The China Threat

The Chinese army participates in "digital war games."

The Chinese army participates in “digital war games.”

I’m a webmaster and programmer by trade. Part of my job duties involve administration of the company’s web server. As such, I do my absolute best to block all traffic from China.

Why? Because of the hacking that originates there. There’s not a day that goes by where some automated script isn’t attacking my server, and most of it originates in China. I’m not saying it’s state-sponsored, but on the other hand, there doesn’t seem any official effort to stop it, either. Perhaps it’s a matter of calculated indifference, which I surmise is a close cousin to plausible deniability.

The Great Firewall of China blocks a lot of content from the Chinese people, but it decidedly does not block shit like this aimed at other countries:

[Wed Apr 16 2014] [error] [client 178.32.223._] File does not exist: /var/www/vhosts/somedamnwebsite.com/httpdocs/muieblackcat
[Wed Apr 16 2014] [error] [client 202.75.208._] File does not exist: /var/www/vhosts/somedamnwebsite.com/httpdocs/muieblackcat
[Wed Apr 16 2014] [error] [client 202.75.208._] File does not exist: /var/www/vhosts/somedamnwebsite.com/httpdocs/admin
[Wed Apr 16 2014] [error] [client 202.75.208._] File does not exist: /var/www/vhosts/somedamnwebsite.com/httpdocs/admin
[Wed Apr 16 2014] [error] [client 202.75.208._] File does not exist: /var/www/vhosts/somedamnwebsite.com/httpdocs/dbadmin
[Wed Apr 16 2014] [error] [client 202.75.208._] File does not exist: /var/www/vhosts/somedamnwebsite.com/httpdocs/myadmin
[Wed Apr 16 2014] [error] [client 202.75.208._] File does not exist: /var/www/vhosts/somedamnwebsite.com/httpdocs/mysql
[Wed Apr 16 2014] [error] [client 202.75.208._] File does not exist: /var/www/vhosts/somedamnwebsite.com/httpdocs/mysqladmin
[Wed Apr 16 2014] [error] [client 202.75.208._] File does not exist: /var/www/vhosts/somedamnwebsite.com/httpdocs/typo3
[Wed Apr 16 2014] [error] [client 202.75.208._] File does not exist: /var/www/vhosts/somedamnwebsite.com/httpdocs/phpadmin
[Wed Apr 16 2014] [error] [client 202.75.208._] File does not exist: /var/www/vhosts/somedamnwebsite.com/httpdocs/phpMyAdmin
[Wed Apr 16 2014] [error] [client 202.75.208._] File does not exist: /var/www/vhosts/somedamnwebsite.com/httpdocs/pma
[Wed Apr 16 2014] [error] [client 202.75.208._] File does not exist: /var/www/vhosts/somedamnwebsite.com/httpdocs/web
[Wed Apr 16 2014] [error] [client 202.75.208._] File does not exist: /var/www/vhosts/somedamnwebsite.com/httpdocs/xampp
[Wed Apr 16 2014] [error] [client 202.75.208._] File does not exist: /var/www/vhosts/somedamnwebsite.com/httpdocs/php-my-admin
[Wed Apr 16 2014] [error] [client 202.75.208._] File does not exist: /var/www/vhosts/somedamnwebsite.com/httpdocs/websql
[Wed Apr 16 2014] [error] [client 202.75.208._] File does not exist: /var/www/vhosts/somedamnwebsite.com/httpdocs/phpMyAdmin-2
[Wed Apr 16 2014] [error] [client 202.75.208._] File does not exist: /var/www/vhosts/somedamnwebsite.com/httpdocs/phpMyAdmin-2.5.5
[Wed Apr 16 2014] [error] [client 202.75.208._] File does not exist: /var/www/vhosts/somedamnwebsite.com/httpdocs/phpMyAdmin-2.5.5-pl1
[Wed Apr 16 2014] [error] [client 202.75.208._] File does not exist: /var/www/vhosts/somedamnwebsite.com/httpdocs/phpmyadmin
[Wed Apr 16 2014] [error] [client 202.75.208._] File does not exist: /var/www/vhosts/somedamnwebsite.com/httpdocs/Admin
[Wed Apr 16 2014] [error] [client 202.75.208._] File does not exist: /var/www/vhosts/somedamnwebsite.com/httpdocs/Admin
[Wed Apr 16 2014] [error] [client 202.75.208._] File does not exist: /var/www/vhosts/somedamnwebsite.com/httpdocs/_PHPMYADMIN
[Wed Apr 16 2014] [error] [client 202.75.208._] File does not exist: /var/www/vhosts/somedamnwebsite.com/httpdocs/_pHpMyAdMiN
[Wed Apr 16 2014] [error] [client 202.75.208._] File does not exist: /var/www/vhosts/somedamnwebsite.com/httpdocs/_phpMyAdmin
[Wed Apr 16 2014] [error] [client 202.75.208._] File does not exist: /var/www/vhosts/somedamnwebsite.com/httpdocs/_phpmyadmin
[Wed Apr 16 2014] [error] [client 202.75.208._] File does not exist: /var/www/vhosts/somedamnwebsite.com/httpdocs/administrator
[Wed Apr 16 2014] [error] [client 202.75.208._] File does not exist: /var/www/vhosts/somedamnwebsite.com/httpdocs/apache-default
[Wed Apr 16 2014] [error] [client 202.75.208._] File does not exist: /var/www/vhosts/somedamnwebsite.com/httpdocs/blog
[Wed Apr 16 2014] [error] [client 202.75.208._] File does not exist: /var/www/vhosts/somedamnwebsite.com/httpdocs/cpanelphpmyadmin
[Wed Apr 16 2014] [error] [client 202.75.208._] File does not exist: /var/www/vhosts/somedamnwebsite.com/httpdocs/forum
[Wed Apr 16 2014] [error] [client 202.75.208._] File does not exist: /var/www/vhosts/somedamnwebsite.com/httpdocs/php
[Wed Apr 16 2014] [error] [client 202.75.208._] File does not exist: /var/www/vhosts/somedamnwebsite.com/httpdocs/phpMyAdmin-2.10.0.0
[Wed Apr 16 2014] [error] [client 202.75.208._] File does not exist: /var/www/vhosts/somedamnwebsite.com/httpdocs/phpMyAdmin-2.10.0.1
[Wed Apr 16 2014] [error] [client 202.75.208._] File does not exist: /var/www/vhosts/somedamnwebsite.com/httpdocs/phpMyAdmin-2.10.0
[Wed Apr 16 2014] [error] [client 202.75.208._] File does not exist: /var/www/vhosts/somedamnwebsite.com/httpdocs/phpMyAdmin-2.10.1.0
[Wed Apr 16 2014] [error] [client 202.75.208._] File does not exist: /var/www/vhosts/somedamnwebsite.com/httpdocs/phpMyAdmin-2.10.2.0
[Wed Apr 16 2014] [error] [client 202.75.208._] File does not exist: /var/www/vhosts/somedamnwebsite.com/httpdocs/phpMyAdmin-2.11.1.0
[Wed Apr 16 2014] [error] [client 202.75.208._] File does not exist: /var/www/vhosts/somedamnwebsite.com/httpdocs/phpMyAdmin-2.11.1.1
[Wed Apr 16 2014] [error] [client 202.75.208._] File does not exist: /var/www/vhosts/somedamnwebsite.com/httpdocs/phpMyAdmin-2.11.1.2
[Wed Apr 16 2014] [error] [client 202.75.208._] File does not exist: /var/www/vhosts/somedamnwebsite.com/httpdocs/phpMyAdmin-2.5.5-pl1
[Wed Apr 16 2014] [error] [client 202.75.208._] File does not exist: /var/www/vhosts/somedamnwebsite.com/httpdocs/phpMyAdmin-2.5.5
[Wed Apr 16 2014] [error] [client 202.75.208._] File does not exist: /var/www/vhosts/somedamnwebsite.com/httpdocs/phpMyAdmin-2.6.1-pl2
[Wed Apr 16 2014] [error] [client 202.75.208._] File does not exist: /var/www/vhosts/somedamnwebsite.com/httpdocs/phpMyAdmin-2.6.4-pl3
[Wed Apr 16 2014] [error] [client 202.75.208._] File does not exist: /var/www/vhosts/somedamnwebsite.com/httpdocs/phpMyAdmin-2.6.4-pl4
[Wed Apr 16 2014] [error] [client 202.75.208._] File does not exist: /var/www/vhosts/somedamnwebsite.com/httpdocs/phpMyAdmin-2.6.4-rc1
[Wed Apr 16 2014] [error] [client 202.75.208._] File does not exist: /var/www/vhosts/somedamnwebsite.com/httpdocs/phpMyAdmin-2.6.5
[Wed Apr 16 2014] [error] [client 202.75.208._] File does not exist: /var/www/vhosts/somedamnwebsite.com/httpdocs/phpMyAdmin-2.6.6
[Wed Apr 16 2014] [error] [client 202.75.208._] File does not exist: /var/www/vhosts/somedamnwebsite.com/httpdocs/phpMyAdmin-2.7.0-beta1
[Wed Apr 16 2014] [error] [client 202.75.208._] File does not exist: /var/www/vhosts/somedamnwebsite.com/httpdocs/phpMyAdmin-2.7.0-pl1
[Wed Apr 16 2014] [error] [client 202.75.208._] File does not exist: /var/www/vhosts/somedamnwebsite.com/httpdocs/phpMyAdmin-2.7.0-pl2
[Wed Apr 16 2014] [error] [client 202.75.208._] File does not exist: /var/www/vhosts/somedamnwebsite.com/httpdocs/phpMyAdmin-2.7.5
[Wed Apr 16 2014] [error] [client 202.75.208._] File does not exist: /var/www/vhosts/somedamnwebsite.com/httpdocs/phpMyAdmin-2.7.6
[Wed Apr 16 2014] [error] [client 202.75.208._] File does not exist: /var/www/vhosts/somedamnwebsite.com/httpdocs/phpMyAdmin-2.7.7
[Wed Apr 16 2014] [error] [client 202.75.208._] File does not exist: /var/www/vhosts/somedamnwebsite.com/httpdocs/phpMyAdmin-2.8.2.3
[Wed Apr 16 2014] [error] [client 202.75.208._] File does not exist: /var/www/vhosts/somedamnwebsite.com/httpdocs/phpMyAdmin-2.8.2
[Wed Apr 16 2014] [error] [client 202.75.208._] File does not exist: /var/www/vhosts/somedamnwebsite.com/httpdocs/phpMyAdmin-2.8.7
[Wed Apr 16 2014] [error] [client 202.75.208._] File does not exist: /var/www/vhosts/somedamnwebsite.com/httpdocs/phpMyAdmin-2.8.8
[Wed Apr 16 2014] [error] [client 202.75.208._] File does not exist: /var/www/vhosts/somedamnwebsite.com/httpdocs/phpMyAdmin-2.8.9
[Wed Apr 16 2014] [error] [client 202.75.208._] File does not exist: /var/www/vhosts/somedamnwebsite.com/httpdocs/phpMyAdmin-2.9.0-rc1
[Wed Apr 16 2014] [error] [client 202.75.208._] File does not exist: /var/www/vhosts/somedamnwebsite.com/httpdocs/phpMyAdmin-2.9.0.1
[Wed Apr 16 2014] [error] [client 202.75.208._] File does not exist: /var/www/vhosts/somedamnwebsite.com/httpdocs/phpMyAdmin-2.9.0
[Wed Apr 16 2014] [error] [client 202.75.208._] File does not exist: /var/www/vhosts/somedamnwebsite.com/httpdocs/phpMyAdmin-2.9.1
[Wed Apr 16 2014] [error] [client 202.75.208._] File does not exist: /var/www/vhosts/somedamnwebsite.com/httpdocs/phpMyAdmin-2.9.2
[Wed Apr 16 2014] [error] [client 202.75.208._] File does not exist: /var/www/vhosts/somedamnwebsite.com/httpdocs/phpMyAdmin-2
[Wed Apr 16 2014] [error] [client 202.75.208._] File does not exist: /var/www/vhosts/somedamnwebsite.com/httpdocs/phpMyAdmin-3.0.0-rc1-english
[Wed Apr 16 2014] [error] [client 202.75.208._] File does not exist: /var/www/vhosts/somedamnwebsite.com/httpdocs/phpMyAdmin-3.0.0.0-all-languages
[Wed Apr 16 2014] [error] [client 202.75.208._] File does not exist: /var/www/vhosts/somedamnwebsite.com/httpdocs/phpMyAdmin-3.0.1.0-english
[Wed Apr 16 2014] [error] [client 202.75.208._] File does not exist: /var/www/vhosts/somedamnwebsite.com/httpdocs/phpMyAdmin-3.0.1.0
[Wed Apr 16 2014] [error] [client 202.75.208._] File does not exist: /var/www/vhosts/somedamnwebsite.com/httpdocs/phpMyAdmin-3.1.0.0-english
[Wed Apr 16 2014] [error] [client 202.75.208._] File does not exist: /var/www/vhosts/somedamnwebsite.com/httpdocs/phpMyAdmin-3.1.0.0
[Wed Apr 16 2014] [error] [client 202.75.208._] File does not exist: /var/www/vhosts/somedamnwebsite.com/httpdocs/phpMyAdmin-3.1.1.0-all-languages
[Wed Apr 16 2014] [error] [client 202.75.208._] File does not exist: /var/www/vhosts/somedamnwebsite.com/httpdocs/phpMyAdmin-3.1.2.0-all-languages
[Wed Apr 16 2014] [error] [client 202.75.208._] File does not exist: /var/www/vhosts/somedamnwebsite.com/httpdocs/phpMyAdmin-3.1.2.0-english
[Wed Apr 16 2014] [error] [client 202.75.208._] File does not exist: /var/www/vhosts/somedamnwebsite.com/httpdocs/phpMyAdmin-3.1.2.0
[Wed Apr 16 2014] [error] [client 202.75.208._] File does not exist: /var/www/vhosts/somedamnwebsite.com/httpdocs/phpMyAdmin
[Wed Apr 16 2014] [error] [client 202.75.208._] File does not exist: /var/www/vhosts/somedamnwebsite.com/httpdocs/phpMyAdmin2
[Wed Apr 16 2014] [error] [client 202.75.208._] File does not exist: /var/www/vhosts/somedamnwebsite.com/httpdocs/phpMyAdmin3

That’s a wee taste from this morning’s error log. When a block of IP addresses is provisioned to China, it’s only a matter of time until something like this happens. To be fair, it also originates from other places like the Russian Federation, Nigeria, Korea, etc. And, occasionally, even the United States where idiots who don’t run anti-virus software unwittingly become zombies in the script kiddies army. Alas, I can’t block those ranges of IP addresses, because that’s where real customers might be.

So what’s going on here? In short, a robot is probing the server for weakness. It doesn’t know what software we might have installed, so it simply tries to find them all. The list shown is the stuff they couldn’t find. If they do find a match, then they run scripts trying to hack at known exploits of the located software installation. And stuff like this happens on the server 24 hours a day, 365 days a year.

If the Great Firewall of China doesn’t block stuff like this, then what’s it for?

tiananmen

My company’s new logo.

  • Web sites belonging to “outlawed” or suppressed groups, such as pro-democracy activists and Falun Gong
  • News sources that often cover topics that are considered defamatory against China, such as police brutality, Tiananmen Square protests of 1989, freedom of speech, democracy, and Marxist sites. These sites include Voice of America and the Chinese edition of BBC News.
  • Sites related to the Taiwanese government, media, or other organizations, including sites dedicated to religious content, and most large Taiwanese community websites or blogs.
  • Web sites that contain anything the Chinese authorities regard as obscenity or pornography.
  • Web sites relating to criminal activity.
  • Sites linked with the Dalai Lama, his teachings or the International Tibet Independence Movement.
  • Most blogging sites experience frequent or permanent outages.
  • Web sites deemed as subversive.

Source: Wikipedia.

Again, to reiterate, traffic like the example shown above is not blocked. Interesting priorities.

Attempting to block traffic from a specific country is a never-ending game of cat and mouse. The IP address system doesn’t make it easy. So when I see an attack, like the above, I have to research the IP address to determine the country of origin. If it’s someplace other than the United States, I block the entire range. That is until the next day when a new attack is launched from a different IP address range.

Fun, eh? 24/7 someone out there is attempting to hurt and destroy me, my company and my customers. Good times.

Maybe if I made the storefront of all my e-commerce websites the massacre at Tiannanmen Square perhaps the Chinese authorities would take care of my hacker problem for me? It’s worth a try. And, besides, that should really help spur sales. It’s yet another classic Shout Abyss win-win! I’m all about creative solutions and thinking outside of the box.

It’s time to Tiananmen up!

3 responses

  1. Jeez, you make my job as a school photographer seem so easy. No one wants me to do photos 24/7. I feel like a slacker. I can’t even people to read my blog 24/7. However, with your helpful marketing tips I know visitors and readership will spike up now with key SEO words you mentioned in your post today!

    Like

  2. I think we’re all in an arms race of sorts, it’s just that the majority of people don’t know it or understand it.

    Like

  3. And occasionally, the exploit probes just lead to a nice firewall ddos overload.

    Like

Bringeth forth thy pith and vinegar

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: