Do you know where your variables are? | |
PerlMonks |
Re: Re: Enough is Enough - Taking the fight back to the Internet scammersby tachyon (Chancellor) |
on Oct 28, 2003 at 03:02 UTC ( [id://302616]=note: print w/replies, xml ) | Need Help?? |
With IPs and datestamps, it would probably be pretty easy to separate the list into "probably real" and "probably not real" piles. Besides the bugs in the code this could be harder than expected. You would need certain elements in the raw data file as well as the 4 significant data fields you might presume the script is writing. A parallel log analysis might show you when you were being bombed and from where but you need to accurately correllate that with the data. A low order continuous DOS would make this problematic anyway as all data would become suspect. The general idea of adding a haystack to hide the needles seems like not a bad approach. Of course there are plenty of fixes for it but it does require that those fixes get implemented. Given that it appears that this site is a clone of a scam on the National bank it is possible that while the perps are creative they are at a script kiddy level. The form they present looks nowhere near as high quality as some I have seen which are a perfect match for the target site. As you don't need the return data you would really want to spoof the sending IP address. Better simulated names (ie taken from a real name list) and Secret words taken from say the Unix dictionary would also add more realism. Education is a nice thought but if you take virus spread as an example some people are difficult to educate. cheers tachyon s&&rsenoyhcatreve&&&s&n.+t&"$'$`$\"$\&"&ee&&y&srve&&d&&print
In Section
Meditations
|
|