01-24-2005, 07:30 PM
|
|
Executive Editor
Join Date: Aug 2006
Posts: 29,160
|
|
Server Attack Foiled
If you were wondering what happened to our server this morning, it was under attack. 870 different computers were pounding our server with a known phpBB exploit that we patched back in December. Unfortunately, the solution provided by the phpBB team didn't do anything to prevent the phpBB install in question from being overloaded with the requests. We've blocked the attacking computer in question and modified phpBB to essentially ignore such requests. Thanks to Jorj and Fabrizio for rescuing our server from the abyss. :-)
You know, this makes me wonder at what point the issue of personal liability comes into question - if my computer is attacking your computer, even if I don't know it, shouldn't I be liable for that in some way? If my dog attacks someone, I'm held responsible. If a piece of my roof falls off and kills someone, I'm responsible. I wonder if we'll start to see some legal action against users, or against software companies, related to issues like this?
|
| |
|
|
|
01-24-2005, 07:34 PM
|
|
Oracle
Join Date: Aug 2006
Posts: 864
|
|
Take it a step further couldn't Microsoft be liable in the first place for putting out software that has an exploit that allows it to become a zombie? Just playing devil's advocate! :devilboy:
|
| |
|
|
|
01-24-2005, 07:35 PM
|
|
5000+ Posts? I Should OWN This Site!
Join Date: Jun 2007
Posts: 5,067
|
|
Re: Server Attack Foiled
Quote:
|
Originally Posted by Jason Dunn
You know, this makes me wonder at what point the issue of personal liability comes into question - if my computer is attacking your computer, even if I don't know it, shouldn't I be liable for that in some way?
|
Defending a computer from trojans / attacks is much harder and much more complicated (even for a seasoned user) than putting a muzzle on a dog / strengtening a roof. So, I don't think anyone should be liable for attacks he wasn't aware of. IMHO 
|
| |
|
|
|
01-24-2005, 07:40 PM
|
|
Intellectual
Join Date: Feb 2002
Posts: 229
|
|
If it is an unintentional attack let's all be a little more professional and help each other work through the problem to the solution like it was handled in this situation and foget about who is liable for what. Professionalism rises above all of that.
__________________
PDA stuff... Dell Axim 51v with 1g CF and SD card and a LOT of cool software.
|
| |
|
|
|
01-24-2005, 07:46 PM
|
|
Contributing Editor Emeritus
Join Date: Aug 2006
Posts: 8,228
|
|
Re: Server Attack Foiled
Quote:
|
Originally Posted by Jason Dunn
You know, this makes me wonder at what point the issue of personal liability comes into question - if my computer is attacking your computer, even if I don't know it, shouldn't I be liable for that in some way?
|
There is no life-guard for the gene pool and there doesn't seem to be one for internet users. :? I am more convinced every day you need a licenese to get online just like you have a license to drive a car.
You could contact their ISPs. ISPs hate their users being zombies and attacking/spamming other users. They will take action to help the innocent or crush the intentional behind their network.
|
| |
|
|
|
01-24-2005, 07:51 PM
|
|
Intellectual
Join Date: Jan 2003
Posts: 125
|
|
If someone hijack your car and run over a bunch of people, are you responsable? I think that applies better to the case, but it is certainly a interesting and open topic of discussion.
|
| |
|
|
|
01-24-2005, 07:56 PM
|
|
Thinker
Join Date: Aug 2006
Posts: 412
|
|
Well, there are some aspects of existing legislation (I am not a lawyer) that may include such liabilities.
Certainly if you own a computer that is infected, you could be causing financial damage to other computers. And if your computer is attacking www.whitehouse.gov or the homeland security website, I wouldn't rule out a nice notice from your ISP that the FBI or RCMP has asked to have your computer taken offline.
However, legislators are horribly bad at crafting usable and enforceable laws and penalties.
For instance, as we speak California legislators are working on legislation that will pretty much make developers who work on software targetted at the sharing of messages or files illegal on the internet. This is due to their poor definition of P2P software.
>CA BILL CALLS FOR POTENTIAL JAIL TIME FOR P2P DEVELOPERS A bill
>introduced in California's Legislature last week has raised the
>possibility of jail time for developers of file-swapping software who
>do not stop trades of copyrighted movies and songs online. If passed
>and signed into law, the bill could expose file-swapping software
>developers to fines of up to $2,500 per charge, or a year in jail, if
>they do not take "reasonable care" in preventing the use of their
>software to swap copyrighted music or movies, or child pornography.
>Bill at
><http://cainducebill.notlong.com>http://cainducebill.notlong.com
>Coverage at
><http://news.com.com/2100-1028_3-5540937.html>http://news.com.com/2100-
>1028_3-5540937.html
I guess 'reasonable care' will be left up to a judge...very nervous here.
Their definition of P2P:
"peer-to-peer file sharing software" means software that once installed
>and launched, enables the user to connect his or her computer to a
>network of other computers on which the users of these computers have
>made available recording or audiovisual works for electronic
>dissemination to other users who are connected to the network."
Sounds a lot like IE or Mozilla, eh?
Karen
|
| |
|
|
|
01-24-2005, 07:58 PM
|
|
Thinker
Join Date: Aug 2006
Posts: 412
|
|
Quote:
|
Originally Posted by HTK
If someone hijack your car and run over a bunch of people, are you responsable? I think that applies better to the case, but it is certainly a interesting and open topic of discussion.
|
Not so much if it's hijacked, but if you leave it running in front of the beer store, unlocked, you would be more liable.
K
|
| |
|
|
|
01-24-2005, 08:07 PM
|
|
Contributing Editor Emeritus
Join Date: Aug 2006
Posts: 8,228
|
|
Quote:
|
Originally Posted by HTK
If someone hijack your car and run over a bunch of people, are you responsable? I think that applies better to the case, but it is certainly a interesting and open topic of discussion.
|
Did you drive to a bad part of town, get out of your car and leave the door open with the keys running while you went into the local market to pick up some gum? I'd say in that case, yeah, the owner has some culpability.
|
| |
|
|
|
01-24-2005, 08:17 PM
|
|
Editor Emeritus
Join Date: Aug 2006
Posts: 15,171
|
|
Re: Server Attack Foiled
Quote:
|
Originally Posted by Menneisyys
Defending a computer from trojans / attacks is much harder and much more complicated (even for a seasoned user) than putting a muzzle on a dog / strengtening a roof. So, I don't think anyone should be liable for attacks he wasn't aware of. IMHO |
In this case, we're talking about owned servers, not workstations. In theory someone with some PHP knowledge set up this phpBB board and has just left it alone, even though it's probably been hacked several times over.
--janak
|
| |
|
|
|
|
|
Linear Mode
