
| tessier | Just a couple of days shouldn't get you dropped. They don't even spider the full site that often. | May 18 19:50 |
| schestowitz | Go with it! | May 18 19:50 |
| tessier | Yeah...But going up against Rackspace is scary. | May 18 19:51 |
| schestowitz | tessier: I had such issues in schestowitz.com | May 18 19:51 |
| tessier | But I'm going to do it, for lack of any better ideas. | May 18 19:51 |
| schestowitz | Had issues in March 2008 | May 18 19:51 |
| schestowitz | I used to get like 2gb | May 18 19:51 |
| schestowitz | /day | May 18 19:51 |
| schestowitz | Then it dropped sharply, never returned since. That's why I was paranoid | May 18 19:51 |
| tessier | It isn't fully redundant just yet but once I get a little more hardware in here you should get fully redundancy so if the server hardware dies we can spin you up elsewhere in a matter of minutes and it will just look like a crash/reboot to you. I will get you spun off onto your own virtual machine in the near future as well. | May 18 19:52 |
| tessier | Currently a DoS on your site affects my own website, email, etc. | May 18 19:52 |
| tessier | How many unique ip's do you get looking at the site? | May 18 19:52 |
| schestowitz | I think about 3k/day on most days | May 18 19:52 |
| tessier | cool | May 18 19:52 |
| schestowitz | More if I make something like /. | May 18 19:53 |
| schestowitz | Slashdot ~=8k | May 18 19:53 |
| schestowitz | Digg ~=12k | May 18 19:53 |
| schestowitz | Depends on day/story | May 18 19:53 |
| schestowitz | BTW, MinceR is one of the good guys. | May 18 19:53 |
| schestowitz | As I said earlier, the people in #BN I recognise from a while back | May 18 19:53 |
| schestowitz | One potential spy from near Novell's HQ I kicked out yesterday. He uses mibbit | May 18 19:54 |
| schestowitz | Of course I contacted before kicking. Got ignored | May 18 19:54 |
| schestowitz | tessier: maybe I got blocklisted again? | May 18 20:08 |
| schestowitz | *black | May 18 20:08 |
| *[H]omer (n=[H]omer@moscow.perfect-privacy.com) has joined #boycottnovell-social | May 18 20:13 | |
| schestowitz | Hey | May 18 20:13 |
| [H]omer | Hello | May 18 20:13 |
| schestowitz | This is a private(r) place | May 18 20:13 |
| [H]omer | So ... why? | May 18 20:13 |
| schestowitz | We got DDOS | May 18 20:13 |
| schestowitz | tessier is the new host | May 18 20:13 |
| schestowitz | DDOSed for 4 days | May 18 20:13 |
| schestowitz | It abated some hours ago | May 18 20:13 |
| schestowitz | SJVN wants to write an article about this | May 18 20:13 |
| [H]omer | Just listening to RMS on Alex Jones | May 18 20:14 |
| schestowitz | Hectic, 2 days totally offline, old host keeping secret | May 18 20:14 |
| schestowitz | RMS on Jones... weird combo | May 18 20:14 |
| [H]omer | Did you trace the exit nodes and LART them? | May 18 20:14 |
| schestowitz | [H]omer: tessier got 10mbit/sec on BN+other server stuff | May 18 20:14 |
| schestowitz | The attacks are likely to have a motive | May 18 20:14 |
| [H]omer | Of course | May 18 20:15 |
| schestowitz | Based on what people told me | May 18 20:15 |
| schestowitz | Groklaw too | May 18 20:15 |
| schestowitz | But she doesn't talk about it | May 18 20:15 |
| [H]omer | I bet some of the persistent detractors on BN were behind it | May 18 20:15 |
| schestowitz | [H]omer: maybe the old host does the LARTing | May 18 20:15 |
| schestowitz | I'm not sure | May 18 20:15 |
| schestowitz | [H]omer: yes, they came to insult | May 18 20:16 |
| schestowitz | One minute after the new attacks began | May 18 20:16 |
| [H]omer | You should have banned then from day one | May 18 20:16 |
| schestowitz | One minute after tessier's server got whacked | May 18 20:16 |
| schestowitz | [H]omer: banned fhem from commenting? | May 18 20:16 |
| schestowitz | That won't do | May 18 20:16 |
| schestowitz | tessier gave just one IP | May 18 20:16 |
| schestowitz | tor.de | May 18 20:16 |
| schestowitz | SUSE>. | May 18 20:17 |
| schestowitz | ? | May 18 20:17 |
| [H]omer | I mean block their comments - don't encourage them | May 18 20:17 |
| schestowitz | They don't comment much | May 18 20:17 |
| schestowitz | Not anymore | May 18 20:17 |
| schestowitz | The Obrien shill shut up too | May 18 20:17 |
| [H]omer | That way they give up early, don't get involved, and aren't motivated to do things like DDoS | May 18 20:17 |
| schestowitz | O'Brian | May 18 20:17 |
| [H]omer | Dan O'Brian? | May 18 20:17 |
| schestowitz | Same with the Novell.com-hosted shills | May 18 20:17 |
| schestowitz | Esxcept De Icaza | May 18 20:17 |
| [H]omer | He was a vicious bastard | May 18 20:18 |
| [H]omer | o'Brian | May 18 20:18 |
| schestowitz | he's subscribed to us (I saw his IP daily) | May 18 20:18 |
| schestowitz | OBrian lives near Novell | May 18 20:18 |
| schestowitz | Refuses to say who he works for. Asked like 15 times about it (different people ask) | May 18 20:18 |
| [H]omer | I bet | May 18 20:18 |
| [H]omer | Novell for sure | May 18 20:18 |
| schestowitz | Not directly if so | May 18 20:18 |
| schestowitz | Maybe partner | May 18 20:18 |
| schestowitz | Let me paste something | May 18 20:19 |
| [H]omer | k | May 18 20:19 |
| schestowitz | Lawyer sent me this hours ago (one of the key ones in ODF): | May 18 20:19 |
| schestowitz | Here's something that someone whom I will anonymise just sent: | May 18 20:19 |
| schestowitz | I should have added that I've had a lot of experience with people | May 18 20:19 |
| schestowitz | trying to shut me up and discredit me since I first became a citizen | May 18 20:19 |
| schestowitz | activist on the herbicide issue back in 1978. Anyone who believes that | May 18 20:19 |
| schestowitz | multinational companies don't play down and dirty never called | May 18 20:19 |
| schestowitz | bullshit on one effectively. | May 18 20:19 |
| schestowitz | Don't know if you have time to read, but I attach a paper my Ex and I | May 18 20:19 |
| schestowitz | wrote in 1985 documenting an industry-inspired campaign to smear our | May 18 20:19 |
| schestowitz | reputations that was carried out by law enforcement officials. The | May 18 20:19 |
| schestowitz | bastard behind it, Ron Arnold, went on to draft the Republican | May 18 20:19 |
| schestowitz | presidential election platform's environmental plank for Bush 1's | May 18 20:19 |
| schestowitz | unsuccessful re-election campaign. But he was working for the Ag-Chem | May 18 20:19 |
| schestowitz | industry at the time. | May 18 20:19 |
| schestowitz | Happened after that article was written, but we eventually won our | May 18 20:19 |
| schestowitz | follow-up lawsuit and got the bullshit stopped. We also got a ruling | May 18 20:19 |
| schestowitz | out of the Ninth U.S. Circuit Court of Appeals that when police | May 18 20:19 |
| schestowitz | helicopters are flying so low that they're knocking the apples off | May 18 20:19 |
| schestowitz | your trees, the limits of the 4th Amendment are transgressed. The Feds | May 18 20:19 |
| schestowitz | settled after that ruling. | May 18 20:19 |
| schestowitz | Wish I could say that was the only time I had to cope with such | May 18 20:19 |
| schestowitz | miscreants. But my experience with rattling industry cages is that | May 18 20:19 |
| schestowitz | being on the receiving end of dirty tricks is the norm rather than the | May 18 20:19 |
| schestowitz | exception, if you're good at rattling. Anonymous death threats, phone | May 18 20:19 |
| schestowitz | taps, people jumping out of alleys to fire a flashbulb in your eyes, | May 18 20:19 |
| schestowitz | being tailed more or less constantly, being libeled and slandered, | May 18 20:19 |
| schestowitz | it's all just part of doing business to those corporate types. The one | May 18 20:19 |
| schestowitz | thing that was uniformly true, however, is that they work through | May 18 20:19 |
| schestowitz | proxies. I've managed to rip the lid off their hideyholes a few times | May 18 20:19 |
| schestowitz | when they got too brazen. | May 18 20:19 |
| schestowitz | But most of the time, I let the small crap go by because otherwise I | May 18 20:19 |
| schestowitz | get sucked away from the reform work that caused them to aim the | May 18 20:19 |
| schestowitz | proxies at you. E.g., I've got XXXXX and XXXXX dead to rights | May 18 20:19 |
| schestowitz | for deliberately smeari | May 18 20:19 |
| schestowitz | smearing my reputation with lies. But I'd have to set | May 18 20:19 |
| schestowitz | aside my standards reform work to hack through all the lawyers who | May 18 20:19 |
| schestowitz | would defend them. And in the end, XXXXXXXXXX would pay the damages rather | May 18 20:19 |
| schestowitz | than them. It was a sucker punch, a tar baby to suck me off the reform | May 18 20:19 |
| schestowitz | work, and I didn't draw to it. | May 18 20:19 |
| schestowitz | Keeping your eye on the ball and winning is the sweetest revenge for | May 18 20:19 |
| schestowitz | such bullshit. Today's radical is tomorrow's establishment. | May 18 20:19 |
| schestowitz | -- | May 18 20:20 |
| schestowitz | gnote is now in Ubuntu | May 18 20:20 |
| schestowitz | Someone whispered this to me | May 18 20:20 |
| schestowitz | Same with Debian and Fedora | May 18 20:20 |
| [H]omer | hopefully that mono crap will finally be depreciated | May 18 20:21 |
| schestowitz | tessier: I seem to be blacklisted on HTTP | May 18 20:21 |
| schestowitz | Red Hat will put it in F12 panel (gnote) | May 18 20:22 |
| schestowitz | I.e. GNOME loses the Tomboy | May 18 20:22 |
| schestowitz | T1emann told me he hates Mono | May 18 20:23 |
| [H]omer | Tiemann? | May 18 20:24 |
| schestowitz | Yes | May 18 20:24 |
| [H]omer | Who's he? | May 18 20:24 |
| schestowitz | They appreciate those who live on the edge as activists | May 18 20:24 |
| schestowitz | OSI President. Regular reader | May 18 20:24 |
| schestowitz | Sends me tips sometimes | May 18 20:24 |
| [H]omer | Ah | May 18 20:24 |
| [H]omer | I'm talking in #blag on IndyMedia ATM too, so a bit distracted | May 18 20:25 |
| schestowitz | Tips as in ideas | May 18 20:25 |
| schestowitz | Not money | May 18 20:25 |
| schestowitz | I never made a dime from BN | May 18 20:25 |
| schestowitz | BLAG gets talked about | May 18 20:25 |
| schestowitz | Because of the Mono policy | May 18 20:26 |
| schestowitz | This spread to Ubuntu Forums and IRC channels | May 18 20:26 |
| [H]omer | Actually, BLAG has not yet blocked mono, but does not distribute by default | May 18 20:28 |
| [H]omer | I'm working on that | May 18 20:28 |
| tessier | blacklisted again? Hrm.... | May 18 20:32 |
| tessier | Oh, and it wasn't the DDoS that was doing 10mb. I just found out. | May 18 20:32 |
| tessier | It was the backup of all of your data to Amazon S3 which is my off-site backup provider. | May 18 20:32 |
| tessier | Normally I just do differentials and it isn't noticeable. But you added a bunch of stuff which took a while. | May 18 20:33 |
| schestowitz | Hehe. | May 18 20:33 |
| schestowitz | tessier: thanks, sorry for being blacklisted all the time. I'm not trying :-) | May 18 20:34 |
| schestowitz | tessier: did you find out what had me blacklisted? The HTTP port denies my access | May 18 20:56 |
| tessier | You are still blacklisted on http? It should time out after a while if I understand this right... | May 18 21:05 |
| schestowitz | Yeah... I hope so. :-) Been like an hour | May 18 21:05 |
| tessier | I found and fixed a bug in the whitelisting. So hopefully you will not be blocked again. | May 18 21:56 |
| tessier | I see lots of traffic going to the site while lots of other traffic being rejected. So hopefully everything is working well. The load on the server is pretty reasonable at .1 and the bandwidth problem was fixed (off-site backup of all of the data you uploaded) so I think we're good. | May 18 21:57 |
| schestowitz | Thanks! | May 18 22:50 |
| schestowitz | tessier: did you see message from old host? | May 18 22:50 |
| schestowitz | They'll give the data | May 18 22:50 |
| schestowitz | <schestowitz> "We apologize for the delay. The Abuse and Security team does not yet have as many people working during the weekend and non-regular-business hours. | May 18 22:50 |
| schestowitz | <schestowitz> We are creating an account package for this account, which we will make available for downloading once the creation process has completed. | May 18 22:50 |
| schestowitz | <schestowitz> Please let us know if you have additional comments or concerns regarding this issue." | May 18 22:50 |
| schestowitz | Does anyone know how to set up ChanServ? I think [H]omer knows. We'll worry about ti later :-) | May 18 22:51 |
| *tacone (i=9753217c@gateway/web/ajax/mibbit.com/x-e03a8d8242fde316) has joined #boycottnovell-social | May 18 23:13 | |
| schestowitz | Hi, tacone | May 18 23:14 |
| schestowitz | Do you know how to set up ChanServ? | May 18 23:14 |
| schestowitz | Anyway, about the DDOS, tessier said they had given up by now | May 18 23:14 |
| tacone | well i'm not an expert on chanserv. i'd end up googling about that. | May 18 23:15 |
| schestowitz | But we don't say it in public or in the channel that could have the attacker spy for fun | May 18 23:15 |
| tacone | right | May 18 23:15 |
| schestowitz | We made this channel some months ago for off-topic chats | May 18 23:15 |
| tacone | anyway i told you, it's a script kiddie | May 18 23:15 |
| tacone | or someone with no real interest in getting the site down | May 18 23:15 |
| schestowitz | More likely | May 18 23:15 |
| tacone | real = paied by someone | May 18 23:15 |
| schestowitz | That chap who gloated about it 1 minutes after the attack began is suepct | May 18 23:15 |
| tacone | it's just some idiot. probably a mono fan | May 18 23:16 |
| schestowitz | People who hate the site or the companies, based on what I was told | May 18 23:16 |
| schestowitz | They can create incentives | May 18 23:16 |
| tacone | i mean | May 18 23:16 |
| tacone | i wouldn't be surprise if it was the one you wrongly told is a canonical employee | May 18 23:17 |
| tacone | im not saying it's him | May 18 23:17 |
| tacone | but someone like him. with no business interest. | May 18 23:17 |
| schestowitz | How do I run a checksum test ona file? | May 18 23:17 |
| schestowitz | I guess I could find it | May 18 23:17 |
| schestowitz | *out | May 18 23:17 |
| schestowitz | Never mind | May 18 23:17 |
| schestowitz | Shane: "Finally. Let me know when that is completed and verified as having all you need, then I'm cancelling my Surpass account. This whole process was unnecessarily opaque and absurd." | May 18 23:18 |
| tacone | md5 ? | May 18 23:19 |
| tacone | md5sum command returns the md5sum of a file | May 18 23:20 |
| schestowitz | [boycottn@mail old_account_surpass]$ wget http://pass3.dizinc.c[HIDDEN] --15:07:12-- http://pass3.dizinc.com/cpmove-boycottn.tar.gz | May 18 23:20 |
| schestowitz | Resolving pass3.dizinc.com... 72.29.75.151 | May 18 23:20 |
| schestowitz | Connecting to pass3.dizinc.com|72.29.75.151|:80... connected. | May 18 23:20 |
| schestowitz | HTTP request sent, awaiting response... 200 OK | May 18 23:20 |
| schestowitz | Length: 3098668142 (2.9G) [application/x-gzip] | May 18 23:20 |
| schestowitz | Saving to: `cpmove-boycottn.tar.gz' | May 18 23:20 |
| schestowitz | 33% [===========> ] 1,026,540,720 598K/s eta 52m 56s | May 18 23:20 |
| tacone | you can use grep to compare it with a given value | May 18 23:20 |
| schestowitz | Don't get it | May 18 23:20 |
| schestowitz | But to show you 'security' | May 18 23:20 |
| schestowitz | They basically put it out there for download | May 18 23:20 |
| schestowitz | And delete at the end | May 18 23:21 |
| schestowitz | Not secure | May 18 23:21 |
| schestowitz | Just to show you how they get it wrong | May 18 23:21 |
| schestowitz | We expected some access to SFTP ot something | May 18 23:22 |
| schestowitz | *or | May 18 23:22 |
| tacone | sigh | May 18 23:23 |
| schestowitz | Got backup, running md5sum | May 19 00:17 |
| schestowitz | checksum OK | May 19 00:20 |
| schestowitz | gunzipping | May 19 00:20 |
| *tacone has quit ("http://www.mibbit.com ajax IRC Client") | May 19 00:24 | |
| *oiaohm (n=oiaohm@unaffiliated/oiaohm) has joined #boycottnovell-social | May 19 02:12 | |
| schestowitz | oiaohm: here we talk about DDOS to keep away from potential spies | May 19 02:14 |
| schestowitz | <oiaohm> Saying this in pm just because the walls might have ears. Next type of attack can be trying to over fill the mysql database with comments. | May 19 02:15 |
| schestowitz | <oiaohm> So have the backup if they try that it don't work. | May 19 02:15 |
| schestowitz | <schestowitz> oiaohm i make bi-daily BUs | May 19 02:15 |
| schestowitz | <oiaohm> Just until we know if they will attempt that path or not. | May 19 02:15 |
| schestowitz | Re: all that, let's hope it's over | May 19 02:15 |
| schestowitz | I'm going to make local backups now too | May 19 02:15 |
| oiaohm | Old saying be prepared. | May 19 02:15 |
| oiaohm | If prepared for it no where near has harmful. | May 19 02:16 |
| schestowitz | Yes | May 19 02:17 |
| schestowitz | I made backups all over the place | May 19 02:17 |
| schestowitz | So data is safe | May 19 02:18 |
| oiaohm | I am crossing fingers its over. | May 19 02:19 |
| schestowitz | I'm ust trying to stay aware until tessier gets back | May 19 02:19 |
| schestowitz | Not much news today, so I can afford the time that's needed to do all this | May 19 02:20 |
| tessier | Whats up? | May 19 04:53 |
| tessier | schestowitz: I backup everything to Amazon S3 also. Please don't keep large redundant tar files or anything inside your account. Keeping your own off-site backup on your local machine or whatever with rsync may not be a bad idea though. | May 19 04:54 |
| tessier | More copies are always good. | May 19 04:54 |
| schestowitz | tessier: yes, I am already taking them off server. | May 19 08:43 |
| tessier | cool | May 19 08:58 |
| schestowitz | <schestowitz> One last thing | May 19 09:02 |
| schestowitz | <schestowitz> [boycottn@mail ~]$ ls -la *.sql | May 19 09:02 |
| schestowitz | <schestowitz> -rw-r--r-- 1 boycottn boycottn 11720891 May 18 14:30 boycottn_wiki.sql | May 19 09:02 |
| schestowitz | <schestowitz> -rw-r--r-- 1 boycottn boycottn 222203324 May 18 14:31 boycottn_wrdp1.sql | May 19 09:02 |
| schestowitz | <schestowitz> -rw------- 1 boycottn boycottn 3636 May 18 17:09 mysql.sql | May 19 09:02 |
| schestowitz | <schestowitz> [boycottn@mail ~]$ pwd | May 19 09:02 |
| schestowitz | <schestowitz> /home/boycottn | May 19 09:02 |
| schestowitz | <schestowitz> There are the two DBs we need to put it. mysql.sql might help you (ignore boycottn_wrdp2 and boycottn_wrdp3 | May 19 09:02 |
| schestowitz | <schestowitz> Then we're done :-) | May 19 09:02 |
| schestowitz | <schestowitz> Maybe make backup of existing DBs before replacing them, just in case | May 19 09:02 |
| *oiaohm has quit (Remote closed the connection) | May 19 13:38 | |
| *Balrog_ (n=BRBT@livecd.ist.temple.edu) has joined #boycottnovell-social | May 19 17:57 | |
| Balrog_ | what /is/ in here? | May 19 17:58 |
| schestowitz | Just off-topic usually | May 19 17:58 |
| schestowitz | We don't talk about eh DDOS in the main channel | May 19 17:58 |
| schestowitz | In case the attacker is watching | May 19 17:58 |
| *balzac (n=balzac@173-45-238-81.slicehost.net) has joined #boycottnovell-social | May 19 17:59 | |
| balzac | what's new man? | May 19 17:59 |
| schestowitz | We were DDOSed | May 19 17:59 |
| schestowitz | Thursday to Money | May 19 17:59 |
| balzac | sweet | May 19 17:59 |
| schestowitz | Got us in hot water with the Web host too | May 19 17:59 |
| schestowitz | So we found a better host, who is also a BN supporter | May 19 17:59 |
| balzac | good deal | May 19 18:00 |
| schestowitz | Were were totally offline for 2+ days | May 19 18:00 |
| schestowitz | And I was unable to post some important stuff | May 19 18:00 |
| schestowitz | I'll catch up gradually. I have some good new findings to publicise | May 19 18:00 |
| balzac | well, at least it shows someone cares enough to attack your site | May 19 18:00 |
| schestowitz | Yes | May 19 18:01 |
| schestowitz | That's the 'least' of a 'reward' | May 19 18:01 |
| schestowitz | That we are attacked | May 19 18:01 |
| schestowitz | Wait | May 19 18:01 |
| balzac | I'm sure they care a lot | May 19 18:01 |
| schestowitz | I have new mail from a journalist asking about the attacj | May 19 18:01 |
| balzac | I'm sure they cry a lot about your site in Redmond | May 19 18:01 |
| schestowitz | balzac: we did 200gb last month | May 19 18:01 |
| schestowitz | Or more than that | May 19 18:01 |
| schestowitz | That's a lot | May 19 18:01 |
| schestowitz | I hope the downtime didn't do too much damage. | May 19 18:02 |
| schestowitz | Because we got good pace in April | May 19 18:02 |
| balzac | "Personally I’m tired of Microsoft’s passive stance on allowing their customer’s computers to be used as Internet versions of Typhoid Mary." | May 19 18:02 |
| balzac | That's a good line | May 19 18:02 |
| balzac | they are the typhoid mary of the internet | May 19 18:02 |
| schestowitz | Yes, I know | May 19 18:02 |
| schestowitz | That's another angle to the DDOS | May 19 18:03 |
| schestowitz | Blaming Windows | May 19 18:03 |
| schestowitz | Not just Microsoft/Novell/Mono fans/SUSE fans or whoever the ringleader or prick or script kiddie or incentiviser is | May 19 18:03 |
| balzac | The bad news for Microsoft is always welcome to me | May 19 18:05 |
| schestowitz | Burying the truth? Boycott Novell hit by Denial of Service attack < http://blogs.computerworld.com/burying_the_truth_boycott_novell_hit_by_denial_of_service_attack > | May 19 18:05 |
| Balrog_ | schestowitz: why in hot water? | May 19 18:05 |
| Balrog_ | can someone respond to this comment on the computerworld page? | May 19 18:07 |
| Balrog_ | "Please correct me if I'm wrong, but couldn't boycott Novell simply setup a dedicated firewall, disable the NAT, bridge the connections and have the firewall act as a proxy for the web server? You could configure the firewall rules to block attempted meta queries. An open source solution like Untangled would work fine. | May 19 18:07 |
| Balrog_ | " | May 19 18:07 |
| Balrog_ | I understand that you did do filtering which was exactly that | May 19 18:07 |
| schestowitz | iptables and squid | May 19 18:08 |
| schestowitz | They changed strategy | May 19 18:08 |
| schestowitz | Gave up yesterday | May 19 18:08 |
| schestowitz | tessier manages it | May 19 18:08 |
| schestowitz | The other host struggled for like 10 hours, then pulled the plug | May 19 18:08 |
| schestowitz | I told them I thought it was DDOS | May 19 18:09 |
| Balrog_ | yeah. Did you get all the data back? | May 19 18:09 |
| Balrog_ | (from the other host) | May 19 18:09 |
| schestowitz | Almost | May 19 18:09 |
| Balrog_ | ...and what did they say? | May 19 18:09 |
| schestowitz | tessier will put back the latest DBs soon | May 19 18:09 |
| schestowitz | Then I'll need to marge | May 19 18:09 |
| schestowitz | merge | May 19 18:09 |
| schestowitz | Should take an hour or so, then it's back to business | May 19 18:09 |
| schestowitz | I merge manually when the new DB is loaded | May 19 18:09 |
| Balrog_ | then the comments will work again? | May 19 18:10 |
| schestowitz | Yes | May 19 18:12 |
| Balrog_ | great. | May 19 18:12 |
| schestowitz | I will restore everything | May 19 18:12 |
| Balrog_ | you should have put something on the site like 'due to technical difficulties, comments are broken. They will be back up soon.' | May 19 18:13 |
| Balrog_ | comments are important for transparency | May 19 18:13 |
| schestowitz | Balrog_: I said nothing abour problems | May 19 18:13 |
| balzac | I love that bad news for M$ | May 19 18:13 |
| schestowitz | Not yet anyway | May 19 18:13 |
| schestowitz | Want to ensure we know where we stand first | May 19 18:13 |
| Balrog_ | schestowitz: you don't have to say it's a DDOS or anything | May 19 18:13 |
| Balrog_ | just 'technical difficulties' is sufficient | May 19 18:13 |
| schestowitz | Too late. They wrote about it | May 19 18:14 |
| schestowitz | I said it at first | May 19 18:14 |
| schestowitz | After one hour I was advised to delete the post | May 19 18:14 |
| Balrog_ | you mean the computerworld article? | May 19 18:14 |
| schestowitz | Because it encourages the attacker | May 19 18:14 |
| schestowitz | Balrog_: yes | May 19 18:14 |
| Balrog_ | ah. :( | May 19 18:14 |
| schestowitz | I didn't know he'd write about it | May 19 18:14 |
| schestowitz | We just exchanged some mails. Other people too | May 19 18:14 |
| Balrog_ | is there any other way to prevent ddos? | May 19 18:14 |
| schestowitz | Shane is dumping the old host | May 19 18:14 |
| balzac | Microsoft is also slashing its expenditure on travel, vendors, and contractors; as well as canceling its once-a-year picnic. | May 19 18:14 |
| schestowitz | They were nor responsive, BUT.. | May 19 18:15 |
| schestowitz | Now we know why | May 19 18:15 |
| schestowitz | They were understaffed in weekends | May 19 18:15 |
| balzac | I love that bit about the once-a-year picnic | May 19 18:15 |
| Balrog_ | ahhh. | May 19 18:15 |
| schestowitz | So they just waited until Monday for attention | May 19 18:15 |
| schestowitz | Not acceptable said Shane | May 19 18:15 |
| balzac | I'm all in favor of picnics for everyone, but that's a good sign | May 19 18:15 |
| Balrog_ | still, a dedicated server is better | May 19 18:15 |
| Balrog_ | though 10mbps may not be sufficient | May 19 18:15 |
| schestowitz | What do you mean? | May 19 18:15 |
| Balrog_ | you're on a 10mbps internet connection, right? | May 19 18:16 |
| Balrog_ | (the server) | May 19 18:16 |
| schestowitz | I think more | May 19 18:17 |
| Balrog_ | ok. | May 19 18:18 |
| balzac | Roy, I wondered if M$ might get friendly with BSD | May 19 18:18 |
| schestowitz | the Sldekick thing? | May 19 18:18 |
| balzac | YTMND, Roy | May 19 18:19 |
| Balrog_ | balzac: I don't think BSD cares | May 19 18:19 |
| balzac | It does me good to know you're tearing at Microsoft every day | May 19 18:19 |
| Balrog_ | though they are rather naive | May 19 18:19 |
| schestowitz | ? | May 19 18:19 |
| schestowitz | http://en.wikipedia.org/w/index.php?title=Special:Search&search=YTMND. | May 19 18:19 |
| schestowitz | Mom and Pop business: http://techdirt.com/articles/20090518/0211554920.shtml (Husband Sues Google For Patent Infringement; Wife Sues Google For Trademark Infringement) | May 19 18:20 |
| balzac | http://www.youtube.com/watch?v=1d8yMTQCFLA | May 19 18:21 |
| schestowitz | Former College Journalists Learning That Google Is Their Permanent Record < http://techdirt.com/articles/20090517/0157054903.shtml > | May 19 18:23 |
| schestowitz | balzac: BTW, the attacks ceased around yesterday at 12. We still need to restore some missing data from old backups. Fingers crossed... | May 19 18:26 |
| balzac | I hope nothing is lost | May 19 18:39 |
| schestowitz | Shouldn't be | May 19 18:39 |
| *balzac (n=balzac@173-45-238-81.slicehost.net) has left #boycottnovell-social | May 19 18:39 | |
| tessier | Balrog_: bn will soon be on its own virtual machine in my hosting cluster. So it will have all the resources it could possibly need. We can burst up to 10mb which is far more than enough. BN actually does very little bandwidth under normal circumstances. | May 20 05:49 |
| **** BEGIN LOGGING AT Wed May 20 09:28:46 2009 | ||
| *Now talking on #boycottnovell-social | May 20 09:28 | |
| *Topic for #boycottnovell-social is: Communication about anything, including Microsoft, Novell, and Free software [publicly logged] | May 20 09:28 | |
| *Topic for #boycottnovell-social set by schestowitz at Mon Mar 16 02:04:07 2009 | May 20 09:28 | |
| schestowitz | The attackers came back. What to do next? The police won't help much... | May 20 11:41 |
| *DaemonFC (n=chatzill@c-67-173-86-85.hsd1.in.comcast.net) has joined #boycottnovell-social | May 20 11:47 | |
| DaemonFC | uhhm, k | May 20 11:47 |
| schestowitz | I think the attacker is watching | May 20 11:48 |
| schestowitz | Any suggestions how this can be combatted? | May 20 11:48 |
| schestowitz | tessier is asleep | May 20 11:48 |
| DaemonFC | watching? | May 20 11:48 |
| schestowitz | in IRC | May 20 11:48 |
| DaemonFC | what makes you think that? | May 20 11:48 |
| schestowitz | Hard to tell... | May 20 11:48 |
| schestowitz | Some people in the channel are new | May 20 11:48 |
| DaemonFC | familiar IP addresses? | May 20 11:49 |
| DaemonFC | hmmmm | May 20 11:50 |
| DaemonFC | well it's possible | May 20 11:50 |
| DaemonFC | but if they're using a botnet, who knows | May 20 11:50 |
| schestowitz | "The BBC has followed its recent controversial botnet demonstration with a new filmed demo of how a Trojan attack works - except this time it made sure to ask nicely." http://www.theregister.co.uk/2009/05/19/bbc_trojan_demo_sequel/ | May 20 11:50 |
| schestowitz | DaemonFC: anyone to complain to? | May 20 11:51 |
| schestowitz | This is ridiculous | May 20 11:51 |
| DaemonFC | if you have logs of the IP addresses used in the attacks | May 20 11:51 |
| schestowitz | What good is a law if no-one enforces it even when people complain about the crime? | May 20 11:51 |
| DaemonFC | you could complain to their ISP | May 20 11:51 |
| schestowitz | Of the zombies | May 20 11:51 |
| DaemonFC | yeah | May 20 11:52 |
| schestowitz | That would only eliminate some nodes | May 20 11:52 |
| schestowitz | We need to find the source of the attack | May 20 11:52 |
| DaemonFC | meh | May 20 11:52 |
| DaemonFC | good luck | May 20 11:52 |
| DaemonFC | host the site in the US | May 20 11:52 |
| schestowitz | "Also, keep up with the police. As a network administrator I worked with | May 20 11:52 |
| schestowitz | years ago said to them, "It's a crime right? Then deal with it. Crime | May 20 11:52 |
| schestowitz | is *your* area, computers or not." BTW look at FBI and Scotland Yard | May 20 11:52 |
| schestowitz | figures regarding the commerce in Windows botnets. dotnet=botnet | May 20 11:52 |
| schestowitz | Simply by using Windows on a machine connected to the net, one is | May 20 11:52 |
| schestowitz | contributing as an accomplice to organized crime. | May 20 11:52 |
| schestowitz | That goes whether or not one also considered MS itself to be organized | May 20 11:52 |
| schestowitz | crime. Based on how the sales and lobbying history is, I'd say it is." | May 20 11:52 |
| DaemonFC | that way if they attack the server, the FBI has to investigate | May 20 11:52 |
| schestowitz | Well, it is in the US | May 20 11:53 |
| schestowitz | tessier has the logs | May 20 11:53 |
| schestowitz | With which the FBI can do something, I guess. | May 20 11:53 |
| DaemonFC | is he an American? | May 20 11:53 |
| schestowitz | Yes. | May 20 11:53 |
| DaemonFC | Does he own the server? | May 20 11:53 |
| schestowitz | Yes | May 20 11:53 |
| DaemonFC | tell him to call the nearest FBI field office | May 20 11:53 |
| DaemonFC | they usually have at least one in every state | May 20 11:53 |
| DaemonFC | that's a federal crime | May 20 11:54 |
| schestowitz | The attacks might slow down a bit | May 20 11:54 |
| schestowitz | I can load pages very slowly now | May 20 11:55 |
| schestowitz | I reported the return of the DDOS to those who can help | May 20 11:55 |
| schestowitz | It'll also reach the attention of tens of thousands in Digg.com | May 20 11:55 |
| schestowitz | DaemonFC: thanks. | May 20 11:55 |
| schestowitz | I shall tell him. He has generously helped a LOT so far. | May 20 11:56 |
| *[H]omer has quit (leguin.freenode.net irc.freenode.net) | May 20 11:57 | |
| *tessier has quit (leguin.freenode.net irc.freenode.net) | May 20 11:57 | |
| *MinceR has quit (leguin.freenode.net irc.freenode.net) | May 20 11:57 | |
| *Balrog_ has quit (leguin.freenode.net irc.freenode.net) | May 20 11:57 | |
| *DaemonFC has quit (leguin.freenode.net irc.freenode.net) | May 20 11:57 | |
| *DaemonFC (n=chatzill@c-67-173-86-85.hsd1.in.comcast.net) has joined #boycottnovell-social | May 20 11:58 | |
| *Balrog_ (n=BRBT@livecd.ist.temple.edu) has joined #boycottnovell-social | May 20 11:58 | |
| *[H]omer (n=[H]omer@moscow.perfect-privacy.com) has joined #boycottnovell-social | May 20 11:58 | |
| *tessier (n=treed@kernel-panic/sex-machines) has joined #boycottnovell-social | May 20 11:58 | |
| *MinceR (n=mincer@unaffiliated/mincer) has joined #boycottnovell-social | May 20 11:58 | |
| *Received a CTCP VERSION from freenode-connect | May 20 11:59 | |
| *[H]omer has quit (leguin.freenode.net irc.freenode.net) | May 20 12:03 | |
| *tessier has quit (leguin.freenode.net irc.freenode.net) | May 20 12:03 | |
| *MinceR has quit (leguin.freenode.net irc.freenode.net) | May 20 12:03 | |
| *Balrog_ has quit (leguin.freenode.net irc.freenode.net) | May 20 12:03 | |
| *DaemonFC has quit (leguin.freenode.net irc.freenode.net) | May 20 12:03 | |
| *DaemonFC (n=chatzill@c-67-173-86-85.hsd1.in.comcast.net) has joined #boycottnovell-social | May 20 12:05 | |
| *Balrog_ (n=BRBT@livecd.ist.temple.edu) has joined #boycottnovell-social | May 20 12:05 | |
| *[H]omer (n=[H]omer@moscow.perfect-privacy.com) has joined #boycottnovell-social | May 20 12:05 | |
| *tessier (n=treed@kernel-panic/sex-machines) has joined #boycottnovell-social | May 20 12:05 | |
| *MinceR (n=mincer@unaffiliated/mincer) has joined #boycottnovell-social | May 20 12:05 | |
| *Received a CTCP VERSION from freenode-connect | May 20 12:05 | |
| DaemonFC | schestowitz: Problems? | May 20 12:05 |
| *mtnd3w (n=squid@cpe-74-65-216-135.nyc.res.rr.com) has joined #boycottnovell-social | May 20 12:15 | |
| *tacone (i=975099cc@gateway/web/ajax/mibbit.com/x-8c921297e3844b12) has joined #boycottnovell-social | May 20 12:15 | |
| tacone | lol. dos publicity made them feel good | May 20 12:15 |
| schestowitz | Still DDOS | May 20 12:15 |
| schestowitz | For the past hour | May 20 12:15 |
| tacone | are you sure it's not just the digg ? | May 20 12:15 |
| schestowitz | Came out of nowhere | May 20 12:15 |
| schestowitz | tessier is asleep | May 20 12:15 |
| tacone | are you sure it's not the publicity ? | May 20 12:16 |
| schestowitz | tacone: yes, the Digg goes to SJVN's article | May 20 12:16 |
| tacone | uhm | May 20 12:16 |
| tacone | i'd remain calm | May 20 12:16 |
| schestowitz | tacone: nope, not quire | May 20 12:16 |
| schestowitz | I know | May 20 12:16 |
| schestowitz | Assuming they spy in IRC I invited you here | May 20 12:16 |
| tacone | i'ts slow right | May 20 12:16 |
| schestowitz | This is particularly annoying cause of ODF | May 20 12:17 |
| schestowitz | Urgent news | May 20 12:17 |
| schestowitz | About ODF and MS | May 20 12:17 |
| schestowitz | I can't quite make posts | May 20 12:17 |
| schestowitz | Load average: 29.61, 24.03, 25.49 | May 20 12:17 |
| tacone | uh uh | May 20 12:17 |
| tacone | yes, true | May 20 12:17 |
| tacone | worked now | May 20 12:17 |
| tacone | schestowitz: the site works, kind of | May 20 12:18 |
| tacone | try to write the article somewhere else, then copypaste it in wordpress | May 20 12:18 |
| tacone | it will go into rss, and that will bring it out neverthless | May 20 12:18 |
| schestowitz | Don't hammer on it thouygh | May 20 12:20 |
| schestowitz | I was gonna do the Mono article | May 20 12:20 |
| schestowitz | Then it hit us | May 20 12:21 |
| schestowitz | I also have a video to go with it | May 20 12:21 |
| schestowitz | tacone: let me see if the attacks die out within an hour | May 20 12:21 |
| schestowitz | I have my personal blog | May 20 12:21 |
| schestowitz | mtnd3w: we talk about the DDOS here | May 20 12:25 |
| schestowitz | If the attackers watch, that's their reward. To terrorise and aggravate | May 20 12:25 |
| mtnd3w | i'm still submitting your articles through google cache | May 20 12:27 |
| schestowitz | Submitting? | May 20 12:28 |
| schestowitz | BTW, let's keep talk about the DDOS off the main channel. We should give the impression it doesn't bother us at all. | May 20 12:28 |
| mtnd3w | to social news sites | May 20 12:29 |
| mtnd3w | alright | May 20 12:29 |
| schestowitz | load average: 104.47, 53.84, 36.73 | May 20 12:33 |
| schestowitz | mtnd3w: thanks! | May 20 12:33 |
| tacone | the only way to block the load is to stop apache for 1 minute | May 20 12:35 |
| tacone | something you can't do right now, i guess | May 20 12:35 |
| schestowitz | Yeah, no privileges | May 20 12:38 |
| schestowitz | The refresh rate of top is pretty poor now | May 20 12:39 |
| tacone | i wonder how to logs look like | May 20 12:43 |
| schestowitz | I don't know | May 20 12:43 |
| schestowitz | I was on SSH | May 20 12:43 |
| schestowitz | It froze | May 20 12:43 |
| tacone | it has to be difficult even to connect in ssh right now | May 20 12:43 |
| schestowitz | Now I can't even connect to it | May 20 12:44 |
| schestowitz | I get singla again | May 20 12:46 |
| tacone | ok, database connection error. | May 20 12:46 |
| schestowitz | load average: 101.93, 88.61, 66.53 | May 20 12:46 |
| tacone | everything fell | May 20 12:46 |
| tacone | now the load may decrease | May 20 12:46 |
| DaemonFC | http://blogs.computerworld.com/burying_the_truth_boycott_novell_hit_by_denial_of_service_attack | May 20 12:46 |
| schestowitz | Aye | May 20 12:46 |
| schestowitz | Watch personal attacks and libel | May 20 12:47 |
| schestowitz | All sorts of lies | May 20 12:47 |
| schestowitz | Don't believe what you read in comments | May 20 12:47 |
| DaemonFC | schestowitz: You eat babies? | May 20 12:47 |
| DaemonFC | never would have guessed | May 20 12:47 |
| DaemonFC | so do I | May 20 12:47 |
| schestowitz | load average: 106.12, 93.57, 70.34 | May 20 12:47 |
| DaemonFC | don't let them get to you | May 20 12:48 |
| DaemonFC | :D | May 20 12:48 |
| schestowitz | Don't worry, I don't | May 20 12:48 |
| schestowitz | I hated it more when they tried to get me fired | May 20 12:48 |
| DaemonFC | ??? | May 20 12:48 |
| schestowitz | Mass mailing people with libel and sh* | May 20 12:48 |
| schestowitz | 3 types of attacks | May 20 12:48 |
| schestowitz | 1. Slander | May 20 12:48 |
| schestowitz | 2. Forging (and attacking my friends with my name) | May 20 12:48 |
| schestowitz | 3. Trying to get you in trouble in life directly | May 20 12:49 |
| schestowitz | (3) is related to (1) and (2), but it's more direct | May 20 12:49 |
| schestowitz | load average: 70.92, 88.52, 71.67 | May 20 12:49 |
| schestowitz | High amounts of Linux advocacy they labeled "spam" | May 20 12:50 |
| DaemonFC | schestowitz: It's not hard to set up a botnet | May 20 12:50 |
| DaemonFC | is this channel logged? | May 20 12:50 |
| schestowitz | Yes, according to them, aggregating and sharing snippets of Linux news is spam | May 20 12:50 |
| schestowitz | DaemonFC: no, not currently | May 20 12:50 |
| DaemonFC | well, didn't want this to get googled | May 20 12:50 |
| schestowitz | I post just the main channel's log daily | May 20 12:50 |
| DaemonFC | but I was looking at some pirate Vista and XP and Windows 2000 discs | May 20 12:51 |
| schestowitz | DaemonFC: yes, but the motive is curious | May 20 12:51 |
| schestowitz | Re botnets | May 20 12:51 |
| DaemonFC | off sites like Pirate Bay | May 20 12:51 |
| DaemonFC | and it's not uncommon to find trojans in those disc images | May 20 12:51 |
| schestowitz | You don't just wake up and think, "let's pick a site in random and risk FBI putting me in jail" | May 20 12:51 |
| DaemonFC | the copy of Windows is bait | May 20 12:51 |
| schestowitz | Vista 7 zombiies | May 20 12:52 |
| schestowitz | Made through fake Vista7 torrents | May 20 12:52 |
| schestowitz | Reported days ago.. | May 20 12:52 |
| DaemonFC | once thousands of people take the bait, you have thousands of zombies with high speed internet at your command | May 20 12:52 |
| schestowitz | Install Vista7, you are a zombie out of the box | May 20 12:52 |
| schestowitz | They make Vista7 botnets this way | May 20 12:52 |
| DaemonFC | it's not new | May 20 12:52 |
| schestowitz | DaemonFC: they said they had gained hundreds of thousands per hour | May 20 12:52 |
| DaemonFC | wouldn't surprise me | May 20 12:52 |
| DaemonFC | the very least you should do is dissect the disc images with a decent antivirus scanner | May 20 12:53 |
| schestowitz | DDOS is not just dumb, it's illegal. But the police is too lazy to fight it. | May 20 12:53 |
| DaemonFC | with Vista that means also copying the WIM file to the hard drive | May 20 12:53 |
| DaemonFC | and unpacking it | May 20 12:53 |
| DaemonFC | to scan | May 20 12:53 |
| tacone | it's also difficult to fight | May 20 12:54 |
| DaemonFC | I do that and go by the MD5 and SHA1 from Microsoft's Technet site | May 20 12:54 |
| tacone | they piss their pants even when important targets are going to be attacked | May 20 12:54 |
| DaemonFC | if those match up and the antivirus doesn't find anything, only then will I use it | May 20 12:54 |
| DaemonFC | the favorite target for that stuff is XP | May 20 12:55 |
| schestowitz | tacone: number10.gov.uk | May 20 12:55 |
| DaemonFC | because the discs are smaller | May 20 12:55 |
| DaemonFC | and it's more in demand | May 20 12:55 |
| schestowitz | Maybe I should find some campaign for British MP | May 20 12:55 |
| DaemonFC | so it's less effort and more victims | May 20 12:55 |
| schestowitz | Then I might get help enforcing the law as a victim ;-) | May 20 12:55 |
| schestowitz | load average: 34.16, 51.22, 59.74 | May 20 12:55 |
| DaemonFC | it amazes me how an OS that's almost 10 years old is still so popular | May 20 12:56 |
| DaemonFC | I don't think that Vista performs worse than OS X, I think a few things happened all at once | May 20 12:56 |
| schestowitz | Last Chance For The Old Recording Industry... But Plenty Of Excitement In The New Music Industry < http://techdirt.com/articles/20090519/0213544923.shtml > | May 20 12:57 |
| schestowitz | If the load goes below 10 I'll make new posts. | May 20 12:57 |
| DaemonFC | the compositing engine, bad drivers, and shoddy OEM PCs | May 20 12:57 |
| DaemonFC | it was like the perfect storm | May 20 12:57 |
| schestowitz | Best thing is to show the attacker it's not too effective. | May 20 12:57 |
| DaemonFC | schestowitz: Switch the domain | May 20 12:58 |
| DaemonFC | make it a redirect | May 20 12:58 |
| tacone | ??? | May 20 12:58 |
| DaemonFC | I'd point the fucker at Microsoft.com | May 20 12:58 |
| DaemonFC | and let the botnet give them some traffic | May 20 12:58 |
| schestowitz | This is not good. YouTube Ordered To Pay $1.6 Million To ASCAP < http://techdirt.com/articles/20090519/1127454934.shtml > | May 20 12:58 |
| schestowitz | DaemonFC: why? | May 20 12:59 |
| schestowitz | Fight crime with crime? | May 20 12:59 |
| DaemonFC | meh | May 20 12:59 |
| schestowitz | Assume it's MS and not Novell or SUSE fans? | May 20 12:59 |
| schestowitz | One tor node from germany | May 20 12:59 |
| schestowitz | Better attack on the site than physical assult | May 20 12:59 |
| schestowitz | PJ gets death threats quite often | May 20 12:59 |
| schestowitz | This leads her to softening articles | May 20 13:00 |
| schestowitz | IOW, the threats can affect a person's writings, thus leading to victory for the abuser | May 20 13:00 |
| tacone | groaklaw ? | May 20 13:04 |
| *DaemonFC has quit ("ChatZilla 0.9.84 [SeaMonkey 2.0b1pre/20090520020836]") | May 20 13:04 | |
| *DaemonFC (n=chatzill@c-67-173-86-85.hsd1.in.comcast.net) has joined #boycottnovell-social | May 20 13:07 | |
| schestowitz | Yes | May 20 13:10 |
| tacone | poor girl | May 20 13:13 |
| schestowitz | It's a members-only post | May 20 13:19 |
| schestowitz | Something like "I will kill you" | May 20 13:19 |
| schestowitz | The secret services there are not particularly helpful, so she just keeps moving b/w houses | May 20 13:19 |
| tacone | so is she constantly sacrificing in order to keep blogging ? | May 20 13:20 |
| schestowitz | Yes, exactly | May 20 13:20 |
| *oiaohm (n=oiaohm@unaffiliated/oiaohm) has joined #boycottnovell-social | May 20 13:20 | |
| schestowitz | I live in a high-security area, so I'm good for now | May 20 13:20 |
| schestowitz | load average: 144.70, 176.23, 123.59 | May 20 13:21 |
| tacone | send a mail to tessier and give up for now | May 20 13:22 |
| tacone | i believe he can block the new attack pretty easily | May 20 13:22 |
| oiaohm | Remember in future schestowitz even you are ddos attacked its not. I guess you have seen how the rouges are trying to turn it. | May 20 13:22 |
| schestowitz | http://blogs.computerworld.com/burying_the_truth_boycott_novell_hit_by_denial_of_service_attack http://www.pcworld.com/article/165179/boycott_novell_site_suffers_ddos_attack.html | May 20 13:22 |
| schestowitz | tacone: he's asleep | May 20 13:23 |
| schestowitz | San Diego | May 20 13:23 |
| tacone | i know | May 20 13:23 |
| tacone | he'll read it when he wakes up | May 20 13:23 |
| schestowitz | load average: 26.83, 67.54, 91.47 | May 20 13:27 |
| tacone | schestowitz: on a thing he's right | May 20 13:28 |
| tacone | you either cache the wiki or you strip it | May 20 13:28 |
| tacone | it just makes things easier | May 20 13:28 |
| schestowitz | I don't think the Wiki is hammered | May 20 13:30 |
| schestowitz | tessier watched the logs | May 20 13:31 |
| schestowitz | Had it been a Wiki issue he's see it | May 20 13:31 |
| schestowitz | There's lots of hits coming from the WordPress UI | May 20 13:31 |
| schestowitz | The Ajax bits that check for update in open posts | May 20 13:31 |
| tacone | i'd like to see the logs this time | May 20 13:32 |
| tacone | can i have them sent to me ? | May 20 13:32 |
| tacone | a sample. i mean | May 20 13:32 |
| schestowitz | Yes, hold on. | May 20 13:42 |
| schestowitz | PM me the E-mail | May 20 13:43 |
| tacone | i'm going offline | May 20 13:43 |
| tacone | done | May 20 13:43 |
| tacone | bye, and don't treat too bad the troll | May 20 13:43 |
| tacone | they all end up shooting their own foot if you let them talk | May 20 13:43 |
| schestowitz | :-) | May 20 13:46 |
| *tacone has quit ("http://www.mibbit.com ajax IRC Client") | May 20 13:49 | |
| *[H]omer has quit (Read error: 110 (Connection timed out)) | May 20 14:00 | |
| schestowitz | load average: 20.90, 22.62, 32.94 | May 20 14:01 |
| *[H]omer (n=[H]omer@moscow.perfect-privacy.com) has joined #boycottnovell-social | May 20 14:18 | |
| schestowitz | The attack suddenly stopped | May 20 14:36 |
| schestowitz | 0.50, 7.78, 17.57 | May 20 14:36 |
| schestowitz | I'll post quickly | May 20 14:38 |
| schestowitz | load average: 0.27, 1.62, 9.98 | May 20 14:45 |
| oiaohm | Hmm wonder if we need to setup a email in posting system. | May 20 15:02 |
| schestowitz | What for? | May 20 15:33 |
| oiaohm | email will make to server when low times turn up. | May 20 15:46 |
| schestowitz | Oh | May 20 15:48 |
| schestowitz | Alerts? | May 20 15:48 |
| schestowitz | Heh. Long path. | May 20 15:49 |
| schestowitz | /home/roy/Main/Misc/Projects/Web Sites/Boycott_Novell/Site-host-transfer-may-2009/18-05-2009-old_account_surpass/del_me/cpmove-boycottn/homedir/public_html/ | May 20 15:49 |
| oiaohm | More that if we do have high load for some reason ddos or popular new messages can still be added. | May 20 15:50 |
| oiaohm | Its just something to annoy the heck out of attackers. | May 20 15:51 |
| schestowitz | Oh, I see. | May 20 15:52 |
| oiaohm | What is the point of doing a ddos if you are getting no disruption. | May 20 15:52 |
| oiaohm | Or at least its appearing that way. | May 20 15:53 |
| oiaohm | Some of it is art of slide of hand. | May 20 15:53 |
| *DaemonFC has quit (Remote closed the connection) | May 20 15:54 | |
| *DaemonFC (n=chatzill@c-67-173-86-85.hsd1.in.comcast.net) has joined #boycottnovell-social | May 20 15:57 | |
| *oiaohm has quit (Remote closed the connection) | May 20 16:00 | |
| schestowitz | Yeah :-) | May 20 16:04 |
| *wispygalaxy (i=misty@c-98-221-240-23.hsd1.nj.comcast.net) has joined #boycottnovell-social | May 20 18:35 | |
| Balrog_ | hi wispygalaxy | May 20 18:35 |
| wispygalaxy | hey there! | May 20 18:35 |
| wispygalaxy | i didnt know this existed | May 20 18:35 |
| Balrog_ | it was set up recently | May 20 18:36 |
| wispygalaxy | ive been away for a while, had no time to look around | May 20 18:36 |
| wispygalaxy | it's a good idea :) | May 20 18:36 |
| Balrog_ | yeah. Vacation? | May 20 18:36 |
| wispygalaxy | yep, i might go to the poconos mountains this weekend | May 20 18:37 |
| wispygalaxy | or maybe atlantic city | May 20 18:37 |
| Balrog_ | ah cool! | May 20 18:38 |
| Balrog_ | I was at a dance last week ... lotsa fun | May 20 18:38 |
| wispygalaxy | i havent been to a dance lately, since my school isnt into those kinds of things. my school is obsessed with sports- everyone goes to those | May 20 18:39 |
| Balrog_ | not school related though | May 20 18:39 |
| wispygalaxy | oh ok | May 20 18:39 |
| wispygalaxy | was it a club? | May 20 18:39 |
| Balrog_ | not exactly | May 20 18:40 |
| wispygalaxy | hope you had fun! | May 20 18:40 |
| Balrog_ | yeah :) | May 20 18:40 |
| schestowitz | Sorry I lost track, wispygalaxy | May 20 19:00 |
| schestowitz | I'm catching up with lost time | May 20 19:00 |
| schestowitz | The DDoS and all... | May 20 19:00 |
| wispygalaxy | thats ok, roy :) | May 20 19:00 |
| wispygalaxy | awww im so sorry | May 20 19:00 |
| wispygalaxy | is everything ok? | May 20 19:00 |
| Balrog_ | it's ok now. | May 20 19:00 |
| Balrog_ | BN was down for a few days though, and comments were broken for a few more | May 20 19:00 |
| wispygalaxy | i hope the trolls wont bother BN anymore | May 20 19:01 |
| wispygalaxy | who do you think attacked the site | May 20 19:01 |
| Balrog_ | not sure, it's a DDOS | May 20 19:07 |
| Balrog_ | some botnet, apparently, and it's hard to trace those : | May 20 19:07 |
| Balrog_ | :/ * | May 20 19:07 |
| *mtnd3w has quit (Remote closed the connection) | May 20 19:09 | |
| DaemonFC | Das Machine is nicht fur gefingerpoken und mittengrabben. Ist easy schnappen der springenwerk, blowenfusen und poppencorken mit spitzensparken. Ist nicht fur gewerken by das dummkopfen. Das rubbernecken sightseeren musten keepen das cotten-pickenen hands in das pockets - relaxen und watchen das blinkenlights. | May 20 19:09 |
| wispygalaxy | that's awful, i hope they catch them | May 20 19:09 |
| DaemonFC | :P | May 20 19:09 |
| wispygalaxy | haha | May 20 19:10 |
| Balrog_ | ;) | May 20 19:10 |
| Balrog_ | http://www.annoyances.org/exec/show/article09-100 | May 20 19:11 |
| wispygalaxy | lol nice balrog | May 20 19:12 |
| *wispygalaxy (i=misty@c-98-221-240-23.hsd1.nj.comcast.net) has left #boycottnovell-social | May 20 19:56 | |
| *oiaohm (n=oiaohm@125.136.dsl.brs.iprimus.net.au) has joined #boycottnovell-social | May 21 00:17 | |
| Balrog_ | oiaohm: do you have any URL? | May 21 01:11 |
| oiaohm | I have a few personal websites I poorly maintain them Balrog_ | May 21 01:14 |
| oiaohm | There more like personal notes. | May 21 01:14 |
| schestowitz | You hardly write there (I'm on RSS) | May 21 01:18 |
| oiaohm | I know. | May 21 01:18 |
| oiaohm | I said poor maintainer and I really do mean it. | May 21 01:18 |
| schestowitz | Same w/ my personal blogs since 2007 | May 21 01:28 |
| *tessier has quit (Read error: 110 (Connection timed out)) | May 21 03:28 | |
| *DaemonFC has quit ("ChatZilla 0.9.84 [SeaMonkey 2.0b1pre/20090520020836]") | May 21 04:25 | |
| *oiaohm has quit (Remote closed the connection) | May 21 05:25 | |
| schestowitz | Little update: Yesterday there was another DDOS attack. It lasted several hours before iptables contained the threat and had the attackers give up again. What a nightmare this has been... no data was lost, just DAYS of constant work involving lots of people. And we lost our previous host/ISP who didn't want the trouble... there's more work ahead. | May 21 10:13 |
| *oiaohm (n=oiaohm@unaffiliated/oiaohm) has joined #boycottnovell-social | May 21 10:23 | |
| oiaohm | Just wondering what anti-linux site. | May 21 14:14 |
| *DaemonFC (n=chatzill@c-67-173-86-85.hsd1.in.comcast.net) has joined #boycottnovell-social | May 21 15:17 | |
| schestowitz | linsux | May 21 15:37 |
| Balrog_ | schestowitz: why would /they/ attack BN? BN isn't anti-BSD .... | May 21 16:08 |
| MinceR | frustrated bsd fanboys tend to hate gnu and linux because gnu and linux aren't stuck in the past and people actually care about them | May 21 16:09 |
| Balrog_ | heh. I've heard what some BSD fanboys say | May 21 16:10 |
| Balrog_ | they argue that GPL isn't free because it takes away the freedom to use code in a proprietary product | May 21 16:10 |
| schestowitz | Balrog_: it's not BSD | May 21 16:14 |
| Balrog_ | ?? I don't get that | May 21 16:15 |
| MinceR | realizing that using the code in a proprietary means taking the freedom to use the code away from those users is beyond the mental capacity of a bsdtard | May 21 16:20 |
| MinceR | s/ry/ry product/ | May 21 16:20 |
| Balrog_ | BSD license makes sense only in limited cases ... like maybe a file format you want everyone to use ... though LGPL may be better there | May 21 16:20 |
| MinceR | it would make a lot of sense in a world without the likes of m$ and crApple | May 21 16:21 |
| MinceR | but we're far from that, sadly | May 21 16:21 |
| schestowitz | Watch Intel the criminal trying to glorify itself: Intel releases corporate responsibility report < http://www.theinquirer.net/inquirer/news/1137418/intel-releases-corporate-responsibility-report >> | May 21 16:39 |
| schestowitz | This is what sickens me about those overly elitist groups that commity crimes against the world and then come up with logos, slogans and reprorts to pretend it's for common good. | May 21 16:40 |
| *oiaohm has quit (Remote closed the connection) | May 21 17:04 | |
| *DaemonFC has quit (Remote closed the connection) | May 21 17:53 | |
| *DaemonFC (n=chatzill@c-67-173-86-85.hsd1.in.comcast.net) has joined #boycottnovell-social | May 21 17:53 | |
| *DaemonFC has quit ("ChatZilla 0.9.84 [SeaMonkey 2.0b1pre/20090520020836]") | May 21 18:45 | |
| *DaemonFC (n=chatzill@c-67-173-86-85.hsd1.in.comcast.net) has joined #boycottnovell-social | May 21 18:54 | |
| *DaemonFC has quit (Remote closed the connection) | May 21 19:18 | |
| *DaemonFC (n=chatzill@c-67-173-86-85.hsd1.in.comcast.net) has joined #boycottnovell-social | May 21 19:19 | |
| *DaemonFC has quit (Client Quit) | May 21 19:21 | |
| *[H]omer has quit (Read error: 110 (Connection timed out)) | May 21 19:21 | |
| *DaemonFC (n=chatzill@c-67-173-86-85.hsd1.in.comcast.net) has joined #boycottnovell-social | May 21 19:22 | |
| *[H]omer (n=[H]omer@moscow.perfect-privacy.com) has joined #boycottnovell-social | May 21 19:23 | |
| *DaemonFC has quit (Read error: 104 (Connection reset by peer)) | May 21 20:06 | |
| *DaemonFC (n=chatzill@c-67-173-86-85.hsd1.in.comcast.net) has joined #boycottnovell-social | May 21 20:06 | |
| schestowitz | anon> I should have commented directly to you | May 21 20:11 |
| schestowitz | <anon> DaemonFC just did it again | May 21 20:11 |
| schestowitz | <anon> If I were you, I'd ban his ass | May 21 20:11 |
| schestowitz | <anon> you need to keep that kind of riff-raff out | May 21 20:11 |
| schestowitz | <anon> you're an adult with a public reputation, and that guy is just full of crap | May 21 20:11 |
| schestowitz | <schestowitz> I know | May 21 20:11 |
| schestowitz | <anon> this is good advice from a guy who is definitely in your corner, and also an adult with a public reputation | May 21 20:11 |
| schestowitz | <schestowitz> to kick or shut him up? | May 21 20:11 |
| schestowitz | <anon> ban | May 21 20:11 |
| schestowitz | <anon> that's not constitutionally protected speech | May 21 20:11 |
| schestowitz | <anon> a kline would be appropriate | May 21 20:11 |
| schestowitz | <anon> I actually disagreed with the ACLU on letting NAZIs parade in their regalia in the US. | May 21 20:11 |
| schestowitz | <schestowitz> one last warning to hm | May 21 20:11 |
| schestowitz | <anon> I'm more in agreement with strict enforcement against incitement | May 21 20:11 |
| schestowitz | DaemonFC: I'd have to ban you unless you stop | May 21 20:11 |
| schestowitz | <anon> I disagree. He should not be shot, and I don't think DaemonFC deserves a second chance | May 21 20:12 |
| schestowitz | <anon> you should jump at the opportunity to show intolerance for that kind of comment | May 21 20:12 |
| schestowitz | OK? | May 21 20:12 |
| schestowitz | <anon> just keep in mind the difference - DaemonFC doesn't risk his own reputation, only that of BN. | May 21 20:13 |
| schestowitz | <anon> he wouldn't say that under his surname | May 21 20:13 |
| schestowitz | DaemonFC: OK? | May 21 20:13 |
| DaemonFC | right | May 21 20:14 |
| schestowitz | Don't ever make such statements. No Microsoft boosting either. | May 21 20:16 |
| schestowitz | I'm under pressure by people who are upset by you | May 21 20:16 |
| *Slated (n=[H]omer@moscow.perfect-privacy.com) has joined #boycottnovell-social | May 21 22:39 | |
| *[H]omer has quit (Read error: 110 (Connection timed out)) | May 21 22:40 | |
| *Slated has quit (Read error: 104 (Connection reset by peer)) | May 21 23:30 | |
| *Slated (n=[H]omer@moscow.perfect-privacy.com) has joined #boycottnovell-social | May 21 23:42 | |
| *Slated has quit (Read error: 104 (Connection reset by peer)) | May 22 00:06 | |
| schestowitz | <schestowitz> I think we need that thing which you did to enable permalinks | May 22 00:11 |
| schestowitz | <schestowitz> On the new account | May 22 00:11 |
| schestowitz | <schestowitz> I get 404s for pages with permalinks | May 22 00:11 |
| schestowitz | <schestowitz> Needs some extension IIRC | May 22 00:11 |
| schestowitz | <schestowitz> mysql or php extension | May 22 00:11 |
| schestowitz | Error pages... | May 22 00:11 |
| *Slated (n=[H]omer@moscow.perfect-privacy.com) has joined #boycottnovell-social | May 22 00:18 | |
| *Slated has quit (Read error: 110 (Connection timed out)) | May 22 01:07 | |
| *DaemonFC has quit (Read error: 113 (No route to host)) | May 22 01:25 | |
| *MinceR_ (n=mincer@unaffiliated/mincer) has joined #boycottnovell-social | May 22 02:03 | |
| *oiaohm (n=oiaohm@125.136.dsl.brs.iprimus.net.au) has joined #boycottnovell-social | May 22 02:12 | |
| *MinceR has quit (Read error: 110 (Connection timed out)) | May 22 02:18 | |
| *DaemonFC (n=chatzill@c-67-173-86-85.hsd1.in.comcast.net) has joined #boycottnovell-social | May 22 02:32 | |
| *MinceR_ is now known as MinceR | May 22 06:34 | |
| *DaemonFC has quit (Read error: 113 (No route to host)) | May 22 07:50 | |
| oiaohm | I guess squid is disabled schestowitz | May 22 10:47 |
| oiaohm | Site performance is down on what it was. | May 22 10:47 |
| schestowitz | Is it? | May 22 10:49 |
| schestowitz | Let me check | May 22 10:49 |
| schestowitz | Well, no caching | May 22 10:49 |
| schestowitz | Just WP cache | May 22 10:49 |
| schestowitz | We moved it to a VM last night | May 22 10:50 |
| schestowitz | I have root | May 22 10:50 |
| oiaohm | It made quite a large difference to responce time. | May 22 10:50 |
| oiaohm | Now working out how to have squid and have logging work. | May 22 10:50 |
| oiaohm | Ok being in a VM might also explain it. | May 22 10:52 |
| oiaohm | Basically I spoted a performance difference going in the wrong direction so I though I better ask questions in case it was the pests back. | May 22 10:52 |
| schestowitz | Microsoft Uses Bribery-enabled Live@Edu to Attack Rival Web Browsers < http://boycottnovell.com/2009/05/22/microsoft-attack-on-rival-web-browsers/ > | May 22 10:55 |
| schestowitz | ^This is about AU | May 22 10:55 |
| schestowitz | oiaohm: maybe there is another cause/.factor | May 22 10:56 |
| schestowitz | But I still need to sort of some s/w/ | May 22 10:56 |
| schestowitz | For example I have no stats package on the server | May 22 10:56 |
| schestowitz | I haven't seen any stats for it in a week | May 22 10:56 |
| schestowitz | (attacks started a week ago) | May 22 10:56 |
| oiaohm | Don't say I have got on the wrong side of the filter. | May 22 11:25 |
| oiaohm | Everything is working now. I guess I got on the wrong site of the filter temp. | May 22 11:34 |
| schestowitz | With Earnings Down 32%, Microsoft Decides Windows no Longer ‘Free’ (Gratis) http://boycottnovell.com/2009/05/22/microsoft-vs-charities/ | May 22 11:35 |
| schestowitz | oiaohm: I see... | May 22 11:36 |
| schestowitz | So you were not blacklisted though | May 22 11:36 |
| oiaohm | In 7 days I might have an artical with you about Australia schestowitz if I cannot get suitable resultions I will be a dosely. | May 22 12:16 |
| schestowitz | Excellent | May 22 12:32 |
| *DaemonFC (n=chatzill@c-67-173-86-85.hsd1.in.comcast.net) has joined #boycottnovell-social | May 22 15:05 | |
| *oiaohm has quit (Remote closed the connection) | May 22 15:08 | |
| schestowitz | Under DDOS again, I think | May 22 16:56 |
| schestowitz | yes, DDOS | May 22 16:58 |
| schestowitz | I now have root | May 22 17:00 |
| schestowitz | So I can block them myself | May 22 17:00 |
| *DaemonFC has quit (Remote closed the connection) | May 22 20:27 | |
| *DaemonFC (n=chatzill@c-67-173-86-85.hsd1.in.comcast.net) has joined #boycottnovell-social | May 22 20:28 | |
| *oiaohm (n=oiaohm@unaffiliated/oiaohm) has joined #boycottnovell-social | May 22 23:25 | |
| oiaohm | I am working out why many sites use nginx and lighttpd over apache they are not like me and operate behind squid so need http sever to be able to cache correctly. | May 22 23:27 |
| schestowitz | Many are fakes | May 22 23:32 |
| schestowitz | Netcraft is no reliable | May 22 23:32 |
| schestowitz | Yet people treat it like gospel | May 22 23:32 |
| schestowitz | As others cherish NetApplications #s | May 22 23:32 |
| schestowitz | And it was cvlaimed that nginx is cheating | May 22 23:32 |
| schestowitz | Many parked or micro-domains | May 22 23:33 |
| schestowitz | More like spamming for presence | May 22 23:33 |
| schestowitz | A bit like MS and park domainers | May 22 23:33 |
| schestowitz | *parke | May 22 23:33 |
| schestowitz | *parked | May 22 23:33 |
| oiaohm | mod_cache in appache is still a secuirty hole. | May 22 23:35 |
| oiaohm | Ie the reverse proxy bit that would kinda be highly useful. | May 22 23:35 |
| schestowitz | Some use lighttpd for speed | May 22 23:45 |
| schestowitz | Maybe obscurity value | May 22 23:45 |
| schestowitz | Luv of underdogs | May 22 23:45 |
| schestowitz | DaemonFC: | May 23 00:20 |
| schestowitz | Please tone it down | May 23 00:20 |
| schestowitz | I hate censorhip | May 23 00:20 |
| schestowitz | <anon> were you surprised by the craziness from DaemonFC? | May 23 00:20 |
| schestowitz | <anon> I was a bit shocked | May 23 00:20 |
| schestowitz | <anon> I don't even know the gender of that user | May 23 00:20 |
| schestowitz | <anon> almost definitely a guy | May 23 00:20 |
| schestowitz | <anon> but RMS never supported the Taliban, and I know he abhors that kind of rabid ideology | May 23 00:20 |
| schestowitz | <anon> He only criticized the bombing of civilians from US airstrikes | May 23 00:20 |
| schestowitz | <anon> DaemonFC is a low-down character assassin, the worst kind, lying from behind a pseudonym | May 23 00:20 |
| schestowitz | <anon> I suspect his statement about Glenn Beck was made with the hope that others would say "yeah" and then it would make your channel look like extremists. | May 23 00:20 |
| schestowitz | <anon> His hope is to reinforce the misconception that radical politics is associated with free software and open source software | May 23 00:20 |
| schestowitz | <anon> Same with the guy who said Bill Gates should die, and Steve Ballmer should get hit with a hammer | May 23 00:20 |
| schestowitz | <anon> These guys are either complete morons and assholes, or they're trying to make your site and your work look radical, extreme, and outside the mainstream. | May 23 00:21 |
| schestowitz | <anon> I think some of these guys are trying to make you and your site look bad | May 23 00:21 |
| schestowitz | anonymous | May 23 00:23 |
| schestowitz | <balzac> meanwhile, you're a PhD candidate and they're crapping on your brand and crapping on RMS | May 23 00:23 |
| schestowitz | <anon> Neither one of them has expressed any regrets | May 23 00:23 |
| schestowitz | <anon> they're both anonymous | May 23 00:23 |
| schestowitz | DaemonFC: kapish? Please tone is down... | May 23 00:23 |
| schestowitz | And it was obvious who wrote this | May 23 00:23 |
| schestowitz | <anon> I'm not trying to say Mincer is the same as DaemonFC, or that either one is doing it on purpose, but they're trouble, because they didn't retract their foul language | May 23 00:25 |
| schestowitz | <anon> Also, _Hitcham_ said something idiotic too | May 23 00:25 |
| schestowitz | <anon> I can't remember what | May 23 00:25 |
| schestowitz | <anon> IRC tends to collect anti-social miscreants anyway | May 23 00:25 |
| schestowitz | We need to clean up the language a little | May 23 00:25 |
| schestowitz | Else we harm the message | May 23 00:25 |
| *DaemonFC is now known as IAmNotNice | May 23 00:26 | |
| *IAmNotNice is now known as DaemonFC | May 23 00:26 | |
| *Balrog_ has quit (leguin.freenode.net irc.freenode.net) | May 23 08:23 | |
| *Balrog_ (n=BRBT@livecd.ist.temple.edu) has joined #boycottnovell-social | May 23 08:24 | |
| *DaemonFC has quit ("ChatZilla 0.9.84 [SeaMonkey 2.0b1pre/20090522003217]") | May 23 08:50 | |
| schestowitz | load average: 44.08, 35.20, 19.30 | May 23 15:00 |
| oiaohm | http://www.snort.org/ + http://snort-inline.sourceforge.net/ will filter out a lot of known attack styles. | May 23 15:02 |
| *mtnd3w (n=squid@cpe-74-65-216-135.nyc.res.rr.com) has joined #boycottnovell-social | May 23 15:02 | |
| schestowitz | Hey | May 23 15:02 |
| mtnd3w | I saw you guys had another DDoS? | May 23 15:02 |
| schestowitz | How did you know? | May 23 15:02 |
| mtnd3w | just saw the msg on identi.ca | May 23 15:03 |
| mtnd3w | it's not possible to move to another server | May 23 15:03 |
| mtnd3w | ? | May 23 15:03 |
| schestowitz | oiaohm: there is already a firewall script | May 23 15:03 |
| schestowitz | We can't run both | May 23 15:03 |
| schestowitz | mtnd3w: oh, I see. | May 23 15:03 |
| schestowitz | mtnd3w: we already have | May 23 15:03 |
| schestowitz | (moved that is) | May 23 15:03 |
| schestowitz | It won't solve it | May 23 15:03 |
| schestowitz | load average: 48.83, 39.42, 23.01 | May 23 15:04 |
| mtnd3w | there's no way to prevent it? | May 23 15:07 |
| oiaohm | snort-inline intergrated into a firewall script schestowitz so yes you can use both. Having snort looking closer at packet contents. | May 23 15:08 |
| schestowitz | oiaohm: OK | May 23 15:08 |
| schestowitz | But I can't install it now | May 23 15:08 |
| schestowitz | Server hardly responds | May 23 15:08 |
| oiaohm | Just something to be put on list of options. | May 23 15:09 |
| oiaohm | As I say its war. | May 23 15:09 |
| oiaohm | Its selecting the right arms to stuff them. | May 23 15:09 |
| schestowitz | Yes, I know | May 23 15:09 |
| schestowitz | When this wave is finished I'll set it up | May 23 15:09 |
| oiaohm | Hopefully with short we will be able to find out more what they are upto. | May 23 15:12 |
| oiaohm | And design a better counter. | May 23 15:12 |
| schestowitz | The server is too slow even over SSH | May 23 15:16 |
| schestowitz | So I can't do much, can I? | May 23 15:16 |
| oiaohm | You don't have enough backup mirrors to play round robin with dns. | May 23 15:17 |
| schestowitz | Would such a thing help? | May 23 15:18 |
| schestowitz | I mean, the attacks target IPs | May 23 15:18 |
| schestowitz | Not servers | May 23 15:18 |
| oiaohm | Round robin is a stunt to allow you to get into a server being ddos to reconfigure but it requires 2 servers. | May 23 15:18 |
| schestowitz | If there was a fallback address, then it could be attacked too | May 23 15:18 |
| oiaohm | Ie one to step up and take the load while you configure the other. | May 23 15:19 |
| schestowitz | Oh, I see. | May 23 15:19 |
| schestowitz | But to install software? | May 23 15:19 |
| *_Hicham_ (n=hicham@wana-135-245-12-196.wanamaroc.com) has joined #boycottnovell-social | May 23 15:19 | |
| schestowitz | I have two accounts | May 23 15:19 |
| schestowitz | One virtualised | May 23 15:19 |
| oiaohm | Its 2 servers. | May 23 15:20 |
| schestowitz | I can't install anything on the non-VN account | May 23 15:20 |
| oiaohm | So you can swap them. | May 23 15:20 |
| oiaohm | Ie one not under load you can configure. | May 23 15:20 |
| oiaohm | Virtualisation is a limited help here. | May 23 15:20 |
| schestowitz | I can't mess with DNS nameserver | May 23 15:20 |
| oiaohm | Another is if you have multi locations. | May 23 15:21 |
| oiaohm | Like goggle does assign more than one IP to the name. | May 23 15:22 |
| oiaohm | Attacker is forced to split there attack. | May 23 15:22 |
| schestowitz | Would that eliminate it though? | May 23 15:22 |
| schestowitz | Windows Zombies are cheap | May 23 15:22 |
| oiaohm | Windows Zombies are cheep yes. But there are a limited way to hide paths. | May 23 15:24 |
| oiaohm | Really we need more information on what they are doing. If they are doing anything that can give away there source location. | May 23 15:25 |
| _Hicham_ | oiaohm : can't we limit limit the number of max visitors? | May 23 15:25 |
| MinceR | oiaohm: is there a way in the case when x doesn't respond to the keyboard to not kill x, just switch virtual consoles? | May 23 15:26 |
| oiaohm | MinceR: what KMS is for without it you cannot get back control of video card. | May 23 15:26 |
| oiaohm | _Hicham_: limiting max visitors can make dos attack more effective. | May 23 15:27 |
| MinceR | so i can't do it until i get a driver that can do KMS | May 23 15:27 |
| oiaohm | Because they can fill visitor slots _Hicham_ | May 23 15:27 |
| MinceR | but even if i do have KMS i need a way to make the kernel react to ctrl+alt+f1, right? | May 23 15:27 |
| _Hicham_ | MinceR : what card do u have? | May 23 15:27 |
| MinceR | _Hicham_: nvidia geforce 7900 gs | May 23 15:27 |
| MinceR | in my laptop | May 23 15:27 |
| _Hicham_ | did u try Nouveau? | May 23 15:28 |
| MinceR | my desktop and the machine i use at work is nvidia too | May 23 15:28 |
| MinceR | i've heard nouveau doesn't have full 3d support, which i need | May 23 15:28 |
| oiaohm | Notice that you would see when X11 stuffs up and you do ctrl-alt-f1 you would see a strange line of dots along the top of screen MinceR | May 23 15:28 |
| oiaohm | The vt switch did happen. | May 23 15:28 |
| MinceR | i've never noticed that | May 23 15:28 |
| MinceR | i'll look for it next time | May 23 15:28 |
| oiaohm | Just it cannot render right because it cannot change mode. | May 23 15:28 |
| oiaohm | KMS make the mode switch work. | May 23 15:29 |
| schestowitz | Not sure what to do now | May 23 15:29 |
| schestowitz | Other than wait | May 23 15:29 |
| schestowitz | We already have the firewall running | May 23 15:29 |
| schestowitz | It had them leave after some minutes yesterday when it happened | May 23 15:29 |
| oiaohm | They will push hard for about 18 hours from there last attack. | May 23 15:29 |
| MinceR | ic | May 23 15:29 |
| oiaohm | Expecting to find another break point. | May 23 15:30 |
| oiaohm | This is why it so important where able not to go off line. | May 23 15:30 |
| _Hicham_ | oiaohm : explain to me pls why untangle won't work | May 23 15:30 |
| oiaohm | untangle is basically snort method I points to before. | May 23 15:30 |
| oiaohm | Catch is ddos attacks could avoid the rules _Hicham_ | May 23 15:31 |
| oiaohm | ddos style is the hardest of all to stop. | May 23 15:31 |
| oiaohm | Since there is no fixed source. | May 23 15:31 |
| _Hicham_ | but we can find suspicious addresses | May 23 15:32 |
| oiaohm | Hmm anyone know mtnd3w | May 23 15:32 |
| schestowitz | So basically there is no simpe fix | May 23 15:33 |
| schestowitz | Other than to have the attackers bored | May 23 15:33 |
| schestowitz | Or ban Windows because of zombies | May 23 15:33 |
| _Hicham_ | who is mtnd3w? | May 23 15:33 |
| _Hicham_ | schesotowitz : who is mtnd3w? | May 23 15:34 |
| schestowitz | Someone who reads identi.ca | May 23 15:34 |
| schestowitz | I don't know though | May 23 15:34 |
| _Hicham_ | he is not talking | May 23 15:35 |
| schestowitz | mtnd3w: who are you? | May 23 15:35 |
| _Hicham_ | kick him out | May 23 15:36 |
| *#boycottnovell-social :You need to be a channel operator to do that | May 23 15:36 | |
| *#boycottnovell-social :You need to be a channel operator to do that | May 23 15:36 | |
| oiaohm | The one thing attackers don't allow on is the longer the attack runs the more likely they will make a mistake and get themselves caught. One thing you can depend on humans for is screwing up sooner or latter. | May 23 15:42 |
| mtnd3w | lol | May 23 15:47 |
| mtnd3w | why | May 23 15:47 |
| mtnd3w | i'm not the perpetrator | May 23 15:47 |
| schestowitz | Why proxy? | May 23 15:47 |
| mtnd3w | i'm on your identi.ca subscription, i rss from a long time ago | May 23 15:47 |
| mtnd3w | what proxy? | May 23 15:47 |
| schestowitz | squid | May 23 15:48 |
| mtnd3w | what? | May 23 15:48 |
| mtnd3w | oh it's filled in by default | May 23 15:49 |
| mtnd3w | by ubuntu on xchat | May 23 15:49 |
| mtnd3w | my ubuntu username | May 23 15:49 |
| mtnd3w | i'll leave if it helps you guys | May 23 15:50 |
| mtnd3w | i'm "snarf" on identi.ca | May 23 15:50 |
| oiaohm | We will most likely setup a proper admin channel. | May 23 15:51 |
| oiaohm | Basically we had a non used channel. | May 23 15:51 |
| *ReverseGTR (n=ReverseG@ool-45732edc.dyn.optonline.net) has joined #boycottnovell-social | May 23 15:51 | |
| schestowitz | mtnd3w: How did you know about this channel, that's what I wonder | May 23 15:51 |
| mtnd3w | oh you told me | May 23 15:51 |
| schestowitz | Ah, OK | May 23 15:51 |
| mtnd3w | and if i do whois on you | May 23 15:52 |
| mtnd3w | it shows up also | May 23 15:52 |
| ReverseGTR | so this is the channel where the real and relevant action is from now on? | May 23 15:52 |
| mtnd3w | you should open a new client if you want it to be private | May 23 15:52 |
| schestowitz | ReverseGTR: not really. Just the OT stuff | May 23 15:52 |
| oiaohm | More we should have setup a locked channel we have been lazy mtnd3w | May 23 15:52 |
| ReverseGTR | oiaohm, does that mean we are getting booted, or maybe banned? | May 23 15:53 |
| oiaohm | invite only ReverseGTR | May 23 15:54 |
| oiaohm | Only people invited can access the channel basically. | May 23 15:54 |
| *oiaohm has quit (Remote closed the connection) | May 23 15:58 | |
| *Channel #boycottnovell-social modes: +tnc | May 23 15:59 | |
| *Channel #boycottnovell-social created on Mon Mar 16 01:21:47 2009 | May 23 15:59 | |
| mtnd3w | alright guys, good luck! | May 23 16:00 |
| *mtnd3w (n=squid@cpe-74-65-216-135.nyc.res.rr.com) has left #boycottnovell-social ("Leaving") | May 23 16:00 | |
| schestowitz | OK | May 23 16:00 |
| schestowitz | He's gone | May 23 16:00 |
| schestowitz | Could be the attacker AFAIK | May 23 16:01 |
| schestowitz | So basically the site is down | May 23 16:02 |
| _Hicham_ | #boycottnovell-secret | May 23 16:02 |
| *ReverseGTR has quit ("Leaving") | May 23 16:02 | |
| _Hicham_ | what about that one? | May 23 16:02 |
| schestowitz | No, no need | May 23 16:02 |
| schestowitz | I just need to figure out how to op it | May 23 16:02 |
| _Hicham_ | why no need? | May 23 16:02 |
| schestowitz | The potential spy is gone | May 23 16:03 |
| schestowitz | Anyway, I'm not sure what to do about it now | May 23 16:03 |
| schestowitz | I can't even SSH to the server now | May 23 16:08 |
| schestowitz | It's like it blew up or something | May 23 16:09 |
| schestowitz | Anyway, Boycott Novell is still under occasional DDoS attacks. Latest one started over an hour ago. The police is utterly useless. | May 23 16:11 |
| schestowitz | I can't SSH | May 23 16:11 |
| schestowitz | And I don't see my IP filtered | May 23 16:12 |
| schestowitz | Can you access it, anyone? | May 23 16:12 |
| MinceR | who do you want to op where? | May 23 16:15 |
| MinceR | also, if you want to keep a channel from appearing in whois, set it +s | May 23 16:16 |
| schestowitz | This one | May 23 16:16 |
| schestowitz | I have the password for it | May 23 16:16 |
| schestowitz | So it's registered AFAIK | May 23 16:16 |
| MinceR | you're the founder so you should be able to op yourself | May 23 16:16 |
| MinceR | try /chanserv op #boycottnovell-social schestowitz | May 23 16:17 |
| *ChanServ gives channel operator status to schestowitz | May 23 16:17 | |
| schestowitz | Ah | May 23 16:17 |
| schestowitz | That was simple | May 23 16:17 |
| _Hicham_ | now ur in control | May 23 16:17 |
| schestowitz | Not of BN | May 23 16:18 |
| schestowitz | The site | May 23 16:18 |
| schestowitz | Here's the thing | May 23 16:18 |
| schestowitz | Just spilling my mind out | May 23 16:18 |
| schestowitz | This is frustrating | May 23 16:18 |
| *DaemonFC (n=chatzill@c-67-173-86-85.hsd1.in.comcast.net) has joined #boycottnovell-social | May 23 16:18 | |
| schestowitz | But we might as well realise that attack on the message is inevitable | May 23 16:18 |
| schestowitz | The police is pointless as far as this is concerned | May 23 16:19 |
| schestowitz | So as oiaohm put it, this is war | May 23 16:19 |
| schestowitz | Not physical | May 23 16:19 |
| schestowitz | And the lawless world of zombies is here to stay | May 23 16:19 |
| schestowitz | I can't access the server right now | May 23 16:19 |
| schestowitz | Actually, I can access the server but not the VM | May 23 16:19 |
| schestowitz | So I can't install or debug | May 23 16:19 |
| DaemonFC | because they don't feel it's worth the effort to track down the person behind it | May 23 16:19 |
| schestowitz | We might try Untangle (thanks, _Hicham_ ) and maybe snort | May 23 16:20 |
| schestowitz | I know both tools | May 23 16:20 |
| DaemonFC | who is probably is some backwater lawless country anyway | May 23 16:20 |
| schestowitz | But I never used them | May 23 16:20 |
| schestowitz | DaemonFC: yes, unless you're some policitcian | May 23 16:20 |
| schestowitz | Then, they *might* bother | May 23 16:20 |
| schestowitz | Can you get a response from BN.com? | May 23 16:21 |
| schestowitz | I can't from both IPs that I use | May 23 16:21 |
| schestowitz | Londona dn Manc | May 23 16:21 |
| DaemonFC | no | May 23 16:21 |
| schestowitz | *and | May 23 16:22 |
| schestowitz | They get their way | May 23 16:22 |
| DaemonFC | are they just flooding your bandwidth or overloading the server with bogus requests? | May 23 16:22 |
| schestowitz | I don't know | May 23 16:23 |
| schestowitz | Outside the VM is't calm | May 23 16:24 |
| schestowitz | They tested the water yesterday | May 23 16:24 |
| schestowitz | Then sodded off after a short while | May 23 16:24 |
| schestowitz | Seems like they took down the VNed site. | May 23 16:29 |
| *_Hicham_ (n=hicham@wana-135-245-12-196.wanamaroc.com) has left #boycottnovell-social | May 23 18:14 | |
| schestowitz | The last attack took place around 3pm my time (GMT) and we will probably need to try snort or untangle and some people advised us. | May 23 19:43 |
| schestowitz | We need to be suspicious of those whom we don't know ATM | May 23 21:16 |
| schestowitz | DDOS attack still there. | May 23 21:16 |
| *DaemonFC_ (n=chatzill@c-67-173-86-85.hsd1.in.comcast.net) has joined #boycottnovell-social | May 23 22:24 | |
| *DaemonFC has quit (Nick collision from services.) | May 23 22:25 | |
| *DaemonFC_ is now known as DaemonFC | May 23 22:25 | |
| *tacone (i=975106f2@gateway/web/ajax/mibbit.com/x-6d1739528af8be4a) has joined #boycottnovell-social | May 23 23:41 | |
| tacone | what's up with the DOSes ? | May 23 23:42 |
| schestowitz | tessier fixed it | May 23 23:43 |
| schestowitz | I don't know if he changed anything | May 23 23:43 |
| schestowitz | top - 07:28:56 up 2 days, 10:00, 1 user, load average: 52.50, 46.74, 35.75 | May 23 23:44 |
| schestowitz | Tasks: 116 total, 10 running, 105 sleeping, 0 stopped, 1 zombie | May 23 23:44 |
| schestowitz | Cpu(s): 83.2%us, 6.9%sy, 0.0%ni, 0.0%id, 9.9%wa, 0.0%hi, 0.0%si, 0.0%st | May 23 23:44 |
| schestowitz | Mem: 1048576k total, 1038516k used, 10060k free, 1536k buffers | May 23 23:44 |
| schestowitz | Swap: 0k total, 0k used, 0k free, 23504k cached | May 23 23:44 |
| schestowitz | PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND | May 23 23:44 |
| schestowitz | 1 root 18 0 10344 112 12 S 0.5 0.0 0:16.87 init | May 23 23:44 |
| schestowitz | 32553 apache 16 0 250m 32m 1696 D 0.2 3.2 0:08.30 httpd | May 23 23:44 |
| schestowitz | 32465 apache 16 0 242m 24m 1412 D 0.1 2.4 0:15.13 httpd | May 23 23:44 |
| schestowitz | 32288 apache 16 0 250m 32m 1448 D 0.1 3.2 0:23.42 httpd | May 23 23:44 |
| schestowitz | 32398 apache 16 0 246m 28m 1412 D 0.1 2.8 0:13.07 httpd | May 23 23:44 |
| schestowitz | 32651 apache 16 0 242m 24m 1468 D 0.1 2.4 0:05.57 httpd | May 23 23:44 |
| schestowitz | 32603 apache 16 0 246m 28m 1452 D 0.1 2.7 0:06.96 httpd | May 23 23:44 |
| schestowitz | 10902 apache 16 0 257m 38m 1392 D 0.1 3.8 4:20.95 httpd | May 23 23:44 |
| schestowitz | 32368 apache 16 0 250m 32m 1448 D 0.1 3.2 0:18.59 httpd | May 23 23:44 |
| schestowitz | 32654 apache 16 0 242m 24m 1468 D 0.1 2.4 0:04.65 httpd | May 23 23:44 |
| schestowitz | 32316 apache 16 0 250m 32m 1436 D 0.1 3.2 0:21.08 httpd | May 23 23:44 |
| schestowitz | 32390 apache 16 0 250m 32m 1412 D 0.1 3.2 0:17.29 httpd | May 23 23:44 |
| schestowitz | 32514 apache 16 0 250m 32m 1392 D 0.1 3.2 0:11.87 httpd | May 23 23:44 |
| tacone | sigh | May 23 23:44 |
| schestowitz | I'll get some sleep anyway | May 23 23:44 |
| schestowitz | Many posts tomorrow | May 23 23:44 |
| tacone | ok, gn | May 23 23:44 |
| tacone | keep up the good work | May 23 23:44 |
| schestowitz | I'll try | May 23 23:45 |
| schestowitz | It's demoralising these things | May 23 23:45 |
| schestowitz | Ruin one's day | May 23 23:45 |
| schestowitz | Makes one thing what if I quit | May 23 23:45 |
| schestowitz | That would have them win anyway | May 23 23:45 |
| schestowitz | I won't let them | May 23 23:45 |
| tacone | :) | May 23 23:50 |
| *tacone has quit ("http://www.mibbit.com ajax IRC Client") | May 24 00:25 | |
| *oiaohm (n=oiaohm@unaffiliated/oiaohm) has joined #boycottnovell-social | May 24 00:32 | |
| oiaohm | Is the attack still on running? | May 24 00:34 |
| *_Hicham_ (n=hicham@wana-135-245-12-196.wanamaroc.com) has joined #boycottnovell-social | May 24 00:37 | |
| *_Hicham_ (n=hicham@wana-135-245-12-196.wanamaroc.com) has left #boycottnovell-social | May 24 01:38 | |
| *mib_iqvpen (i=442fe926@gateway/web/ajax/mibbit.com/x-a62d9acce24a9b59) has joined #boycottnovell-social | May 24 04:03 | |
| schestowitz | I think it stopped for now | May 24 04:44 |
| *mib_iqvpen has quit ("http://www.mibbit.com ajax IRC Client") | May 24 05:26 | |
| oiaohm | we have to watch the timings. | May 24 05:38 |
| oiaohm | Little word of advice don't tell us in advance when you are going to write up a post. Just incase attacker is watching for it. | May 24 05:39 |
| schestowitz | Thanks | May 24 05:39 |
| schestowitz | So I should post silently? | May 24 05:39 |
| schestowitz | I have about 12 more posts coming | May 24 05:39 |
| schestowitz | I'm on a roll. | May 24 05:39 |
| oiaohm | Post silently after they up then tell us. | May 24 05:39 |
| schestowitz | OK.. :-) | May 24 05:40 |
| oiaohm | This way attacker cannot be trying to block. | May 24 05:40 |
| schestowitz | BTW, Tracy installed no new software | May 24 05:40 |
| oiaohm | I would be sneakyer stay /away status | May 24 05:40 |
| schestowitz | I think we are sensitive to the same type of attack as before | May 24 05:40 |
| oiaohm | While posting | May 24 05:40 |
| schestowitz | I did, however, pass him your advice | May 24 05:40 |
| schestowitz | re: Snort | May 24 05:40 |
| schestowitz | He's a sysadmin | May 24 05:40 |
| oiaohm | Tools are tools. | May 24 05:40 |
| oiaohm | He is free to use what ever suits. | May 24 05:41 |
| schestowitz | Yes, I know | May 24 05:41 |
| oiaohm | I don't have the data so I cannot pick perfectly. | May 24 05:41 |
| schestowitz | Another friend of mine sent him scripts | May 24 05:41 |
| schestowitz | Each person has a stash of scripts | May 24 05:41 |
| schestowitz | Me included | May 24 05:41 |
| schestowitz | But I never do firewalling | May 24 05:41 |
| oiaohm | Nothing annoys them worse than losing. | May 24 05:41 |
| schestowitz | The VM ran out of memory | May 24 05:41 |
| schestowitz | So he says | May 24 05:41 |
| schestowitz | So it 'blew up' | May 24 05:42 |
| schestowitz | As you say, this is war | May 24 05:42 |
| oiaohm | Linux does not like being out of memory. | May 24 05:42 |
| schestowitz | I enjoyed it when it wasn't a factor | May 24 05:42 |
| oiaohm | The attacker by normal adverages will be back another 2 times. | May 24 05:43 |
| oiaohm | Before giving up. | May 24 05:43 |
| oiaohm | They did not get account suspended this time. That would upset them. | May 24 05:43 |
| schestowitz | hehe. | May 24 05:51 |
| schestowitz | Wait | May 24 05:51 |
| schestowitz | Is this a normal procedure? | May 24 05:51 |
| schestowitz | Trying to causse trouble with hoasting | May 24 05:51 |
| schestowitz | As in, permanent trouble? | May 24 05:51 |
| schestowitz | I ask because Groklaw wrote about it | May 24 05:51 |
| schestowitz | They guessed right about the ISP and PJ knew I was DDOSed. I'm quite close to her.. | May 24 05:51 |
| oiaohm | They try to force the host to take you off line. | May 24 05:54 |
| oiaohm | So they don't have to maintain the attack and hopefully you will have to pay more so they might get you off line completely is the idea. | May 24 05:55 |
| oiaohm | PJ has been on the end of DDOS attacks before. | May 24 05:55 |
| oiaohm | These days that site gets left alone. As yours will once they work that it is point less and you are just getting more advertising because of there attacks. | May 24 05:56 |
| oiaohm | I wish they would think about the incerent people they harm doing DDOS attacks. | May 24 05:57 |
| schestowitz | She was? She tried to deny it | May 24 06:05 |
| schestowitz | An articles about GL DDoSed? | May 24 06:05 |
| oiaohm | She is fine to. | May 24 06:06 |
| oiaohm | Most people deny it happens. It annoys the attackers the most. | May 24 06:07 |
| oiaohm | Then went to all this effort and you just think it was normal high load. | May 24 06:07 |
| oiaohm | then/they | May 24 06:07 |
| oiaohm | Some attackers are after attention. So best way to annoy that type is deny it. | May 24 06:08 |
| schestowitz | I see. | May 24 06:10 |
| schestowitz | Interesting. | May 24 06:10 |
| oiaohm | More popular your site the more likely it will have to live through a ddos attack. | May 24 06:12 |
| oiaohm | They never bother hitting sites with no users. What would be the point in that. | May 24 06:13 |
| oiaohm | Its also sometimes how to draw the attack out in the open by deny it. | May 24 06:15 |
| oiaohm | Ie they must get credit for what they did so the publish. | May 24 06:16 |
| oiaohm | I really did not explain well enough to you why I was saying no matter what you don't get ddos attacked. | May 24 06:16 |
| oiaohm | Basically anything that does not give them credit of doing anything is used instead. | May 24 06:17 |
| oiaohm | Spin is one of your weapons against ddos attacks. | May 24 06:18 |
| schestowitz | I see. | May 24 06:24 |
| schestowitz | How did you know about Groklaw? | May 24 06:24 |
| oiaohm | Past live hunting down attackers | May 24 06:26 |
| oiaohm | Before there were as many ways to relay and hide paths. | May 24 06:26 |
| oiaohm | Tor and open relays and bots out there these days make it extreamly hard to find the attacker. | May 24 06:27 |
| oiaohm | Also there were better deals back then between system admin to activate protective scripts at there servers so attacked server would not get the load. | May 24 06:29 |
| *DaemonFC has quit ("ChatZilla 0.9.84 [SeaMonkey 2.0b1pre/20090522003217]") | May 24 08:28 | |
| *Goblin (n=tim2@94-193-188-104.zone7.bethere.co.uk) has joined #boycottnovell-social | May 24 08:44 | |
| *Goblin has quit ("Lost terminal") | May 24 10:45 | |
| *oiaohm has quit (Remote closed the connection) | May 24 11:38 | |
| *oiaohm (n=oiaohm@unaffiliated/oiaohm) has joined #boycottnovell-social | May 24 12:07 | |
| *oiaohm has quit (Remote closed the connection) | May 24 15:28 | |
| *DaemonFC (n=chatzill@c-67-173-86-85.hsd1.in.comcast.net) has joined #boycottnovell-social | May 24 16:37 | |
| *DaemonFC has quit ("ChatZilla 0.9.84 [SeaMonkey 2.0b1pre/20090524001512]") | May 24 18:43 | |
| *oiaohm (n=oiaohm@unaffiliated/oiaohm) has joined #boycottnovell-social | May 24 22:29 | |
| *oiaohm has quit (Remote closed the connection) | May 25 00:24 | |
| *oiaohm (n=oiaohm@125.136.dsl.brs.iprimus.net.au) has joined #boycottnovell-social | May 25 07:49 | |
| *oiaohm has quit (Remote closed the connection) | May 25 16:52 | |
| *oiaohm (n=oiaohm@unaffiliated/oiaohm) has joined #boycottnovell-social | May 26 00:50 | |
| *oiaohm has quit (Remote closed the connection) | May 26 15:22 | |
| **** BEGIN LOGGING AT Tue May 26 23:29:24 2009 | ||
| *Now talking on #boycottnovell-social | May 26 23:29 | |
| *Topic for #boycottnovell-social is: Communication about anything, including Microsoft, Novell, and Free software [publicly logged] | May 26 23:29 | |
| *Topic for #boycottnovell-social set by schestowitz at Mon Mar 16 02:04:07 2009 | May 26 23:29 | |
| *oiaohm (n=oiaohm@unaffiliated/oiaohm) has joined #boycottnovell-social | May 27 08:56 | |
| *oiaohm has quit (Remote closed the connection) | May 27 15:18 | |
| schestowitz | I'm finding out if we can get Free softwre-only ads in BN. | May 27 18:14 |
| schestowitz | "Sorry for bothering you, I was just wondering if there's some progress regarding Ad Bard. We recently got DDoSed about 5 times (with downtimes) and the new host, which is pretty much dedicated (no under choice under DDoS risk) could use ad money, if only to just to keep the site online." | May 27 18:14 |
| *ChanServ gives channel operator status to schestowitz | May 27 18:14 | |
| *Balrog_ has quit (Read error: 113 (No route to host)) | May 27 20:59 | |
| *Balrog (n=BRBT@livecd.ist.temple.edu) has joined #boycottnovell-social | May 27 21:05 | |
| *oiaohm (n=oiaohm@unaffiliated/oiaohm) has joined #boycottnovell-social | May 28 00:53 | |
| *oiaohm has quit (Remote closed the connection) | May 28 00:57 | |
| *oiaohm (n=oiaohm@unaffiliated/oiaohm) has joined #boycottnovell-social | May 28 08:01 | |
| *catalytic (n=catalyti@ppp121-45-162-226.lns11.adl2.internode.on.net) has joined #boycottnovell-social | May 28 11:04 | |
| *catalytic (n=catalyti@ppp121-45-162-226.lns11.adl2.internode.on.net) has left #boycottnovell-social ("Leaving") | May 28 11:10 | |
| schestowitz | f/chan info | May 28 15:43 |
| *oiaohm has quit (Remote closed the connection) | May 28 19:04 | |
| *MinceR_ (n=mincer@unaffiliated/mincer) has joined #boycottnovell-social | May 29 02:03 | |
| *MinceR has quit (Read error: 110 (Connection timed out)) | May 29 02:18 | |
| *oiaohm (n=oiaohm@unaffiliated/oiaohm) has joined #boycottnovell-social | May 29 05:09 | |
| *MinceR (n=mincer@unaffiliated/mincer) has joined #boycottnovell-social | May 29 08:54 | |
| *MinceR_ has quit (Read error: 110 (Connection timed out)) | May 29 09:10 | |
| schestowitz | I think we're DDOSed again | May 29 12:46 |
| schestowitz | loan 36 | May 29 12:46 |
| schestowitz | And one of the Novell shills and BN haters showed up in IRC at the same time. | May 29 12:46 |
| schestowitz | (Since 2 years ago) | May 29 12:47 |
| schestowitz | I think it might be under control now | May 29 12:48 |
| oiaohm | Supprised they have not quit. | May 29 12:54 |
| oiaohm | But all the other ddos attacks had a person connected on mibbit.com as well. | May 29 12:54 |
| oiaohm | I am getting that felling person is liking watching panic. | May 29 12:55 |
| schestowitz | It's probably not the same person though | May 29 12:56 |
| oiaohm | Basically its been a trend schestowitz. | May 29 12:56 |
| schestowitz | http://www.google.com/search?hl=en&rlz=1B5GGGL_enGB315GB316&c2coff=1&q=site%3Aboycottnovell.com+eet&btnG=Search&aq=f&oq=&aqi= | May 29 12:56 |
| schestowitz | Eet would be exposed too easily | May 29 12:56 |
| oiaohm | Lets see if trend repeats. | May 29 12:57 |
| oiaohm | It would be stupid if the attacker is watching. | May 29 12:57 |
| oiaohm | But I have seen dumb ones like that before. | May 29 12:57 |
| schestowitz | Yeah, esp. under real name | May 29 12:57 |
| schestowitz | I know who this person is | May 29 12:58 |
| schestowitz | Maybe he knows who is behind this | May 29 12:58 |
| oiaohm | This is why trends are worth while checking on. | May 29 12:59 |
| oiaohm | May not be the attacker but might be someone close. | May 29 12:59 |
| schestowitz | Yeah. | May 29 12:59 |
| schestowitz | I got some info | May 29 12:59 |
| oiaohm | Also we would need the ip. | May 29 12:59 |
| oiaohm | Some of these attackers will take other peoples names. | May 29 12:59 |
| oiaohm | When monitorings. | May 29 13:00 |
| schestowitz | This is probably not any help, but I had to do it anyway. [...] Long time ago I wrote a how to on setting up Tor and privoxy, that was added to the mepislovers wiki. Not sure it is still there in the wiki or not, but it would be outdated and useless by now anyway. These days its just easier to use anonymouse.com than to bother with tor, mostly I never need it anyway. Unless I was going surf a M$ shill site, that is. Ok, no | May 29 13:01 |
| schestowitz | w to get the the point. I researched diablod3 in google and came up with the name http://technorati.com/people/technorati/diablod3 diablod3 (Patrick McFarland) None of this is proof of course, and it could be a setup, but mostly criminals and lowlifes are stupid, is my opinion. The google for Patrick McFarland however turned up some interesting results. http://archives.seul.org/or/dev/Aug-2004/msg00033.html this is all about | May 29 13:01 |
| schestowitz | privoxy and ddos attacks, interesting? this could be the guy. Patrick "Diablo-D3" McFarland || diablod3@gmail.com http://www.linkedin.com/pub/dir/patrick/mcfarland don't see one employed by Novell, but MS and Dell yes, doubt its either of them. http://www.linkedin.com/in/patrickmcfarland (the ms one, somewhat interesting) Be careful with this, its not enough, and can make you libel. http://www.freesoftwaremagazine.com/colum | May 29 13:01 |
| schestowitz | ns/inside_the_mind_of_the_enemy_the_business_analyst#comments about halfway down this last link, is a link to his "other blog" which is: http://adterrasperaspera.com/ the first story on this site is: Boycott Novell attacks itself to get attention | May 29 13:01 |
| oiaohm | Once you can work out a linked pattern. Police and law enforcement can setup sting to back trace. | May 29 13:05 |
| oiaohm | Reason why I class trends as interesting. Particularly when they are repeating trends. | May 29 13:05 |
| MinceR | i didn't know Diablo-D3 was a m$ shill, but now i know | May 29 13:10 |
| oiaohm | Maybe MinceR | May 29 13:10 |
| oiaohm | Not solid evidence that he is working for MS. | May 29 13:11 |
| MinceR | maybe he's just full of shit. | May 29 13:22 |
| oiaohm | There are some insane MS fans out there not paided by MS. | May 29 13:27 |
| oiaohm | Just like there are some insane open source fans. | May 29 13:28 |
| oiaohm | Makes life hard for people like me who try not to choose either side. But the right item for the job. | May 29 13:28 |
| MinceR | i'd argue the item that causes its user to be liable to be sued for patent infringement is rarely the right item for the job. | May 29 13:30 |
| MinceR | unless the job is trying to get yourself sued. | May 29 13:30 |
| schestowitz | Yes | May 29 13:38 |
| schestowitz | Pretty much so.. | May 29 13:38 |
| oiaohm | Anything with legal risks is normally not the right item for job. | May 29 13:56 |
| *oiaohm has quit (Remote closed the connection) | May 29 15:06 | |
| schestowitz | It's not confirmed we were DDOSed | May 29 21:28 |
| schestowitz | The fireall worked though | May 29 21:28 |
| schestowitz | So we expelled the attackers | May 29 21:28 |
| schestowitz | looks like the site survived just fine. | May 29 21:34 |
| schestowitz | <tessier> Wow, tons of packets bouncing off the firewall. Those iptables rules I put in work amazingly well. | May 29 21:34 |
| schestowitz | <tessier> There is an initial surge in load for a few minutes as all of the bots involved in the DOS make themselves known and hit the server but as they each reach the connection limit they get blocked out. | May 29 21:34 |
| schestowitz | <tessier> So after a few minutes things return to normal. | May 29 21:34 |
| schestowitz | <schestowitz> Haha! | May 29 21:34 |
| schestowitz | <schestowitz> Excellent. | May 29 21:34 |
| schestowitz | <schestowitz> Thanks so much | May 29 21:34 |
| schestowitz | <tessier> Looks like it started at 5:00am PDT. The system ran out of memory. One (of many) httpd processes got killed off. Within seconds packets started getting dropped by the firewall. Looks like it has been going on ever since but it is unnoticeable now. | May 29 21:34 |
| schestowitz | <tessier> Oops...there is no swap space configured on the box. That is how it was able to run out of memory so easily. Weird. I'll fix that... | May 29 21:34 |
| schestowitz | <schestowitz> Oh, I wondered about it | May 29 21:34 |
| schestowitz | <schestowitz> Yes, 5 your time was about right | May 29 21:34 |
| schestowitz | <tessier> My kickstart should have created some swap. I'll have to look into why that didn't get set up automatically. | May 29 21:34 |
| schestowitz | <schestowitz> 1pm gmt | May 29 21:34 |
| schestowitz | <schestowitz> 12.46 | May 29 21:34 |
| schestowitz | <schestowitz> ish | May 29 21:34 |
| schestowitz | <tessier> There ya go. 8G of swap added on the fly with no downtime. This AoE SAN and Xen stuff is really cool. :) | May 29 21:58 |
| schestowitz | <schestowitz> Thanks! Excellent. | May 29 21:58 |
| schestowitz | Next month I hope to do heaps of Comes. Like EDGI. | May 29 21:59 |
| schestowitz | So I could make some big pages for exclusive stories. | May 29 21:59 |
| *oiaohm (n=oiaohm@unaffiliated/oiaohm) has joined #boycottnovell-social | May 30 04:19 | |
| schestowitz | We got DDOSed yesterday. Defeated it though... | May 30 12:59 |
| schestowitz | I think you heard, oiaohm | May 30 13:00 |
| oiaohm | I was here. | May 30 13:01 |
| schestowitz | I later posted a prognosis | May 30 13:24 |
| schestowitz | The script beat them | May 30 13:24 |
| *oiaohm has quit (Remote closed the connection) | May 30 15:48 | |
| *oiaohm (n=oiaohm@unaffiliated/oiaohm) has joined #boycottnovell-social | May 31 00:05 | |
| schestowitz | Next week there will be an announcement about my site joining an advertising network. I'll tell you how that goes... | May 31 00:25 |
| MinceR | and how long do we plan on keeping TrollFC around? | May 31 00:29 |
| schestowitz | I consider letting him go | May 31 06:46 |
| schestowitz | A lot of the time he wastes people's time | May 31 06:46 |
| oiaohm | I enjoy him for something different. | May 31 07:03 |
| oiaohm | But that is just me. | May 31 07:03 |
| *oiaohm has quit (Remote closed the connection) | May 31 15:30 | |
| *oiaohm (n=oiaohm@unaffiliated/oiaohm) has joined #boycottnovell-social | May 31 23:01 | |
Generated by irclog2html.py 2.6 by Marius Gedminas - find it at mg.pov.lt!