Server Attack Foiled

[Jason Dunn]

If you were wondering what happened to our server this morning, it was under attack. 870 different computers were pounding our server with a known phpBB exploit that we patched back in December. Unfortunately, the solution provided by the phpBB team didn't do anything to prevent the phpBB install in question from being overloaded with the requests. We've blocked the attacking computer in question and modified phpBB to essentially ignore such requests. Thanks to Jorj and Fabrizio for rescuing our server from the abyss. :-)You know, this makes me wonder at what point the issue of personal liability comes into question - if my computer is attacking your computer, even if I don't know it, shouldn't I be liable for that in some way? If my dog attacks someone, I'm held responsible. If a piece of my roof falls off and kills someone, I'm responsible. I wonder if we'll start to see some legal action against users, or against software companies, related to issues like this?

[Jason Dunn]

If you were wondering what happened to our server this morning, it was under attack. 870 different computers were pounding our server with a known phpBB exploit that we patched back in December. Unfortunately, the solution provided by the phpBB team didn't do anything to prevent the phpBB install in question from being overloaded with the requests. We've blocked the attacking computer in question and modified phpBB to essentially ignore such requests. Thanks to Jorj and Fabrizio for rescuing our server from the abyss. :-)You know, this makes me wonder at what point the issue of personal liability comes into question - if my computer is attacking your computer, even if I don't know it, shouldn't I be liable for that in some way? If my dog attacks someone, I'm held responsible. If a piece of my roof falls off and kills someone, I'm responsible. I wonder if we'll start to see some legal action against users, or against software companies, related to issues like this?

[Mike Temporale]

Quote:

Originally Posted by Jason Dunn

Thanks to Jorj and Fabrizio for rescuing our server from the abyss. :-)

:werenotworthy:

Quote:

Originally Posted by Jason Dunn

You know, this makes me wonder at what point the issue of personal liability comes into question - if my computer is attacking your computer, even if I don't know it, shouldn't I be liable for that in some way?

Interesting question... At some point, sure. I wonder what it will take before we start to see companies take this kind of action. I think, you would have to prove that the owner neglected to preform routine security updates.

[spunkkat]

I think it should be a law now, if we don't start to police people who do not uphold their civic & web duty to have anti-virus & such... why should "we" pay for someone else's lack of caring? P.S. Tanx for reactivating my account so fast!!!

[Jerry Raia]

Quote:

Originally Posted by Mike Temporale

Quote:

:werenotworthy:

Quote:

Interesting question... At some point, sure. I wonder what it will take before we start to see companies take this kind of action. I think, you would have to prove that the owner neglected to preform routine security updates.

Don't know how one could prove that without being invasive. One of the great things about the internet is the freedom of it. Along with that comes the abuse. If you tighten up too much on the abuse you may strangle the freedom too.

[jimfee]

You will always have a section of lazy slobs that allow themselves to be co-opted for this type of attack. The only way to ensure they are not successful is to have a security team in place, which you seem to have. The only way to have a security team in place is to provide them some kind of security in return. How about a donation link, I don’t want this resource to go away. Some of my favorite boards have gone the way of "this domain is available for sale" lately.