Short bio: Computer Scientist, FOSS supporter (read more)
Tux Machines (TM)-specific
Yesterday Exherbo’s Quote database experienced a very primitive attack. The purpose was to turn all the rank values on our quotes into negative numbers. In this post we are going to analyse the log files from the attack and see “who did this”.
By simply reading the log files I can see that the attack was done via the program called wget which is a fairly shiny little Unix tool for fetching websites and wget is ideal for this kind of attacks.
I wanted to get an idea about who was behind this attack so it would be fairly nice to do a simple reverse DNS lookup of these IP’s to get an idea about where these attacks were launched from:
Yup, that is right. 4 of these machines are Gentoo controlled. So basically, we now know that a Gentoo developer is behind this.