Imature linux zealots and attacks... - SCO

This is a discussion on Imature linux zealots and attacks... - SCO ; Hello, Ever since the post about the filing on Apr 21, my systems have been under attack. It is coming from over 3000 ip addresses and has made it almost impossible for people to download files from my ftp site. ...

+ Reply to Thread
Results 1 to 6 of 6

Thread: Imature linux zealots and attacks...

  1. Imature linux zealots and attacks...

    Hello,

    Ever since the post about the filing on Apr 21, my systems have been under
    attack. It is coming from over 3000 ip addresses and has made it almost
    impossible for people to download files from my ftp site. My site
    averages 700MB-1GB daily. Since this mess started the downloads are now
    about 20 MB. I limit the number of connections from an IP address. I am
    seeing over 400 connection attempts per IP per 10 minutes. That combined
    with various other attacks.

    It is really annoying. The attacks on http are coming from various linux
    browser/machines. Why are some linux zealots so... Some of us try to
    provide support for all Linux/UNIX OS's. To attack us because we
    support/assist others with SCO is really bad.

    Why can't these imature people allow us to co-exist? I have had a few
    emails asking me to lift the IP address ban because they need files from
    my machines. Sadly, I may have to prevent ftp access from any dynamic IP
    address because of these zealots.

    It would be a lot easier to block and then allow IP addresses if SCO had
    iptables for the OpenServer OS's. I use LKP for UnixWare 7.1.4. Sadly, I
    maybe forced to stop access to my machines for the few people that still
    keep their Open Source Packages on SCO OS's up to date, because, they can
    not connect from the same IP addresses and these attacks are effecting
    them as well. I guess the Linux Zealots are winning because they are
    achiving what they want. Stopping people from accessing anything SCO. It
    has been extremely difficult to work over the internet because all my
    bandwidth is being exhausted by these attacks.

    I understand why people post but that one post has caused me a ton of
    greef. It some of the bad apples from the Linux Community would realize
    they are doing more harm than good. What they are doing is showing how a
    small minority really need to grow up and get a life.

    I know this probably will not stop, the attacks but I really needed to
    vent. I have support Linux since it's very first internet/usenet release.
    So what these idiots are doing is showing the people that get things from
    my sites for linux as well are being hindered. When I explain to the
    people emailing me that it is coming from their own communitity, they are
    really assamed. I am too. I really dislike any group that does not have
    tolerence for others and their choices.

    Thanks for listening,

    --
    Boyd Gerber
    ZENEZ 1042 East Fort Union #135, Midvale Utah 84047


  2. Re: Imature linux zealots and attacks...

    Boyd Lynn Gerber wrote:
    > Hello,
    >
    > Ever since the post about the filing on Apr 21, my systems have been under
    > attack. It is coming from over 3000 ip addresses and has made it almost
    > impossible for people to download files from my ftp site. My site
    > averages 700MB-1GB daily. Since this mess started the downloads are now
    > about 20 MB. I limit the number of connections from an IP address. I am
    > seeing over 400 connection attempts per IP per 10 minutes. That combined
    > with various other attacks.
    >
    > It is really annoying. The attacks on http are coming from various linux
    > browser/machines. Why are some linux zealots so... Some of us try to
    > provide support for all Linux/UNIX OS's. To attack us because we
    > support/assist others with SCO is really bad.
    >
    > Why can't these imature people allow us to co-exist? I have had a few
    > emails asking me to lift the IP address ban because they need files from
    > my machines. Sadly, I may have to prevent ftp access from any dynamic IP
    > address because of these zealots.
    >
    > It would be a lot easier to block and then allow IP addresses if SCO had
    > iptables for the OpenServer OS's. I use LKP for UnixWare 7.1.4. Sadly, I
    > maybe forced to stop access to my machines for the few people that still
    > keep their Open Source Packages on SCO OS's up to date, because, they can
    > not connect from the same IP addresses and these attacks are effecting
    > them as well. I guess the Linux Zealots are winning because they are
    > achiving what they want. Stopping people from accessing anything SCO. It
    > has been extremely difficult to work over the internet because all my
    > bandwidth is being exhausted by these attacks.


    Can you put up a Squid proxy in front of your website, on a Linux box or other
    contemporary OS? I'd be happy to provide assistance in setting up such an
    instance. I've also been successfully using VMware to run OpenServer, and you
    could run the SCO OS in virtualization on a CentOS or RHEL host very easily.

    And this is NOT, NOT, NOT! typical of Linux zealots.

    > I understand why people post but that one post has caused me a ton of
    > greef. It some of the bad apples from the Linux Community would realize
    > they are doing more harm than good. What they are doing is showing how a
    > small minority really need to grow up and get a life.
    >
    > I know this probably will not stop, the attacks but I really needed to
    > vent. I have support Linux since it's very first internet/usenet release.
    > So what these idiots are doing is showing the people that get things from
    > my sites for linux as well are being hindered. When I explain to the
    > people emailing me that it is coming from their own communitity, they are
    > really assamed. I am too. I really dislike any group that does not have
    > tolerence for others and their choices.
    >
    > Thanks for listening,


    No problem. From the attack, it sounds like script kiddies. Can we be of
    further assistance in tracking the weasels? Do you have useful logs we can
    peruse for IP addresses near us, to help track the attacks back?

  3. Re: Imature linux zealots and attacks...

    On Sat, 26 Apr 2008, Nico Kadel-Garcia wrote:
    > Boyd Lynn Gerber wrote:
    > > It is really annoying. The attacks on http are coming from various
    > > linux browser/machines. Why are some linux zealots so... Some of us
    > > try to provide support for all Linux/UNIX OS's. To attack us because
    > > we support/assist others with SCO is really bad.


    It is was coming from some of the same IP's that broke into my systems a
    few years ago. I do not know if it is the same ones or not, because they
    trashed 3 systems. They over wrote 650-750 GB with "DIE SCO DIE SCO DIE
    SCO..."

    > > It would be a lot easier to block and then allow IP addresses if SCO
    > > had iptables for the OpenServer OS's. I use LKP for UnixWare 7.1.4.
    > > Sadly, I maybe forced to stop access to my machines for the few people
    > > that still keep their Open Source Packages on SCO OS's up to date,
    > > because, they can not connect from the same IP addresses and these
    > > attacks are effecting them as well. I guess the Linux Zealots are
    > > winning because they are achiving what they want. Stopping people
    > > from accessing anything SCO. It has been extremely difficult to work
    > > over the internet because all my bandwidth is being exhausted by these
    > > attacks.

    >
    > Can you put up a Squid proxy in front of your website, on a Linux box or
    > other contemporary OS? I'd be happy to provide assistance in setting up
    > such an instance. I've also been successfully using VMware to run
    > OpenServer, and you could run the SCO OS in virtualization on a CentOS
    > or RHEL host very easily.


    I do have proxies for some things. My OS is openSUSE 10.3 for
    virtualization. I also have a private Build Service. I am just upgrading
    it to 0.9.1 released today.

    > And this is NOT, NOT, NOT! typical of Linux zealots.


    It is from what I have seen. I just finished moving my 900 GB ftp archive
    to my OpenSUSE 10.3 box. My setup is as follows. 6 systems with various
    Linux Distro's one each for development. 8 virtual Systems (OpenSUSE
    factory, OpenServer 5.0.7, OpenServer 6, UnixWare 7.1.3, UnixWare 7.1.4,
    FreeDBD, NetBSD, Test Linux Distro). 3 machines one for each SCO OS.
    SlackWare, Fedora, CentOS, one of each of the Ubuntu, and 4 other linux
    distro's. So yes I am already running things virtual-lized. I have my
    own OpenSUSE BS. The are looing at changing the name. I do maintain a
    few Open Source Software packages for Linux. I am a very active member of
    the OpenSUSE community. So yes, I do know a bit about linux. I have been
    using it since Linus first released it.

    > > I understand why people post but that one post has caused me a ton of
    > > greef. It some of the bad apples from the Linux Community would realize
    > > they are doing more harm than good. What they are doing is showing how a
    > > small minority really need to grow up and get a life.
    > >
    > > I know this probably will not stop, the attacks but I really needed to
    > > vent. I have support Linux since it's very first internet/usenet release.
    > > So what these idiots are doing is showing the people that get things from
    > > my sites for linux as well are being hindered. When I explain to the
    > > people emailing me that it is coming from their own communitity, they are
    > > really assamed. I am too. I really dislike any group that does not have
    > > tolerence for others and their choices.

    >
    > No problem. From the attack, it sounds like script kiddies. Can we be of
    > further assistance in tracking the weasels? Do you have useful logs we can
    > peruse for IP addresses near us, to help track the attacks back?


    It is much more. They are using all bandwidth. It is crafted in such a
    way allow just enough to flood and keep my bandwith tied up. Saddly, I
    have had to suspend service to somethings at the momment. I have a lot of
    it automated. Moving most things to where I have iptables has allowed
    this, but the few people that use my machines for various Open Source
    Software are getting really upset. My bandwidth is really being taken.
    I have been forced to only allow 3 connections attempts per IP address per
    minute for ftp. SSH access to my machines is only via ssh keys. I do not
    allow any password logins. On the OS's that have IP tables, I use the
    following where ethX is the externel interface.

    iptables -A INPUT -p tcp --syn --dport 22 -i ethX -m recent --name
    sshattack --set
    iptables -A INPUT -m recent --name sshattack --rcheck --seconds 60
    --hitcount 3 -j LOG --log-prefix 'SSH attack: '
    iptables -A INPUT -m recent --name sshattack --rcheck --seconds 60
    --hitcount 3 -j DROP

    The above seems to get the script kiddies. It is interesting how they are
    adapting their attack on my systems, based on my defenses and changing of
    them.

    If you look at my DNS records you can get an idea of what OS's are on what
    IP address. Some machines are not available to the internet although I do
    own the entire class C 198.60.105.0. I did have 2 other class C networks
    but I allowed Xmission to take over them. I had at one time 3 class C
    networks with OS's on each IP available to be used over the internet for
    free. I now limit who has access for free.

    I have 250 HD's with various OS's and versions that I switch in to support
    the many UNIX and Linux OS's. I have online for use by request and
    meeting certain standards.

    So for final listing of what I have available. is as follows

    2 BSDs (Virtualized)
    6 Linux Distro's latest a machine each.
    6 SCO machines with 2 each of OpenServer 6, OpenServer 5.0.7, UnixWare
    7.1.4 (3 are virtualized)
    4 other UNIXs

    Virtualized OS's based on my customer needs. Saddly 3 MS machines with
    no direct internet access from the outside all Natted. I keep 8-20
    machine running daily for various development needs. Some machines
    varry based on what people/customer needs/request for usuage.

    You may say I am a big proponent of Open Source Software and it's usage.
    I do have some of the users of the various OS's monitoring things. That
    is why our current Black list is 8000 IP addresses, with dynamic IP's
    being added/removed per Iptables where possible. I wish I had IP tables
    for OpenServer 5.0.7 and OpenServer 6. I have not been able to get LKP to
    work on OpenServer 6. I just do not have all the peices. I do host lxrun
    ftp download. I just have not been able to get it to work with ipf to try
    and simulate iptables. I really wish SCO would release LKP for OpenServer
    6. Then this really would not be as big as an issue.

    I just had to let off steam from the last 3 days of round the clock moving
    tunning things.

    Thanks,


    --
    Boyd Gerber
    ZENEZ 1042 East Fort Union #135, Midvale Utah 84047

  4. Re: Imature linux zealots and attacks...

    I would like to make it clear that, I hold nothing against linux and our
    community. I do have a bone againest closed minded zealots of any kind.
    I know that who ever is doing this is in the minority and is imature. I
    want to appologize if I come across as anti linux or any other OS. I
    believe all OS's have their place and use. Even MS although I personally
    dislike a lot of the MS tatics. I know every group has it's bad apples.

    I was really upset because of emails, with personal attacks and threats,
    and what was happening to all my machines. All 12-20 machines have been
    under attack. It is being done by someone/s that is/are extremely
    experienced. They are changing based my defenses. The main purpose seems
    to be to limit access to things and use my bandwidth. It has been against
    all services. My ISP shows that traffice to/from the internet is pegged
    at the limits both ways. All though today has been a bit lighter.

    I know I should probably not ranted in public and I appologize. I wanted
    to some how get the word out to be careful what you post as there are
    people that use that information to do harm or distrube...

    Since the post, I have been getting calls and hang-ups at all hours of the
    day and night. I finally had to turn off my ringer. They are not so bad
    during the day. It just is at night. I really did not have my phone
    number any where, till it was posted in the documents.

    I do not believe in coincedence. The attacks from many different methods
    all started after the public records in the SCO case on 21 Apr 08 were
    made publiclly availaable. The calls started wed. They are about every
    10-20 minutes from 11:30 PM till 6:00 AM. I really do not believe this
    just some random act.

    So if I have in any way offended any one I apologize. I just really hate
    people that do tolerate others. I am very pregajusted against
    intolerence. I support any Linux/UNIX. I dislike MS, but I feel even
    their OS has a place. Thanks to everyone that has given me support and
    assistance. I want to thank all that have replied, both positive and
    negative. I have learned a few things as well.

    Thank you all.

    --
    Boyd Gerber
    ZENEZ 1042 East Fort Union #135, Midvale Utah 84047

  5. Re: Imature linux zealots and attacks...

    On Sun, 27 Apr 2008, Boyd Lynn Gerber wrote:
    > So if I have in any way offended any one I apologize. I just really hate
    > people that do tolerate others. I am very pregajusted against


    should have been do not tolerate others.

    > intolerence. I support any Linux/UNIX. I dislike MS, but I feel even
    > their OS has a place. Thanks to everyone that has given me support and
    > assistance. I want to thank all that have replied, both positive and
    > negative. I have learned a few things as well.




    --
    Boyd Gerber
    ZENEZ 1042 East Fort Union #135, Midvale Utah 84047

  6. Re: Imature linux zealots and attacks...



    On Sun, 27 Apr 2008, Boyd Lynn Gerber wrote:

    > I would like to make it clear that, I hold nothing against linux and our
    > community. I do have a bone againest closed minded zealots of any kind.
    > I know that who ever is doing this is in the minority and is imature. I
    > want to appologize if I come across as anti linux or any other OS. I
    > believe all OS's have their place and use. Even MS although I personally
    > dislike a lot of the MS tatics. I know every group has it's bad apples.
    >
    > I was really upset because of emails, with personal attacks and threats,
    > and what was happening to all my machines.

    ......

    I think that you are right to be upset and I am appalled that someone
    would target you for such abuse.


+ Reply to Thread