you may be able to do this at a lower level with iptables and bypass apache/mysql all together…. match and forward to another host / port? i have only dropped:
<span style="color: #242729;">iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --set</span> <span style="color: #242729;">iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --update --seconds 60 --hitcount 6 -j DROP </span>
The Mirai Botnet is Proof the Security Industry is Broken
Mirai does one, and only one thing in order to break into new devices: it cycles through a bunch of default username/password combinations over telnet, like “admin/admin” and “root/realtek”. For a laugh, “mother/fucker” is in there too.
Default credentials. Over telnet. That’s how you get hundreds of thousands of devices. The Morris worm from 1988 tried a dictionary password attack too, but only after its buffer overflow and sendmail backdoor exploits failed.
Oh, and Morris’ password dictionary was larger, too.
.. Around the world, we spend $75 billion a year on information security. And for what, when we keep getting such basic things wrong? Suppose I waved a magic wand and cut the worldwide security budget in half. Would things really be that much worse? The security industry is addicted to selling expensive complicated products instead of doing the basics well.
.. But, right now, the vast majority of threats can be thwarted by the basics:
- Keep your systems patched
- Keep your systems properly configured.
- Make sure you have strong passwords and two factor authentication.
.. The major botnet of 2016 is simpler than the botnet of 1988.
Some thoughts on the Krebs situation: Akamai made a painful business call
Several people at DerbyCon pointed to a blog post by Nick Selby, who said that Akamai’s threshold has been identified.
“The substantially much larger precedent it has set has been that Akamai – a company that has bragged that it handles about 30% of the Internet’s traffic every day; delivering more than 30 Terabits per second, and delivering the pipe through which users conduct nearly 3 trillion Internet interactions each day, enabling, it claims, more than $250 billion in annual e-commerce for its online retail customers – Akamai has now announced to the world that if your site is getting attacked at a rate of 620 gigabits per second of traffic, then you’re on your own.”
It’s possible – even likely – that those with a paid contract though Prolexic (Akamai) wouldn’t be pushed aside and ditched. Akamai had to make a hard choice, and that choice sucks. It sucks that they couldn’t protect him and keep his website online. It also sucks to see them essentially throw in the towel.
Benedict Evans: A Network Designed to Withstand Nuclear Attack .. DNS DOS’ed
A chunk of the internet went down this week, effectively, because someone did a massive distributed denial-of-service attack using a botnet of millions of hacked IoT devices – mostly, it seems, IP webcams from one Chinese company that don’t have decent security. This is an interesting structural problem – the devices once sold are either impossible or unlikely to be patched, the users probably don’t even know that their device is hacked, and the manufacturer has no motivation and probably few of the necessary skills to do anything about it. A network designed to withstand nuclear attack, brought down by toasters. More interesting/worrying – who is doing this, why, and what will they do next? Link