Textual Reflexions

Since a couple of weeks I am receiving thousands of requests for non-existing files on my webserver:

aaa.bbb.ccc.ddd - - [04/May/2008:06:45:31 +0200]
“GET /ratty/.wine/drive_c/Program%20Files/uTorrent/PSP%20MEGAPACK…/lfc-vt3e.006 HTTP/1.1″ 302 337
“http://88.191.27.73/ratty/.wine/drive_c/Program Files/uTorrent/PSP MEGAPACK…”
“Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)”

and all hits come from Chinese sources. I don’t exclude the possibility that the server was cracked and used to distribute copyrighted content. Anyway two facts tell me the contrary:

1. All the requests hit my web-server and are logged as 404 errors. This should not happen if the server were cracked and the users could actually download the files.
2. The number of requests that I have in my logs should have generated a huge network activity on the server. Once again this is not the case (the network activity monitored by my hosting provider is normal).

Hence I think that I am the victim of an IP number error (like a dialing error for phones) and someone distributed (probably on TorrentLeech, though I don’t have access to their forums) a list of addresse that users retrieve using web spiders (the clients that generate the hits in my logs does not have javascript enabled, otherwise I would be millionaire through my AdSense program ).

To stop polluting my logs and straining my web-server I devised a simple solution: block requests. From now on everyone that tries to download one of the incriminated URLs will end up on a page like this and his IP will be blocked for an hour (the link does nothing, but has the same output as the real script).

In time I intend to extend this behaviour to all Internet Parasites like referer and comment spammers, those who scan my server for non-installed and vulnerable PHP application (no, I don’t have mysqladmin, whoever hits the /mysqladmin URL most probably wants to do something nasty), etc.

I was talking quite recently with a friend about the importance of uptime for a geek and why we leave our machines running while we are not at home… and some curse touched my poor computer.

Today, on my friend’s birthday, morgoth rebooted for unkown reasons, though I suspect a power shortage. He had an uptime of 176 days, 6 hours and 31 minutes at the time. Accidentally Joël’s machine also rebooted four days ago with a much bigger uptime.

Aujourd’hui c’est le Open Discussion Day. Pendant 24 heures je boycotte les réseaux de messagerie instantanée proprietaires, tels que Yahoo! Messenger et MSN Messenger.

Vous pouvez me joindre sur Jabber à l’adresse piotr.karwasz@jabber.org. Ploum explique dans un billet bilangue, comment utiliser le protocole Jabber.

Today is the Open Discussion Day, you won’t be able to join me on any proprietary instant messenger. You can however use my Jabber address piotr.karwasz@jabber.org as explained by Ploum (or wait until tomorrow, when I’ll regretfully will start using Yahoo! Messenger and MSN Messenger again).

And by the way, happy birthday to Darco.

“Morgoth and the High King of Noldor”
by Ted Nasmith

Last Tuesday I received by mail the components for the new karwasz.org server. I assembled them during the afternoon, installed the system during the night and here we are : Morgoth is alife. And so is karwasz.org after a bit less than 3 months of inactivity. I am sorry for the problems that it caused¹.

For those who are interested in the details, Morgoth (morgoth.karwasz.org) is an ATX Screenless Desktop with:

• Asus A8N-SLI Deluxe motherboard.
• Athlon 64 3000+ (1800MHz) CPU, Venice core.
• 1 GiB of DDR-400 RAM memory.
• 2 hard disks ( Maxtor DiamondMax 10 SATA 300 6V300F0) of 300 GB (or 279.3 GiB). They are configured into a Linux Software RAID 0 with LVM over it. If you wonder why didn’t I user nVidia’s fakeraid, the answer is simple: I don’t care about compatibility with other OSes, dmraid wasn’t in the Debian installer and many sites assert Linux Software Raid gives better performances than nVidia’s.
• Some other components like a graphic card (it’s a screenless box, so the graphic card is the cheapest one: an MSI RX300HM-TD128E), a DVD-Writer (NEC ND-4550) and a case (Heden B9310UV-N-CA). I was pleasantly surprised by the case that allows to open the case and mount PCI cards without a screw driver: there other retention mechanisms that work as well.

For the curious, this is post n. 42 in my database, though it’s not yet the 42^nd published.

¹I had some problems with the online shop that didn’t send me the server for the past 10 days. But I’ll write it in a more appropriate place.