librelist archives

« back to archive

Fwd: en mass DDos/ICMP ping on friendica

Fwd: en mass DDos/ICMP ping on friendica

From:
Richard Jasmin
Date:
2013-04-11 @ 00:25


-------- Original Message --------
Subject: 	en mass DDos/ICMP ping on friendica
Date: 	Wed, 10 Apr 2013 03:27:21 -0400
From: 	Richard Jasmin <frazzledjazz@gmail.com>
To: 	friendica@librelist.com



and then some just now on my DyDNS connection(firewalled off for safety
right now) [this is from apache2 logs]

[Wed Apr 10 01:56:17 2013] [error] [client 69.114.94.115] File does not
exist: /var/www/ping, referer:
http://sacredground.homenet.org/index.php?q=install
[Wed Apr 10 01:56:57 2013] [error] [client 69.114.94.115] File does not
exist: /var/www/ping, referer:
http://sacredground.homenet.org/index.php?q=install
[Wed Apr 10 01:57:37 2013] [error] [client 69.114.94.115] File does not
exist: /var/www/ping, referer:
http://sacredground.homenet.org/index.php?q=install
[Wed Apr 10 01:58:17 2013] [error] [client 69.114.94.115] File does not
exist: /var/www/ping, referer:
http://sacredground.homenet.org/index.php?q=install
[Wed Apr 10 01:58:57 2013] [error] [client 69.114.94.115] File does not
exist: /var/www/ping, referer:
http://sacredground.homenet.org/index.php?q=install
[Wed Apr 10 01:59:26 2013] [alert] [client 69.114.94.115]
/var/www/.htaccess: Invalid command 'ExpiresActive', perhaps misspelled
or defined by a module not included in the server configuration,
referer: http://sacredground.homenet.org/index.php?q=install
[Wed Apr 10 02:00:11 2013] [error] [client 69.114.94.115] File does not
exist: /var/www/install
[Wed Apr 10 02:00:12 2013] [error] [client 69.114.94.115] File does not
exist: /var/www/ping, referer:
http://sacredground.homenet.org/index.php?q=install
[Wed Apr 10 02:00:52 2013] [error] [client 69.114.94.115] File does not
exist: /var/www/ping, referer:
http://sacredground.homenet.org/index.php?q=install
[Wed Apr 10 02:01:32 2013] [error] [client 69.114.94.115] File does not
exist: /var/www/ping, referer:
http://sacredground.homenet.org/index.php?q=install
[Wed Apr 10 02:02:12 2013] [error] [client 69.114.94.115] File does not
exist: /var/www/ping, referer:
http://sacredground.homenet.org/index.php?q=install
[Wed Apr 10 02:02:52 2013] [error] [client 69.114.94.115] File does not
exist: /var/www/ping, referer:
http://sacredground.homenet.org/index.php?q=install
[Wed Apr 10 02:03:32 2013] [error] [client 69.114.94.115] File does not
exist: /var/www/ping, referer:
http://sacredground.homenet.org/index.php?q=install
[Wed Apr 10 02:03:48 2013] [error] [client 69.114.94.115] File does not
exist: /var/www/install
[Wed Apr 10 02:03:50 2013] [error] [client 69.114.94.115] File does not
exist: /var/www/ping, referer:
http://sacredground.homenet.org/index.php?q=install
[Wed Apr 10 02:04:30 2013] [error] [client 69.114.94.115] File does not
exist: /var/www/ping, referer:
http://sacredground.homenet.org/index.php?q=install
[Wed Apr 10 02:05:10 2013] [error] [client 69.114.94.115] File does not
exist: /var/www/ping, referer:
http://sacredground.homenet.org/index.php?q=install
[Wed Apr 10 02:05:50 2013] [error] [client 69.114.94.115] File does not
exist: /var/www/ping, referer:
http://sacredground.homenet.org/index.php?q=install
[Wed Apr 10 02:06:30 2013] [error] [client 69.114.94.115] File does not
exist: /var/www/ping, referer:
http://sacredground.homenet.org/index.php?q=install
[Wed Apr 10 02:07:10 2013] [error] [client 69.114.94.115] File does not
exist: /var/www/ping, referer:
http://sacredground.homenet.org/index.php?q=install
[Wed Apr 10 02:07:50 2013] [error] [client 69.114.94.115] File does not
exist: /var/www/ping, referer:
http://sacredground.homenet.org/index.php?q=install
[Wed Apr 10 02:08:30 2013] [error] [client 69.114.94.115] File does not
exist: /var/www/ping, referer:
http://sacredground.homenet.org/index.php?q=install
[Wed Apr 10 02:09:10 2013] [error] [client 69.114.94.115] File does not
exist: /var/www/ping, referer:
http://sacredground.homenet.org/index.php?q=install
[Wed Apr 10 02:09:30 2013] [error] [client 69.114.94.115] File does not
exist: /var/www/install
[Wed Apr 10 02:09:32 2013] [error] [client 69.114.94.115] File does not
exist: /var/www/ping, referer:
http://sacredground.homenet.org/index.php?q=install
[Wed Apr 10 02:10:12 2013] [error] [client 69.114.94.115] File does not
exist: /var/www/ping, referer:
http://sacredground.homenet.org/index.php?q=install
[Wed Apr 10 02:10:50 2013] [error] [client 69.114.94.115] File does not
exist: /var/www/install
[Wed Apr 10 02:10:52 2013] [error] [client 69.114.94.115] File does not
exist: /var/www/ping, referer: http://sacredground.homenet.org/index.php
[Wed Apr 10 02:11:32 2013] [error] [client 69.114.94.115] File does not
exist: /var/www/ping, referer: http://sacredground.homenet.org/index.php
[Wed Apr 10 02:12:12 2013] [error] [client 69.114.94.115] File does not
exist: /var/www/ping, referer: http://sacredground.homenet.org/index.php
[Wed Apr 10 02:12:52 2013] [error] [client 69.114.94.115] File does not
exist: /var/www/ping, referer: http://sacredground.homenet.org/index.php
[Wed Apr 10 02:13:32 2013] [error] [client 69.114.94.115] File does not
exist: /var/www/ping, referer: http://sacredground.homenet.org/index.php
[Wed Apr 10 02:14:12 2013] [error] [client 69.114.94.115] File does not
exist: /var/www/ping, referer: http://sacredground.homenet.org/index.php
[Wed Apr 10 02:14:52 2013] [error] [client 69.114.94.115] File does not
exist: /var/www/ping, referer: http://sacredground.homenet.org/index.php
[Wed Apr 10 02:15:32 2013] [error] [client 69.114.94.115] File does not
exist: /var/www/ping, referer: http://sacredground.homenet.org/index.php
[Wed Apr 10 02:16:12 2013] [error] [client 69.114.94.115] File does not
exist: /var/www/ping, referer: http://sacredground.homenet.org/index.php


I had to remove the packages on mint32 and reboot in a hurry, but Im
getting slammed from french servers running, as if they too are getting
hit(and manipulated). This happened configuring mod_rewrite to work, and
I noticed my configs had to be changed all of a sudden as they were
getting editied on me. Im due for a reformat to fix the apache issue but
will attempt with the VM for now in meanwhile.

I have not had this issue running anything CMS before, locally or
remotely. And nobody in thier right mind puts the ping binary in the
root of a webserver. Its /usr/bin, /usr/sbin or /bin, /sbin. ICMP is
filtered by my routers.

Trying to bring a NY node up. Appears FB was not lying about spam and
flooding, however, Im ready to sue them for unlawfully blocking my
accounts.Im done with FB.


-Rich


Re: [friendica] Fwd: en mass DDos/ICMP ping on friendica

From:
Mike Macgirvin
Date:
2013-04-11 @ 00:34
Rewrite is required - and this message indicates that rewrite is not 
working. If it were it would call the ping module from Friendica 
(mod/ping.php) which provides updated counts of notifications.

This is not an ICMP ping - and is hardly a DDoS as you will notice the 
ping requests are made at roughly 40 second intervals.

Re: [friendica] Fwd: en mass DDos/ICMP ping on friendica

From:
Richard Jasmin
Date:
2013-04-11 @ 01:02
Thats the point, I cant get it to work by any means. Ive edited the 
mod_rewrite for apace, and the virtual interface files and cant get it 
work at all. The module is installed and apache was restarted several times.

On 04/10/2013 08:34 PM, Mike Macgirvin wrote:
> Rewrite is required - and this message indicates that rewrite is not
> working. If it were it would call the ping module from Friendica
> (mod/ping.php) which provides updated counts of notifications.
>
> This is not an ICMP ping - and is hardly a DDoS as you will notice the
> ping requests are made at roughly 40 second intervals.
>

Re: [friendica] Fwd: en mass DDos/ICMP ping on friendica

From:
Mike Macgirvin
Date:
2013-04-11 @ 01:42
> Thats the point, I cant get it to work by any means. Ive edited the
> mod_rewrite for apace, and the virtual interface files and cant get it
> work at all. The module is installed and apache was restarted several times.

Have a look at the AllowOverride setting for that directory (should be 
"All" and is often default "none"). It appears that AllowOverride was 
working at one point but there was an error about 'ExpiresActive' which 
is not in the Friendica code.

Re: [friendica] Fwd: en mass DDos/ICMP ping on friendica

From:
Richard Jasmin
Date:
2013-04-11 @ 03:09
On 04/10/2013 09:42 PM, Mike Macgirvin wrote:
>> Thats the point, I cant get it to work by any means. Ive edited the
>> mod_rewrite for apace, and the virtual interface files and cant get it
>> work at all. The module is installed and apache was restarted several times.
> Have a look at the AllowOverride setting for that directory (should be
> "All" and is often default "none"). It appears that AllowOverride was
> working at one point but there was an error about 'ExpiresActive' which
> is not in the Friendica code.
>
Yep. When I removed it, the things started going nuts and didnt reset 
the rewrite output to 'working ok'.