Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

One Million Web Pages Attacked By Lilupophilupop

Unknown Lamer posted more than 2 years ago | from the lilliputian-record-label-marketing-gone-wrong dept.

Security 120

hankwang writes "The Internet Storm Center reported that one million web pages have been attacked by the Lilupophilupop SQL injection and contain a malicious Javascript link. Affected sites can be found using a Google search query. See also the technical details of the SQL injection. The attack is directed to sites running ASP or ColdFusion with an MSSQL backend. The payload of the Javascript leads, via redirects and obfuscated Javascript, to a fake download page for Adobe Flash and antivirus software."

Sorry! There are no comments related to the filter you selected.

oh (-1)

Anonymous Coward | more than 2 years ago | (#38585988)

ohhh

Can't you people type properly anymore? (-1, Flamebait)

ToiletBomber (2269914) | more than 2 years ago | (#38586050)

"one million web pages have been attacked by a the Lilupophilupop SQL injection"

Re:Can't you people type properly anymore? (1)

Inquisitus (937664) | more than 2 years ago | (#38586096)

So I guess you've never made a typo before in your life?

Re:Can't you people type properly anymore? (1)

ElmoGonzo (627753) | more than 2 years ago | (#38586150)

My guess is that the T.B'er simply has no life.

Re:Can't you people type properly anymore? (0)

Anonymous Coward | more than 2 years ago | (#38586226)

Honestly, I thought it was a joke based on the utterly ridiculous name of the injection (no, smartass, I mean "Lilupophilupop", not "SQL"). Seriously, it looks like someone got frustrated trying to type up the REAL name of the injection, slammed his/her fist onto the keyboard, and called it a day.

Re:Can't you people type properly anymore? (0)

Anonymous Coward | more than 2 years ago | (#38586428)

No[e, never.

Re:Can't you people type properly anymore? (2)

pclminion (145572) | more than 2 years ago | (#38586522)

So I guess you've never made a typo before in your life?

In a piece of text that has been edited for presentation to a wide audience? No. Those are corrected by a review process.

Re:Can't you people type properly anymore? (1)

Inquisitus (937664) | more than 2 years ago | (#38586656)

Then the GP should've said "edit", not "type", since the wording suggested he was aiming his complaint at the submitter. Can't these people express themselves clearly anymore?

Re:Can't you people type properly anymore? (1)

sortius_nod (1080919) | more than 2 years ago | (#38588232)

Having worked for a newspaper, I can assure you that they still make mistakes. Hell, the paper I worked for even got the date on the front page wrong (a year out) once due to a typo.

Get off your high horse & join us all in reality.

Re:Can't you people type properly anymore? (0)

Anonymous Coward | more than 2 years ago | (#38590634)

aah...

Re:Can't you people type properly anymore? (-1)

Anonymous Coward | more than 2 years ago | (#38586206)

Maybe you should become a Creative Writing/Composition teacher and quit being the dickhead who has nothing better to do than point out other peoples faults.

Re:Can't you people type properly anymore? (-1)

Anonymous Coward | more than 2 years ago | (#38586300)

The day Microsoft takes security seriously is the day when the nerds will have enough spare time and energy to dedicate to the finer things in life (such as spelling). Until then, they will try various techniques such as dialogue in leetspeak and voodoo as a creative avenue to convince people to abandon stupidity in all places that make the world a darker place for everybody. [/sarcasm]

Re:Can't you people type properly anymore? (4, Informative)

man_of_mr_e (217855) | more than 2 years ago | (#38586546)

This has nothing to do with Microsoft. First, this is targeting classic ASP and Cold Fusion, that's a 15 year old technology that nobody uses anymore and a non-MS technology. Second, sql injection attacks are all about the application code, not the framework.

Re:Can't you people type properly anymore? (0)

mspohr (589790) | more than 2 years ago | (#38586724)

If you read the linked pages, it does appear that this is due to a vulnerability in MSSQL... so yet again (and we are all "shocked"), this has Microsoft's fingerprints all over it.

Re:Can't you people type properly anymore? (4, Informative)

Richard_at_work (517087) | more than 2 years ago | (#38587814)

I've read the linked pages, it's not a vulnerability in MSSQL, it's injected code which targets MSSQL so the blame lies with the application.

Re:Can't you people type properly anymore? (2)

L4t3r4lu5 (1216702) | more than 2 years ago | (#38594250)

I'm not even a developer, and even I know the phrase "Sanitise your inputs".

There's no excuse for injection vulnerabilities. None.

Re:Can't you people type properly anymore? (2)

bloodhawk (813939) | more than 2 years ago | (#38588506)

You seem to have some reading comprehension problems, it is NOT a MSSQL vulnerability at all, it is bad application programming which then allows an attacker to leverage MSSQL with malicious code.

Re:Can't you people type properly anymore? (0)

Anonymous Coward | more than 2 years ago | (#38586800)

> this is targeting classic ASP and Cold Fusion, that's a 15 year old technology that nobody uses anymore

Really? - just because you don't use it....

It's actually technology that is simple, low profile and gets the job done - just like a bicycle is efficient for personal day-to-day transportation.

Re:Can't you people type properly anymore? (1)

Anonymous Coward | more than 2 years ago | (#38588306)

ASP is likely still more used than ASP.NET.

ColdFusion apologist (2)

aclarke (307017) | more than 2 years ago | (#38589364)

ColdFusion (it hasn't been "Cold Fusion" since 1998) has had parameterized SQL commands for a decade. The problem is that there is still a high percentage of ColdFusion developers who are not educated enough to know what they are or why they should use them.

CFML is such an easy language to program in that it encourages people who have not taken the time to learn the appropriate software engineering basics. It's a bit of a double-edged sword, really. Also, there's still a lot of 10+ year old ColdFusion code out there that hasn't been touched in a long time because it "still works", except, of course, that it doesn't, as we can see from this example.

Re:Can't you people type properly anymore? (0)

Anonymous Coward | more than 2 years ago | (#38589974)

ASP is definitely a MS technology. Any exploit that depends on ASP from now till the end of eternity is MS's fault.

Re:Can't you people type properly anymore? (1)

bloodhawk (813939) | more than 2 years ago | (#38590494)

The exploit doesn't depend on ASP, it depends on poor code written by application developers in ASP or Cold fusion. You can't blame the technology for bad application developers.

1 million pages? (4, Informative)

grahamsaa (1287732) | more than 2 years ago | (#38586056)

The google query in the post returns "about 288,000" results, many of which come from the same domains. While agree that this is serious, the claim that 1M pages have been attacked (and who really cares about pages anyway -- the number of sites / domains seems far more important to me) seems exaggerated.

Re:1 million pages? (0)

Anonymous Coward | more than 2 years ago | (#38586286)

Clearly misread article (there was mentioned a similar infection that took over ~1mil sites, not this one for now)

Re:1 million pages? (3, Funny)

flatcat (464267) | more than 2 years ago | (#38586430)

Unfortunately Firefox with NoScript is preventing me from enjoying this new version of Adobe.

Re:1 million pages? (1)

Qzukk (229616) | more than 2 years ago | (#38586924)

The google query in the post returns "about 288,000" results

Right now, there are 28800 pages defaced by this attack.

Based on the ISC Diary page with it's update dated August, this has been going on for months.

Re:1 million pages? (0)

Anonymous Coward | more than 2 years ago | (#38587170)

I believe the author used international time, the article is dated as being published 2011-12-01 and comments started on the same day.

Re:1 million pages? (1)

Qzukk (229616) | more than 2 years ago | (#38592554)

Bah. "international time" is ISO 8601. Writing the date "8/12/2011" is "intentionally confusing to everyone else time".

Re:1 million pages? (0)

Anonymous Coward | more than 2 years ago | (#38593986)

But I see it being written in ISO dates. Don't you?

Re:1 million pages? (0)

Anonymous Coward | more than 2 years ago | (#38609010)

Midway through http://isc.sans.edu/diary.html?storyid=12127 [sans.edu] it says "UPDATE 8/12/2011" in bold, underlined letters.

Re:1 million pages? (1)

dww (119841) | more than 2 years ago | (#38594438)

Google generally hides duplicate pages on a site. However if you use Advanced Search it finds "About 942,000 results", which is near enough a million, especially as some sites will have started clearing up infected pages by now.

Resolving lilupophilupop.com... failed: Name or se (1)

buchner.johannes (1139593) | more than 2 years ago | (#38586058)

hmm ... lilupophilupop.com is unreachable for me.

Me too (but 4 DIFF. reasons)... apk (-1, Troll)

Anonymous Coward | more than 2 years ago | (#38586216)

I already had it blocked out in my custom HOSTS file (along with 1,656,592++ other KNOWN bad sites/servers/hosts-domains that serve up malicious scripts &/or malware etc.- et al).

That's the security-side of it... the other side's FASTER online websurfing (blocking adbanners & resolving hosts-domains to IP addresses of 250 of my fav. sites in it as well, which results in FAR faster resolves than calling out to a remote DNS server (which may even be compromised via redirect DNS poisoning that's been going on the past few years now)).

Between a custom HOSTS file, & using "filtering" DNS servers (that specialize in blocking out malicious script & malware serving domains + phishing/spamming ones)? I am safer, by far, than most folks are online, & FASTER too!

---

Options for "DNSBL filtered 'secured'" DNS servers:

A.) Norton DNS (198.153.192.50 and 198.153.194.50/198.153.192.40 and 198.153.194.40/198.153.192.60 and 198.153.194.60) -> http://nortondns.com/ [nortondns.com] & you can even see how it updates every few minutes vs. known malicious sites-servers, here -> http://safeweb.norton.com/buzz [norton.com] as well as get a GOOD read on how/why it works, etc.- et al, here https://dns.norton.com/dnsweb/faq.do [norton.com]

It filters vs. MANY threats online & IS UP TO DATE as is possible I'd imaging (see those links, you'll understand WHY I state that). It's part of WHY I use it as my PRIMARY DNS here...

---

B.) ScrubIT DNS (67.138.54.100 and 207.225.209.66 ) -> http://www.scrubit.com/ [scrubit.com] & here is a good read on how/why it works via its FAQ's as well -> http://www.scrubit.com/index.cfm?page=faq [scrubit.com]

---

& of course

C.) Open DNS (208.67.222.222 or 208.67.220.220) -> https://store.opendns.com/get/home-free [opendns.com]

---

EACH IS FREE, & WORKS vs. threats online of MANY kinds, doubtless via a form of DNSBL they use for filtering those threats out!

(E.G.-> Phishing/Spamming, Malware hosting sites/servers, Maliciously scripted hosts-domains etc./et al & more...)

* I use ALL 3 of them (mostly as "failovers" for one another, in case my primary can't resolve a host/domain name to an IP address, & w/ Norton DNS as primary)!

(I do so, in a "layered triumvirate formation" in BOTH my IP stack DNS settings in Windows (software-side), as well as in my LinkSys/CISCO router here (hardware-side))...

APK

P.S.=> Simplest principle there is, of "I can't get burned when I can't go into the malware fire", so-to-speak (and IF I were to somehow be infected? The custom HOSTS file acts as a "1 way valve" in yet ANOTHER way - the malware/exploit cannot "talk back to mama" (it's C&C server if any) either - BONUS!)...

LASTLY, & to "security-harden" my system even further, I do what's noted in these links (utilizing the principles of "layered-security"/"defense-in-depth"):

http://www.bing.com/search?q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&go=&qs=ns&form=QBLH [bing.com]

... apk

Re:Me too (but 4 DIFF. reasons)... apk (2)

pclminion (145572) | more than 2 years ago | (#38586542)

Doesn't having a million-entry host file have some drawbacks? I expect either the whole thing is cached in memory (assuming 128 bytes per cache entry that's over 128 MB to cache the thing), or the file is linearly scanned every time you resolve a hostname, slowing down every single name resolution enormously. Either of those would kind of suck.

Cached by local kernelmode diskcache subsystem (0)

Anonymous Coward | more than 2 years ago | (#38586640)

"Doesn't having a million-entry host file have some drawbacks? I expect either the whole thing is cached in memory (assuming 128 bytes per cache entry that's over 128 MB to cache the thing), - by pclminion (145572) on Wednesday January 04, @12:28PM (#38586542)

Not @ all - in fact? IT FLIES... I make this DSL connection websurf like FIOS using it in fact! Here's how/why:

It gets cached by 1 of 2 methods (depending on the size of the HOSTS file itself, because MS' DNS clientside cache service has "issues" with larger HOSTS files (it uses a fixed-size buffer/structure to cache is why, limited & inflexible)).

---

1.) DNS ClientSide cache service (default method, & works "ok" with relatively smaller HOSTS files)

or

2.) Local kernelmode diskcaching subsystem (the method I must use because of the issues in the DNS clientside cache - BUT, I save CPU cycles, RAM, & other forms of I/O not using it too, bonus... it's unneeded here is why/redundant!) - it caches HOSTS files like any other file!

---

* Generally, I'd recommend folks 'cut off' the local DNS cache client in Windows w/ larger custom HOSTS files, but... there IS another way to stop it from lagging:

TO BE ABLE TO USE DNS CLIENTSIDE LOCAL CACHE SERVICE WITH A LARGE HOSTS FILE:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters
Click Edit > New > DWORD Value (type) MaxCacheTtl
Click Edit > New > DWORD Value (type) MaxNegativeCacheTtl
Next right-click on the MaxCacheTtl entry (right pane) and select: Modify and change the value to 1
The MaxNegativeCacheTtl entry should already have a value of 0 (leave it that way - see screenshot)
Close Regedit and reboot ...
As usual you should always backup your Registry before editing ... see Regedit Help under "Exporting Registry files"

---

THIS COMMANDLINE BATCH WILL DISABLE DNS CACHE:

sc config DNSCache start= disabled
sc stop DNSCache

---

THIS COMMANDLINE BATCH WILL SET THE DNS CACHE TO MANUAL START (vs. default automatic):

sc config DNSCache start= demand
sc stop DNSCache

APK

P.S.=>

" or the file is linearly scanned every time you resolve a hostname, slowing down every single name resolution enormously. Either of those would kind of suck." - by pclminion (145572) on Wednesday January 04, @12:28PM (#38586542)

My name resolutions happen FAR FASTER from a HOSTS file (I read it up off a TRUE SSD (not FLASH based) in a Gigabyte IRAM 4gb DDR2 based SSD & once cached as noted above? FAST!) than they do from remote DNS servers (those take 30-100's of ms to get back... from that SSD? Less than 1ms!)... apk

Re:Me too (but 4 DIFF. reasons)... apk (4, Informative)

sexconker (1179573) | more than 2 years ago | (#38586810)

Large hosts files absolutely slow down lookups.
Furthermore, he says he uses 3 different DNS servers, so he's really just getting the security of the intersection of all 3 blacklists.
He also claims his hosts file and router prevent malware from dialing home, despite the fact that such malware often has hardcoded IPs and would never need to perform a DNS lookup.

The DNS/HOSTS troll has been around for a while, but the sad thing is it's not a copy-pasta. Each post is actually unique (though similar), so there's some moron begind the AC curtain actually typing that shit out every time. This troll is most easily identified by the formatting. it always has excessive sectioning, bolding, and use of asterisks, hyphens, and parentheticals. The end is always a "beat you over the head with it" moment. In this case it's a link to a Bing search on "how to secure" Windows XP/2000.

Basically, don't feed the trolls.

Cached local speed = faster than DNS lookup return (-1)

Anonymous Coward | more than 2 years ago | (#38587006)

"Large hosts files absolutely slow down lookups." - by sexconker (1179573) on Wednesday January 04, @12:55PM (#38586810)

These peers of yours @ /. disagree with you, as do I:

---

18++ SLASHDOT USERS EXPERIENCING SUCCESS USING HOSTS FILES QUOTED VERBATIM:

---

"Ever since I've installed a host file (http://www.mvps.org/winhelp2002/hosts.htm) to redirect advertisers to my loopback, I haven't had any malware, spyware, or adware issues. I first started using the host file 5 years ago." - by TestedDoughnut (1324447) on Monday December 13, @12:18AM (#34532122)

"I use a custom /etc/hosts to block ads... my file gets parsed basically instantly ... So basically, for any modern computer, it has zero visible impact. And even if it took, say, a second to parse, that would be more than offset by the MANY seconds saved by not downloading and rendering ads. I have noticed NO ill effects from running a custom /etc/hosts file for the last several years. And as a matter of fact I DO run http servers on my computers and I've never had an /etc/hosts-related problem... it FUCKING WORKS and makes my life better overall." - by sootman (158191) on Monday July 13 2009, @11:47AM (#28677363) Homepage Journal

"I actually went and downloaded a 16k line hosts file and started using that after seeing that post, you know just for trying it out. some sites load up faster." - by gl4ss (559668) on Thursday November 17, @11:20AM (#38086752) Homepage Journal

"Better than an ad blocker, imo. Hosts file entries: http://www.mvps.org/winhelp2002/hosts.htm [mvps.org] " - by TempestRose (1187397) on Tuesday March 15, @12:53PM (#35493274)

"^^ One of the many reasons why I like the user-friendliness of the /etc/hosts file." - by lennier1 (264730) on Saturday March 05, @09:26PM (#35393448)

"They've been on my HOSTS block for years" - by ScottCooperDotNet (929575) on Thursday August 05 2010, @01:52AM (#33147212)

"I'm currently only using my hosts file to block pheedo ads from showing up in my RSS feeds and causing them to take forever to load. Regardless of its original intent, it's still a valid tool, when used judiciously." - by Bill Dog (726542) on Monday April 25, @02:16AM (#35927050) Homepage Journal

"you're right about hosts files" - by drinkypoo (153816) on Thursday May 26, @01:21PM (#36252958) Homepage

"APK's monolithic hosts file is looking pretty good at the moment." - by Culture20 (968837) on Thursday November 17, @10:08AM (#38085666)

"I also use the MVPS ad blocking hosts file." - by Rick17JJ (744063) on Wednesday January 19, @03:04PM (#34931482)

"I use ad-Block and a hostfile" - by Ol Olsoc (1175323) on Tuesday March 01, @10:11AM (#35346902)

"I do use Hosts, for a couple fake domains I use." - by icebraining (1313345) on Saturday December 11, @09:34AM (#34523012) Homepage

"It's a good write up on something everybody should use, why you were modded down is beyond me. Using a HOSTS file, ADblock is of no concern and they can do what they want." - by Trax3001BBS (2368736) on Monday December 12, @10:07PM (#38351398) Homepage Journal

"I want my surfing speed back so I block EVERY fucking ad. i.e. http://someonewhocares.org/hosts/ [someonewhocares.org] and http://winhelp2002.mvps.org/hosts.htm [mvps.org] FTW" - by UnknownSoldier (67820) on Tuesday December 13, @12:04PM (#38356782)

"Let me introduce you to the file: /etc/hosts" - by fahrbot-bot (874524) on Monday December 19, @05:03PM (#38427432)

"I use a hosts file" - by EdIII (1114411) on Tuesday December 13, @01:17PM (#38357816)

"I'm tempted to go for a hacked hosts file that simply resolves most advert sites to 127.0.0.1" - by bLanark (123342) on Tuesday December 13, @01:13PM (#38357760)

"put in your /etc/hosts:" - by Anonymous Coward on Friday December 03, @09:17AM (#34429688)

---

Still not enough for you? Ok - here's the words of a respected SECURITY PRO from SECURITYFOCUS.COM:

A RETURN TO THE KILLFILE:

http://www.securityfocus.com/columnists/491 [securityfocus.com]

Some "PERTINENT QUOTES/EXCERPTS" to back up my points with (for starters):

---

"The host file on my day-to-day laptop is now over 16,000 lines long. Accessing the Internet -- particularly browsing the Web -- is actually faster now."

Speed, and security, is the gain... others like Mr. Day note it as well!

---

"From what I have seen in my research, major efforts to share lists of unwanted hosts began gaining serious momentum earlier this decade. The most popular appear to have started as a means to block advertising and as a way to avoid being tracked by sites that use cookies to gather data on the user across Web properties. More recently, projects like Spybot Search and Destroy offer lists of known malicious servers to add a layer of defense against trojans and other forms of malware."

Per my points exactly, no less...

Additionally - Guess who was posting about HOSTS files a 14++ yrs. or more back & Mr. Day was reading & now using? Yours truly!

(& this is one of the later ones, from 2001 http://www.furtherleft.net/computer.htm [furtherleft.net] (but the example HOSTS file with my initials in it is FAR older, circa 1998 or so) or thereabouts, and referred to later by a pal of mine who moderates NTCompatible.com (where I posted on HOSTS for YEARS (1997 onwards)) -> http://www.ntcompatible.com/thread28597-1.html [ntcompatible.com]

---

"Shared host files could be beneficial for other groups as well. Human rights groups have sought after block resistant technologies for quite some time. The GoDaddy debacle with NMap creator Fyodor (corrected) showed a particularly vicious blocking mechanism using DNS registrars. Once a registrar pulls a website from its records, the world ceases to have an effective way to find it. Shared host files could provide a DNS-proof method of reaching sites, not to mention removing an additional vector of detection if anyone were trying to monitor the use of subversive sites. One of the known weaknesses of the Tor system, for example, is direct DNS requests by applications not configured to route such requests through Tor's network."

There you go: AND, it also works vs. the "KAMINSKY DNS FLAW" & DNS poisoning/redirect attacks, for redirectable weaknesses in DNS servers (non DNSSEC type, & set into recursive mode especially) and also in the TOR system as well (that lends itself to anonymous proxy usage weaknesses I noted above also)

PLUS?

Well, you'll also get to sites you want to, even IF a DNS registrar drops said websites from its tables as shown here Beating Censorship By Routing Around DNS -> http://yro.slashdot.org/story/10/12/09/1840246/Beating-Censorship-By-Routing-Around-DNS [slashdot.org] & even DNSBL also (DNS Block Lists) -> http://en.wikipedia.org/wiki/DNSBL [wikipedia.org] as well - DOUBLE-BONUS!

---

"Furthermore, he says he uses 3 different DNS servers, so he's really just getting the security of the intersection of all 3 blacklists." - by sexconker (1179573) on Wednesday January 04, @12:55PM (#38586810)

What I am GETTING, is the principle of "Layered-Security"/"Defense-In-Depth" - the BEST THING WE HAVE GOING CURRENTLY for security online!

(As well as websurfing FAR faster as well!)

---

"He also claims his hosts file and router prevent malware from dialing home, despite the fact that such malware often has hardcoded IPs and would never need to perform a DNS lookup." - by sexconker (1179573) on Wednesday January 04, @12:55PM (#38586810)

Did this one? No... it uses lilupophilupop.com & thus, I had it blocked as soon as it was listed from 17++ reputable & reliable sources for HOSTS file data vs. online threats (weeks-to-MONTHS ago already).

What I don't catch in HOSTS or my hardware firewalls (via DNSBL DNS servers I use too)? I do in my software firewall by IP address!

(You really should have read my security guide link I posted @ the termination of my 1st reply here... it covers that & FAR more!)

---

"The DNS/HOSTS troll has been around for a while, but the sad thing is it's not a copy-pasta. Each post is actually unique (though similar), so there's some moron begind the AC curtain actually typing that shit out every time. This troll is most easily identified by the formatting. it always has excessive sectioning, bolding, and use of asterisks, hyphens, and parentheticals. The end is always a "beat you over the head with it" moment. In this case it's a link to a Bing search on "how to secure" Windows XP/2000." - by sexconker (1179573) on Wednesday January 04, @12:55PM (#38586810)

Tell you what: You're MORE THAN WELCOME to disprove ANY points on HOSTS files I make... (good luck, you'll NEED it!)

---

"Basically, don't feed the trolls." - by sexconker (1179573) on Wednesday January 04, @12:55PM (#38586810)

Now, the funniest part is - FOLKS WILL WATCH YOU "FEED YOURSELF" as you "EAT YOUR WORDS" now flavored with the taste of your foot (which you have inserted into your mouth, lol) & with the "bitter taste of defeat"... lol!

APK

P.S.=> Again, I challenge YOU to disprove any points I made on HOSTS file (or DNSBL filtering servers I noted as well)... good luck - you'll need it (because it can't be done)... apk/bquote

Re:Cached local speed = faster than DNS lookup ret (0)

Anonymous Coward | more than 2 years ago | (#38587370)

somebody really needs to introduce APK to Michael Kristopeit

Mike = the "Lon Chaney of /." (lol) (-1)

Anonymous Coward | more than 2 years ago | (#38587504)

"somebody really needs to introduce APK to Michael Kristopeit" - by Anonymous Coward on Wednesday January 04, @01:42PM (#38587370)

I know who he is, who doesn't? Per my subject-line above, lol, -> http://en.wikipedia.org/wiki/Man_of_a_Thousand_Faces [wikipedia.org]

* I hope you "caught my drift", because Mike K. has MORE REGISTERED 'luser' ACCOUNTS HERE THAN ANYONE I'd ever seen before ( & I've been lurking around here since late 2003).

Now, I realize you're trying to "get my goat" & my initial post was upmodded to +1, now it's back down to "0 informative"!

LMAO - so, on a "wild guess" (lol, not)?

I'd have to say it's "sexconker" logging out of his reg'd account or using an alternate one to mod down my posts (rather than meet the challenge I put to he to disprove my points on HOSTS files... nobody has to date here!)

I've seen that "little trick" pulled to "game the moderation system" here SO many times, it's not even funny... the mod system here DOES NEED REVISION (such as letting you know WHO downmodded you).

Still - downmod me ALL YOU LIKE, but not disproving the points I make (especially on custom HOSTS files)? Weak... & effete/ineffectual, vs. facts. Especially facts like I use with documented, verifiable, & reputable sources backing me.

APK

P.S.=> A lot of folks have given Mike K. a lot of guff, I even stuck up for him once, until he started up with me too, lol... I've NEVER seen anyone with so many "alternate guises" in registered accounts on a forum as he...

... apk

Re:Cached local speed = faster than DNS lookup ret (-1)

Anonymous Coward | more than 2 years ago | (#38588778)

Sexconker ran. Figures, as he's a known troll on slashdot. How he was upmodded +4 is obviously cheating the moderation system since he was off topic is blatant bullshit. Watching sexconker run from a challenge you gave him here http://it.slashdot.org/comments.pl?sid=2603836&cid=38587006 [slashdot.org] is priceless. Sexconker downmodded you and ran, that's obvious. His running away from the challenge you gave him though? Priceless.

Re:Cached local speed = faster than DNS lookup ret (0)

Anonymous Coward | more than 2 years ago | (#38592366)

sexconker tries hidin apk's post I replied to by downmoddin it? Weak. That post knocked sexconker clean out n' sexconker ran cuz he can't make apk's points appear incorrect,

sexconker RUNS from a challenge? LMAO! (0)

Anonymous Coward | more than 2 years ago | (#38587742)

Your post got a +4 informative for trolling off topic too, after you downmodded my initial/1st post & the one where I challenged you to DISPROVE points I made on HOSTS file also here http://it.slashdot.org/comments.pl?sid=2603836&cid=38587006 [slashdot.org] ??

Make us laugh some more please!

(Because anyone KNOWS how simple it is to "game/cheat" the moderation system here by using alternate registered 'luser' accounts)

To wit/e.g.:

---

1.) Downmod with your registered 'luser' account
2.) Logout (to preserve your cookie state & karma points b.s.)
3.) Troll away as AC
4.) Downmod MORE with your other "alternate guises" (registered 'luser' accounts).
5.) "Rinse, Lather, & Repeat" steps #1 - 4

---

* Now, with that "all said & aside"? You RUN from disproving points I made on HOSTS files here -> http://it.slashdot.org/comments.pl?sid=2603836&cid=38587006 [slashdot.org] , AFTER you downmodded me (either by this account of 'sexconker' OR another alternate one (most likely this latter)), & ran?

Please... lol!

APK

P.S.=> Do you HONESTLY feel you're "fooling anyone" with those 'tactics', sexconker? Guess again... HOWEVER- the "bright side" is this:

ALL THE DOWNMODS IN THE WORLD (in addition to modding yourself up for offtopic trolling illogical ad hominem attack attempts) don't stand up to facts I posted, which I INVITE YOU TO DISPROVE, and you cannot obviously - & all you have? Is downmodding my post, upmodding yourself via alternate registered 'luser' accounts you have here obviously, lol... poor/weak/effete/useless, vs. facts you RUN from!

... apk

Re:Me too (but 4 DIFF. reasons)... apk (1)

couchslug (175151) | more than 2 years ago | (#38588482)

APK has been "amusing" for many years, under a variety of nicks.

Google: site:arstechnica.com APK

Any psychiatrists care to chime in on the characteristic "speech patterns" in the posts?

http://www.ntcompatible.com/postprint81050.html [ntcompatible.com]

couchslug: Time to BLOW YOU AWAY, again? (-1)

Anonymous Coward | more than 2 years ago | (#38588550)

couchslug, your off topic illogical ad hominem attack attempt reply merely indicates YOU are probably "sexconker's alternate 'registered luser'" account here.

So, that said?

I challenge you, or "sexconker" (you, obviously) to disprove the points I made on HOSTS files here in response to the off topic fool named sexconker -> http://it.slashdot.org/comments.pl?sid=2603836&cid=38587006 [slashdot.org]

(Which he RAN from, lol, as-per-usual).

APK

P.S.=> This isn't a "1st" from you either, you useless troll - because you RAN like the troll you are here also vs. myself:

http://it.slashdot.org/comments.pl?sid=2357552&threshold=-1&commentsort=0&mode=thread&pid=36947416 [slashdot.org]

Because I've EASILY "run YOU off" before too, just as I have your "alternate registered 'luser'" guise, sexconker, above... & you KNOW I've just GOTTA SAY IT in my usual "inimitable style":

This? This was just "too, Too, TOO EASY - just '2EZ'", because you'll evade disproving points I made on HOSTS files, just as you did on Security Hardening Windows in the link just above this before... apk

Disprove my points then... apk (0)

Anonymous Coward | more than 2 years ago | (#38589776)

Funny how you RUN from that here -> http://it.slashdot.org/comments.pl?sid=2603836&cid=38587006 [slashdot.org]

Man... lol, that you were upmodded for your off-topic illogical ad hominem attack attempt "boggles the mind" too (but then again, everyone KNOWS how easy it is to cheat the moderation system on /. ... piece of cake, that & I illustrated HOW that's done too in my other posts here so... in other words? You fool NOBODY but yourself!).

APK

P.S.=> Sometimes you fools ask me WHY I don't register here and be like you (a "registered 'luser'", lol, which doesn't hold true of the majority of registered users here, only the trolls such as yourself)...

1 reason's that trolls such as yourself, once I trash them on their computer technical weaknesses (which I have to yourself here with ease since you ran like the trolling coward you are)? They threatened to "mod my posts down to oblivion" IF I had a registered 'luser' account here... but then, that'd make ME, like YOU, & I do NOT want THAT (lol, for sure).

Another reason being is that I have CAUGHT people cheating the moderation system here (tomhudson's group, trolltalk.com do), & it's a sham because of that!

Folks also wonder WHY slashdot's losing readers, & dorks like you, off topic ad hominem attack attempting ones that FAIL & RUN when confronted are why... you're pitiful!

... apk

Re:Me too (but 4 DIFF. reasons)... apk (1)

fatphil (181876) | more than 2 years ago | (#38588830)

Fortunately he's a loon who posts AC. If he were a morpher with a million different IDs, then it would be expensive to mark posts from all his IDs with a score penalty, but fortunately, all you need to do is mark AC down, and you get rid of all of his irrational ranting, and lots more besides.

HTH, HAND.

Re:Me too (but 4 DIFF. reasons)... apk (0)

Anonymous Coward | more than 2 years ago | (#38589168)

I'm glad I read his post. I downloaded this hosts file and am surfing faster already http://winhelp2002.mvps.org/hosts.htm [mvps.org] so your opinion is worthless compared to my results. You can call the guy a loon but if that's crazy I don't want to be sane.

Disprove my points then "FatPhil" (you troll) (0)

Anonymous Coward | more than 2 years ago | (#38589290)

A "big talker" like you ought to be able to do that, vs. the points I posted here -> http://it.slashdot.org/comments.pl?sid=2603836&cid=38586216 [slashdot.org] or here -> http://it.slashdot.org/comments.pl?sid=2603836&cid=38586640 [slashdot.org] or here -> http://it.slashdot.org/comments.pl?sid=2603836&cid=38587006 [slashdot.org]

Right?

* Go for it FatPhil... I am going to LOVE watching you "eat your off topic illogical ad hominem attack attempt words"...

(Of course, that's "expecting too much" from a useless troll such as yourself!)

APK

P.S.=> What I love about trolls like you, especially ones that attempt off topic illogical ad hominem attacks, is that your "kind" online (trolls) are usually QUITE stupid in technical matters of computing

... apk/b

Re:Me too (but 4 DIFF. reasons)... apk (0)

Anonymous Coward | more than 2 years ago | (#38590204)

It does, but being on cable is so fast I don't notice it.
Okay I do notice it, but its more secure than not having the regularly updated HOSTS file.
So what if my time to resolve a host goes from 20 ms to 1020 ms. It's just a stupid webpage and it's literally 1 second.
This doesn't have an impact on connections that just go by IP address to begin with. (like games)
It also stops all those stupid apps that try to load ads in their window.
Like for instance Motioninjoy to use a ps3 controller on pc, it's a good tool, but it loads ads and someone might get infected by them.

Your IPAddress-2-hostname doesn't go up (0)

Anonymous Coward | more than 2 years ago | (#38591298)

"So what if my time to resolve a host goes from 20 ms to 1020 ms" -

If anything? It'll be faster IF you put your fav. sites into it with their CORRECT IP address to hosts-domain/subdomain name into your custom HOSTS file, "hardcoded" resolved there already @ the top of it!

(Plus, that also gets cached & operates @ the speed of RAM + the fact a kernelmode PnP subsystem's driving it (IP Stack))...

* Fastest there is, proof to DNS attacks, & even DNSBL + DNS request logs... & FAR faster than remotely calling out to a potentially redirect poisoned DNS server that takes 100's to 1000's of time longer for the same thing? No thanks!

APK

P.S.=> Nice job, good reply - thought I'd "brighten your day" on that part you actually thought you were "losing out" on using custom HOSTS files (you're actually GAINING in that area, if you do it right, & manyfold)... apk

Re:Me too (but 4 DIFF. reasons)... apk (0)

Anonymous Coward | more than 2 years ago | (#38591080)

Yeah. As sexconker and couchslug have indicated, this guy is not worth wasting time on.

Couchslug & SexConker "ne'er-do-well" trolls r (0)

Anonymous Coward | more than 2 years ago | (#38591354)

LOL, that's all I have to say about that... see subject-line!

* :)

(As per my usual style? I walk away unscathed, & laughing @ my "naysayer" trolls, who run as expected when faced with my "superior technical firepower" in computing that I possess vs. "the likes of they" (trolls))

APK

P.S.=> This? This was just "too, Too, TOO EASY - just '2EZ'", as is per my usual vs. off-topic illogical ad hominem attack attempting technically weak trolls... such as the prime examples of such "ne'er-do-wells", lol, in couchslug &/or sexconker...

... apk

Re:Me too (but 4 DIFF. reasons)... apk (0)

Anonymous Coward | more than 2 years ago | (#38586900)

Sweet. My custom /etc/hosts file saved me from the malware that is bing... So I was unable to check out your last link. Thanks for the comment.

Re:Me too (but 4 DIFF. reasons)... apk (0)

Anonymous Coward | more than 2 years ago | (#38588230)

How did the post I replied to go from +1 Informative to -1 Troll? His detractors won't face a challenge put to them here either http://it.slashdot.org/comments.pl?sid=2603836&cid=38587006 [slashdot.org] and people wonder why slashdot's losing readers?

Re:Me too (but 4 DIFF. reasons)... apk (0)

Anonymous Coward | more than 2 years ago | (#38592026)

Trolls around /. fear apk's hosts file cuz they're botmasters/webmasters that lose money due to hosts files' use and they don't want the rest of the people to learn about them who read his posts so they try to bury them since ac people like apk don't get modded up as much and are hidden by default on slashdot for most readers, and downmodding unjustly hides that even more so they think. How stupid of them.

Re:Me too (but 4 DIFF. reasons)... apk (1)

mandelbr0t (1015855) | more than 2 years ago | (#38591630)

If you're willing to do this much work to avoid malware, well, go for it. Your performance gains, when compared to network latency, are probably so slight as to be imperceptible. Personally, I use AdBlock Plus and a local DNS server, and have never had issues with either malware, unwanted ads, or network performance. To each his own. If you don't want to get modded Troll, you might want to tone down on the caps and excessive bolding. You may have a legitimate technical point to make, but it gets lost in a tone that reminds me of a child throwing a tantrum.

It's NO work (automated in multiplatform Python) (0)

Anonymous Coward | more than 2 years ago | (#38591948)

"If you're willing to do this much work to avoid malware, well, go for it." - by mandelbr0t (1015855) on Wednesday January 04, @08:53PM (#38591630)

See subject-line above: My HOSTS updates from a pristine temp every 15 minutes here, & normalized vs. repeats + alphabetized from reputable & reliable sources for HOSTS file & DNSBL data vs. malware & such, "automatigically" (phishing/spamming/maliciously scripted sites/known purveyors of trojans-virus-worms etc./et al)).

E.G. &/or I.E.-> I haven't had a malware infestation of ANY kind, since 1996 in fact, & I can post testimonials of the same from users of my guides... would you like that? They're easily verifiable too... just ask.

---

"Your performance gains, when compared to network latency, are probably so slight as to be imperceptible. " - by mandelbr0t (1015855) on Wednesday January 04, @08:53PM (#38591630)

Oh, really: CAN YOU READ?

In my earlier replies here, I posted:

---

1.) The words of your own /. peers here noting they're websurfing faster in addition to myself & others posting here.

2.) Even the testimonial quoted a SECURITY PRO from SECURITYFOCUS.COM (division of Symantec) said he's surfing noticeably FASTER using a custom HOSTS file too!

---

Let's see, that outnumbers you HOW much & not only by your peers here, including myself, but also a professional security journallist & security pro?

---

"Personally, I use AdBlock Plus" - " - by mandelbr0t (1015855) on Wednesday January 04, @08:53PM (#38591630)

Guess what? So do I in "WaterFox", but it's only GOOD for that browser & slower! NOT ONLY THAT, but AdBlock "ain't what it used to be" -> http://tech.slashdot.org/story/11/12/13/1430236/adblock-plus-developers-to-allow-acceptable-ads [slashdot.org]

How else as well especially compared to HOSTS files?

Well - HOSTS are GLOBAL & even cover external to browser email apps (any webbound app) & run @ ring 0/rpl 0/kernelmode PnP privelege of the IP stack itself (far faster & more efficiently than do usermode/ring 3/rpl 3 apps like browsers, & especially addons for them (which slows them up even more especially in FF IF you overdo it with too many of them)).

---

"and a local DNS server, and have never had issues with either malware, unwanted ads, or network performance. " - by mandelbr0t (1015855) on Wednesday January 04, @08:53PM (#38591630)

Maybe not, but... lol, how about DNS problems like a redirected poisoning due to recursion issues in DNS that are KNOWN?

Plus?

Hey - I don't waste CPU cycles, RAM, or other forms of I/O on a local DNS server OR the electricity for a dedicated rig for it either

(Instead - I use what I mentioned in my 1st reply here: You'd KNOW that, if you read it... I use known efficient & filtering vs. malware types in OpenDNS, Norton DNS, & ScrubIT DNS).

---

"To each his own" - by mandelbr0t (1015855) on Wednesday January 04, @08:53PM (#38591630)

That I can live with... absolutely, & for less CPU/RAM/Other forms of I/O + electricity usage by doing MY way, vs. yours (in DNS mostly).

---

"If you don't want to get modded Troll, you might want to tone down on the caps and excessive bolding." - by mandelbr0t (1015855) on Wednesday January 04, @08:53PM (#38591630)

I'll write as I please, if you don't like it? Don't read it.

---

"You may have a legitimate technical point to make" - by mandelbr0t (1015855) on Wednesday January 04, @08:53PM (#38591630)

I know DAMN WELL I do, & it kicks the trolls asses SO BADLY, that when I challenge them to disprove my technical points I posted on ANYTHING I POSTED?

They run... sexconker &/or couchslug are the 2 prime examples of off-topic illogical ad hominem attack attempting & failing TROLLS I speak of in this very exchange. I challenge them then to get on topic, & disprove my points... what did they do?

RUN!

---

"but it gets lost in a tone that reminds me of a child throwing a tantrum." - by mandelbr0t (1015855) on Wednesday January 04, @08:53PM (#38591630)

What a bunch of trolling B.S. - Ahem: Who made you the "expert on writing in forums or online" or the local PHD in English & professor of posting here on /.?

Man - first of all: I've probably been @ it longer than yourself for 1 thing if not speaking & writing the language longer quite possibly due to age, & for another?? I've actually passed English courses in college while earning 2 degrees no less (A grades usually) - have you??

(You certainly don't strike me as "the master of writing" or a PHD in English for that matter... you're in other words, NO authority on the subject either).

APK

P.S.=> You ending that way gives away your "true troll 'tell'".. talk about obvious, playing "pretend english professor on /." & "the MaSteR oF All ThiNgS PoStiNg MyStiCaL" lol, on your part... apk
"

Re:It's NO work (automated in multiplatform Python (0)

mandelbr0t (1015855) | more than 2 years ago | (#38592078)

OR the electricity for a dedicated rig for it either

Don't spend it all in one place. The dedicated rig does other useful stuff that I wouldn't want bogging down my desktop.

I've actually passed English courses in college while earning 2 degrees no less (A grades usually) - have you??

Yep. This is, after all, a "News for Nerds" site. You're not the only genius here. And the rest of us don't tend to use terms like "superior technical firepower" and go off on rants about things that represent a minute portion of IT.

I know DAMN WELL I do, & it kicks the trolls asses SO BADLY, that when I challenge them to disprove my technical points I posted on ANYTHING I POSTED?

I'm not trying to disprove your technical points; I'm saying that people aren't listening to you because of the way you present your argument. I'm happy with what I've got, you're happy with what you've got.

talk about obvious, playing "pretend english professor on /." & "the MaSteR oF All ThiNgS PoStiNg MyStiCaL

This borders on delusional. I don't know how your mind got from a sincere comment on how I felt your writing represented yourself to making assumptions about the purpose of my post. The purpose of my post was to say that the content of your original post had technical merit. It still does. I just choose not to go down that road. If that requires you to tear apart my post looking for flaws not related to the original discussion, well, it's no wonder no one bothers to have a discussion with you based on technical merits.

There's no disproving my points on HOSTS is why (0)

Anonymous Coward | more than 2 years ago | (#38592294)

Especially on HOSTS files in my 1st post, yet it was dowmodded here -> http://it.slashdot.org/comments.pl?sid=2603836&cid=38586216 [slashdot.org] Please - that's bullshit.

However - IF I made some technical error & was misleading others maybe... but for no reason? Bullshit!

(It went from +1 Informative, to 0 Informative, to -1, to -1 Troll... for what?)

---

"I'm not trying to disprove your technical points" - by mandelbr0t (1015855) on Wednesday January 04, @09:56PM (#38592078)

That'd be IMPOSSIBLE to DO ANYHOW, & I think you KNOW it...

---

"I'm saying that people aren't listening to you because of the way you present your argument." - by mandelbr0t (1015855) on Wednesday January 04, @09:56PM (#38592078)

Let's see - here are some of my posts on HOSTS files that were upmodded that disagree with you (would you like around 130++ more?)

BANNER ADS & BANDWIDTH:2011 -> http://hardware.slashdot.org/comments.pl?sid=2139088&cid=36077722 [slashdot.org]
HOSTS MOD UP:2010 -> http://yro.slashdot.org/comments.pl?sid=1907266&cid=34529608 [slashdot.org]
HOSTS MOD UP:2009 -> http://tech.slashdot.org/comments.pl?sid=1490078&cid=30555632 [slashdot.org]
HOSTS MOD UP:2010 -> http://it.slashdot.org/comments.pl?sid=1869638&cid=34237268 [slashdot.org]
HOSTS MOD UP:2009 -> http://tech.slashdot.org/comments.pl?sid=1461288&threshold=-1&commentsort=0&mode=thread&cid=30272074 [slashdot.org]
HOSTS MOD UP:2009 -> http://tech.slashdot.org/comments.pl?sid=1255487&cid=28197285 [slashdot.org]
HOSTS MOD UP:2009 -> http://tech.slashdot.org/comments.pl?sid=1206409&cid=27661983 [slashdot.org]
HOSTS MOD UP:2010 -> http://apple.slashdot.org/comments.pl?sid=1725068&cid=32960808 [slashdot.org]
HOSTS MOD UP:2010 -> http://it.slashdot.org/comments.pl?sid=1743902&cid=33147274 [slashdot.org]
APK 20++ POINTS ON HOSTS MOD UP:2010 -> http://news.slashdot.org/comments.pl?sid=1913212&cid=34576182 [slashdot.org]
HOSTS MOD UP:2010 -> http://it.slashdot.org/comments.pl?sid=1862260&cid=34186256 [slashdot.org]
HOSTS MOD UP:2010 (w/ facebook known bad sites blocked) -> http://tech.slashdot.org/comments.pl?sid=1924892&cid=34670128 [slashdot.org]
HOSTS FILE MOD UP FOR ANDROID MALWARE:2010 -> http://mobile.slashdot.org/comments.pl?sid=1930156&cid=34713952 [slashdot.org]
HOSTS MOD UP ZEUSTRACKER:2011 -> http://it.slashdot.org/comments.pl?sid=2059420&cid=35654066 [slashdot.org]
HOSTS MOD UP vs AT&T BANDWIDTH CAP:2011 -> http://tech.slashdot.org/comments.pl?sid=2116504&cid=35985584 [slashdot.org]
HOSTS MOD UP CAN DO SAME AS THE "CloudFlare" Server-Side service:2011 -> http://it.slashdot.org/comments.pl?sid=2220314&cid=36372850 [slashdot.org]
HOSTS and BGP +5 RATED (BEING HONEST):2010 http://tech.slashdot.org/comments.pl?sid=1901826&cid=34490450 [slashdot.org]
HOSTS & PROTECT IP ACT:2011 http://yro.slashdot.org/comments.pl?sid=2368832&cid=37021700 [slashdot.org]
HOSTS MOD UP:2011 -> http://yro.slashdot.org/comments.pl?sid=2457766&cid=37592458 [slashdot.org]
HOSTS MOD UP & OPERA HAUTE SECURE:2011 -> http://yro.slashdot.org/comments.pl?sid=2457274&cid=37589596 [slashdot.org]
0.0.0.0 in HOSTS:2009 -> http://tech.slashdot.org/comments.pl?sid=1197039&cid=27556999 [slashdot.org]
0.0.0.0 IN HOSTS:2009 -> http://tech.slashdot.org/comments.pl?sid=1143349&cid=27012231 [slashdot.org]
0.0.0.0 in HOSTS:2009 -> http://it.slashdot.org/comments.pl?sid=1198841&cid=27580299 [slashdot.org]
0.0.0.0 in HOSTS:2009 -> http://tech.slashdot.org/comments.pl?sid=1139705&cid=26977225 [slashdot.org]
HOSTS MOD UP:2009 -> http://hardware.slashdot.org/comments.pl?sid=1319261&cid=28872833 [slashdot.org] (still says INSIGHTFUL)
HOSTS MOD UP vs. botnet: 2012 -> http://it.slashdot.org/comments.pl?sid=2603836&cid=38586216 [slashdot.org]

Also, what about your peers here that agree with me on HOSTS files?

---

18++ SLASHDOT USERS EXPERIENCING SUCCESS USING HOSTS FILES QUOTED VERBATIM:

---

"Ever since I've installed a host file (http://www.mvps.org/winhelp2002/hosts.htm) to redirect advertisers to my loopback, I haven't had any malware, spyware, or adware issues. I first started using the host file 5 years ago." - by TestedDoughnut (1324447) on Monday December 13, @12:18AM (#34532122)

"I use a custom /etc/hosts to block ads... my file gets parsed basically instantly ... So basically, for any modern computer, it has zero visible impact. And even if it took, say, a second to parse, that would be more than offset by the MANY seconds saved by not downloading and rendering ads. I have noticed NO ill effects from running a custom /etc/hosts file for the last several years. And as a matter of fact I DO run http servers on my computers and I've never had an /etc/hosts-related problem... it FUCKING WORKS and makes my life better overall." - by sootman (158191) on Monday July 13 2009, @11:47AM (#28677363) Homepage Journal

"I actually went and downloaded a 16k line hosts file and started using that after seeing that post, you know just for trying it out. some sites load up faster." - by gl4ss (559668) on Thursday November 17, @11:20AM (#38086752) Homepage Journal

"Better than an ad blocker, imo. Hosts file entries: http://www.mvps.org/winhelp2002/hosts.htm [mvps.org] " - by TempestRose (1187397) on Tuesday March 15, @12:53PM (#35493274)

"^^ One of the many reasons why I like the user-friendliness of the /etc/hosts file." - by lennier1 (264730) on Saturday March 05, @09:26PM (#35393448)

"They've been on my HOSTS block for years" - by ScottCooperDotNet (929575) on Thursday August 05 2010, @01:52AM (#33147212)

"I'm currently only using my hosts file to block pheedo ads from showing up in my RSS feeds and causing them to take forever to load. Regardless of its original intent, it's still a valid tool, when used judiciously." - by Bill Dog (726542) on Monday April 25, @02:16AM (#35927050) Homepage Journal

"you're right about hosts files" - by drinkypoo (153816) on Thursday May 26, @01:21PM (#36252958) Homepage

"APK's monolithic hosts file is looking pretty good at the moment." - by Culture20 (968837) on Thursday November 17, @10:08AM (#38085666)

"I also use the MVPS ad blocking hosts file." - by Rick17JJ (744063) on Wednesday January 19, @03:04PM (#34931482)

"I use ad-Block and a hostfile" - by Ol Olsoc (1175323) on Tuesday March 01, @10:11AM (#35346902)

"I do use Hosts, for a couple fake domains I use." - by icebraining (1313345) on Saturday December 11, @09:34AM (#34523012) Homepage

"It's a good write up on something everybody should use, why you were modded down is beyond me. Using a HOSTS file, ADblock is of no concern and they can do what they want." - by Trax3001BBS (2368736) on Monday December 12, @10:07PM (#38351398) Homepage Journal

"I want my surfing speed back so I block EVERY fucking ad. i.e. http://someonewhocares.org/hosts/ [someonewhocares.org] and http://winhelp2002.mvps.org/hosts.htm [mvps.org] FTW" - by UnknownSoldier (67820) on Tuesday December 13, @12:04PM (#38356782)

"Let me introduce you to the file: /etc/hosts" - by fahrbot-bot (874524) on Monday December 19, @05:03PM (#38427432)

"I use a hosts file" - by EdIII (1114411) on Tuesday December 13, @01:17PM (#38357816)

"I'm tempted to go for a hacked hosts file that simply resolves most advert sites to 127.0.0.1" - by bLanark (123342) on Tuesday December 13, @01:13PM (#38357760)

"put in your /etc/hosts:" - by Anonymous Coward on Friday December 03, @09:17AM (#34429688)

---

Your B.S. is OUTNUMBERED what? By a 150:1 ratio??

---

"Don't spend it all in one place. The dedicated rig does other useful stuff that I wouldn't want bogging down my desktop." - by mandelbr0t (1015855) on Wednesday January 04, @09:56PM (#38592078)

That's STILL WASTING MORE ELECTRICITY THAN I DO, by far, & also WASTING MORE CPU CYCLES, RAM, & OTHER FORMS OF I/O THAN I DO here...

Real Genius that... & what did you say next? This I am going to BLOW YOU AWAY on & it made me LAUGH:

---

"Yep. This is, after all, a "News for Nerds" site. You're not the only genius here. And the rest of us don't tend to use terms like "superior technical firepower" and go off on rants about things that represent a minute portion of IT." - by mandelbr0t (1015855) on Wednesday January 04, @09:56PM (#38592078)

LOL, funniest part is? Yea, I've SEEN the "geniuses" that float around here... hate to say it?? 90% are worth a plugged nickel - or, do the downmodders in sexconker &/or couchslug RUNNING AWAY FROM A CHALLENGE I put to they here indicate otherwise??

Most of them haven't done SQUAT in COMPUTING for Pete's sake!!!

(Yes... I've even confronted them on that too - albeit, ONLY when I am attacked off topic & in ad hominem fashion, as was done to me here & you cannot deny it along with unjustified mod downs too here (many times before too).

Want to know WHO HAS though? Just ask, because I'll put up verifiable concrete information to that effect upon request.

---

"This borders on delusional" - by mandelbr0t (1015855) on Wednesday January 04, @09:56PM (#38592078)

You're the one with "delusions of grandeur" thinking you're going to tell ME how to write etc. (please: Don't like it? DON'T READ IT! It's THAT simple... others clearly disagree with your 'sentiments & opinions' here (see above)).

---

" I don't know how your mind got from a sincere comment on how I felt your writing represented yourself to making assumptions about the purpose of my post. The purpose of my post was to say that the content of your original post had technical merit. It still does. I just choose not to go down that road. If that requires you to tear apart my post looking for flaws not related to the original discussion, well, it's no wonder no one bothers to have a discussion with you based on technical merits." - by mandelbr0t (1015855) on Wednesday January 04, @09:56PM (#38592078)

Who are you trying to fool now? Yourself?? I mean - WHAT EXACTLY QUALIFIES YOU TO TELL ANYONE HOW TO WRITE (see above, many here clearly disagree with you).

APK

P.S.=> Std. trolling b.s. - now he's playing "nice guy" (after doing his "english prof. wannabe shtick" & I show many posts above that are upmodded on HOSTS no less, to put his "learn how to write" b.s. away with ease - "argue with the numbers" because your "opinion" is outgunned by a 150:1++ ratio above)

Now, you're also trying to defend trolls that attacked me blatantly off topic + with illogical ad hominem attacks (couchslug) & one that won't face my challenge to he when he TRIED to be "on topic" & made SO MANY TECHNICAL BLUNDERS I shut him down on (sexconker) he RAN!...

Give us a break!

... apk" OPERA HAUTE SECURE:2011"It's a good write up on something everybody should use, why you were modded down is beyond me. Using a HOSTS file, ADblock is of no concern and they can do what they want."

Re:It's NO work (automated in multiplatform Python (0)

Anonymous Coward | more than 2 years ago | (#38596894)

Alexander Peter Kowalski is a prolific and persistent troll. He resets his IP address to circumvent the Slashdot post flood limit. When he was informed that intentionally circumventing restrictions, even by exploiting known flaws in the system, constitutes unauthorized access to a computer system, which is a felony, he ducked the issue. It didn't seem to dissuade him from exploiting it, however.

Re:It's NO work (automated in multiplatform Python (0)

Anonymous Coward | more than 2 years ago | (#38599678)

Sounds like you fear apk because you're unable to disprove his points and instead you try off topic illogical ad hominem attacks (failing miserably).

U FAIL PHOOL, lol... (0)

Anonymous Coward | more than 2 years ago | (#38603700)

Turnin' ur system off n on again 4 gettin a new IP lease != law breaking.

Re:Me too (but 4 DIFF. reasons)... apk (1)

darkpixel2k (623900) | more than 2 years ago | (#38602058)

Between a custom HOSTS file, & using "filtering" DNS servers (that specialize in blocking out malicious script & malware serving domains + phishing/spamming ones)?

Can you please tell me how to modify my HOSTS file to block your stupid use of the bold tag? Fsck.

Re:Me too (but 4 DIFF. reasons)... apk (0)

Anonymous Coward | more than 2 years ago | (#38603768)

Not our fault if ur 2 stupid 2 figure it out phool.

Re:Resolving lilupophilupop.com... failed: Name or (4, Informative)

hankwang (413283) | more than 2 years ago | (#38586312)

Strange; earlier today (when I submitted the story), they were online.

The site redirected to this (http changed to hXXp): hXXp://plac41eadmi.rr.nu/n.php?h=1&s=sl
which redirected to hXXp://www3.smartnetworkzgx.Kwik.To/?92ut2bc2=Xafe2G%2BXmmKsk9Hb2KuYmuPir52umJ6tpuGxZZPJZ9agmKKkpJiY

which contained an obfuscated script that went on like this:

var xrPke='QiqpR';if('xmFR'=='ZqpZB')aSetrA();}
function ty6HJA7y3z10n0s(rFOaSw){var NLgXo="3845";var vJtxnk=132;var PmBBXq=[];var uqrx;var lTrQTu=0;

But also the kwik.to website is offline now.

DNSBL's maybe? I'd suspect that @ least... apk (0)

Anonymous Coward | more than 2 years ago | (#38586764)

See subject-line... I got into a BIT of that in my other replies here (but, like I suspect what YOU'RE SEEING to be? DNSBL filtering's already taking place & with GOOD reasons).

* In any event? You MAY wish to read this (or not) on why I didn't see it & wouldn't have before today too (DNSBL filtering DNS servers, specializing in blocking out bogus sites/servers/hosts-domains vs. malware, malicious scripting, etc. + custom HOSTS files) -> http://it.slashdot.org/comments.pl?sid=2603836&cid=38586216 [slashdot.org]

(You MAY find it useful, and informative... because what I do not only SECURES me better online, but? It also makes me FASTER by far... noticeably so, & getting my money's worth I shell out each month to be online out of pocket!)

APK

P.S.=> This is 1 time where DNSBL's are EXCELLENT vs. malware & the like bad stuff online - BLOCKING THEM THE "F" OUT! I suspect that's WHY you can't see it...

... apk

Re:DNSBL's maybe? I'd suspect that @ least... apk (1)

hankwang (413283) | more than 2 years ago | (#38586972)

I was using my ISP's DNS, but lilupophilupop.com doesn't resolve either when I use a DNS server of which I'm sure that it is not subscribed to any black lists.

Give your ISP/BSP a call & see... apk (0)

Anonymous Coward | more than 2 years ago | (#38587360)

Because I strongly wager that IF, for instance, I was running DNS servers @ an ISP/BSP, I'd be using things like this -> http://doc.emergingthreats.net/bin/view/Main/HoneywallSamples [emergingthreats.net]

(That's a DNSBL vs. malware/threats online in general I convert to HOSTS file format, & is an example of what ISP/BSP's use for blacklisting bogus sites/servers/hosts-domains)

It's also possible they're setup "recursively" & call out to "higher" level DNS servers than theirs & THEY have the hosts-domain for this malware blocked out already!

Don't discount THAT possibility, because this thing's "running amok" out there (per this article).

* Now, on ISP/BSP "level 1 support" being aware of what's PROBABLY done @ the "NOC" level? Low... but, perhaps they can connect you to someone who DOES control that much so you can inquire on if it was filter blocked or not!

APK

P.S.=> Good luck, but I do wager that's what happened on YOUR end... & you MAY wish to try those filtering DNSBL based DNS servers I noted in my init./1st post:

Norton DNS:

198.153.192.1
198.153.194.1
198.153.192.60
198.153.194.60
198.153.192.50
198.153.194.50
198.153.192.40
198.153.194.40

OpenDNS:

208.67.222.222
208.67.220.220

ScrubIT DNS:

67.138.54.100
207.225.209.66

From my initial/original post here where I noted them & in FAR greater detail than I did here, so others could look into using them also -> http://it.slashdot.org/comments.pl?sid=2603836&cid=38586216 [slashdot.org]

... apk

Google search (2)

d3ac0n (715594) | more than 2 years ago | (#38586064)

Turns up lots of tiny little "backwater" sites run by small businesses. Not surprising they would get nailed, they are the most vulnerable.

But...

Do I see ITT Tech in there as a victim?

Ouch!

Not just "backwater" sites (1)

Kaleidoscopio (1271290) | more than 2 years ago | (#38586116)

The web site for the Portuguese Electric Company (EDP) is there. That seems a major site by my standards. I might be suspect of course, beeing Portuguese. :D

Re:Not just "backwater" sites (0)

Anonymous Coward | more than 2 years ago | (#38586468)

Is it major though? What functionality does it have, customer's account and banking information? Or it it like my local power company's site, nothing more than a presence telling you how great they are, and a simple form if you want some form of contact.

Re:Google search (0)

Anonymous Coward | more than 2 years ago | (#38586490)

Back when I used to go to Devry, they had a "test" server w no root password :P

I wouldn't be surprised, tech colleges sometimes rely on student labor, and execs are still as ignorant as anywhere else in regards to technology.

Re:Google search (2)

cdrudge (68377) | more than 2 years ago | (#38588828)

Do I see ITT Tech in there as a victim?

No, that's just part of their Information Systems and Cybersecurity [itt-tech.edu] degree program.

Hosted in.. Transnistria (5, Interesting)

Dynamoo (527749) | more than 2 years ago | (#38586138)

The malware site is hosted by Specialist Ltd in Transnistria, who are a totally black hat [dynamoo.com] operation. They can get away with it because almost nobody recognises the existence of Transnistria [wikipedia.org] , so it is effectively outside the reach of international law enforcement.

Re:Hosted in.. Transnistria (2)

drinkypoo (153816) | more than 2 years ago | (#38586338)

Great, maybe I can get them to host my website when you're no longer allowed free speech on the internet in the USA.

Re:Hosted in.. Transnistria (1)

mapkinase (958129) | more than 2 years ago | (#38586464)

Good luck with that. This "country" leadership is Putin's lackeys.

Re:Hosted in.. Transnistria (1)

drinkypoo (153816) | more than 2 years ago | (#38586564)

Either you believe that Russia and the USA are simply working in harmony and all conflict is a ruse, in which case there is very little hope for freedom; or you should believe that they would love to see it happen, because it would make us look like assholes.

Re:Hosted in.. Transnistria (4, Funny)

mapkinase (958129) | more than 2 years ago | (#38586676)

Well, if freedom for you is to be able to say bad things about USA, then you are fine. Then Brezhnev's Russia had all the freedom:

Brezhnev meets Reagan and the latter complains that Russia does not have freedom of speech, giving an example: "In US, everybody can go in front of White House and shout: Reagan is an idiot". Brezhnev retorts: "You can do the same in Russia: you can go to Red Square and shout: Reagan is an idiot".

Re:Hosted in.. Transnistria (2)

boristdog (133725) | more than 2 years ago | (#38586520)

Wasn't the transnister invented there?

Re:Hosted in.. Transnistria (2)

Noughmad (1044096) | more than 2 years ago | (#38587114)

Would that be the transistor that says Ni?

Re:Hosted in.. Transnistria (1)

idontgno (624372) | more than 2 years ago | (#38587826)

No. That would be the ecky-ecky-ecky-ecky-ptang-zoop-boing-FET.

Re:Hosted in.. Transnistria (1)

interval1066 (668936) | more than 2 years ago | (#38586566)

Wow... read the wikipedia article on that place. Total backwater, no one knows about this "country". They still use old soviet socialist emblems on all their buildings and stationary. That's wierd in itself, but it just part of how out of the way this place is.

Re:Hosted in.. Transnistria (0)

Anonymous Coward | more than 2 years ago | (#38587352)

In some Chinese provincial offices (think state capitals in the US), bureaucrats still have Soviet Union flags on their desks in addition to the Chinese flag.

OWS : immantize the Gernsback continuum now! (1)

Thud457 (234763) | more than 2 years ago | (#38587460)

Who the hell put William Gibson in charge of scripting reality these days?!!!

godamn, it's real

I'd like to send this letter to the Prussian consulate in Siam by aeromail. Am I too late for the 4:30 autogyro?

time here.

Re:Hosted in.. Transnistria (0)

Anonymous Coward | more than 2 years ago | (#38586608)

Couldn't someone, just, you know, blackhole them without telling anyone else..?
Nobody will care. And to be honest, countries that are just entirely on the internet to do bad shit should be blackholed. They don't have any right to be on it.

Re:Hosted in.. Transnistria (1)

amicusNYCL (1538833) | more than 2 years ago | (#38587088)

I'm pretty sure that people recognize the existence of the cities and people there, just not their autonomy. That would mean that the area is officially recognized as part of Moldova, and it would be up to the authorities in Moldova to put a stop to it. If they can't, then maybe they don't have control over the area, and if the local government can, then maybe they deserve official autonomy. Either way, the criminals aren't out of reach.

Re:Hosted in.. Transnistria (1)

ChatHuant (801522) | more than 2 years ago | (#38590998)

That would mean that the area is officially recognized as part of Moldova, and it would be up to the authorities in Moldova to put a stop to it.

The options of the Moldovan leadership are limited, because of Russian interference (as it is so often in this general area). It's not a case of Transnistria deserving official autonomy as much as a case of Russia imposing their will by military force and running roughshod over the rights of other countries, and over their own legal commitments. Transnistria is only recognized as a state by a few other fly-by-night former Soviet teritorries, such as Abkhazia, but Russia has opened a consulate there, and is strongly supporting the hardcore former communists. As part of this support, Russian troops have launched artillery attacks on Moldovan forces, killing over a hundred people (see here [wikipedia.org] . At this moment, units of the 14th Russian army are still illegally stationed in Transnistria and ensuring the maintenance of the status quo, despite a number of promises by the Russian leadership that they'll resolve the issue.

Slashdotted (1)

Bazman (4849) | more than 2 years ago | (#38586234)

Getting '503 Service Unavailable' when I try and wget the relevant URL. The slashdot effect for good!

Misleading Title? (2)

BoRictor (559494) | more than 2 years ago | (#38586282)

https://www.google.com/search?q=%22script+src=%22http://lilupophilupop.com/sl.php%22 [google.com] shows only 286,000 results. Where did 1 million come from?

Re:Misleading Title? (1)

drpimp (900837) | more than 2 years ago | (#38587518)

Not to mention I didn't know you could actually search the DOM. I suspect these are the sites that html encode content from the DB so the actual script tag was rendered?

Classic ASP? (2)

Synerg1y (2169962) | more than 2 years ago | (#38586536)

I'm wondering...

classic asp + mssql combos aren't that common? It's usually iis (asp.net) + mssql or asp + mysql. Coldfusion isn't that large either.

As other people have said not even close to 1 million sites, point being there's probably not a million sites that run these combos.

Re:Classic ASP? (0)

Anonymous Coward | more than 2 years ago | (#38587212)

I'm wondering...

classic asp + mssql combos aren't that common? It's usually iis (asp.net) + mssql or asp + mysql. Coldfusion isn't that large either.

As other people have said not even close to 1 million sites, point being there's probably not a million sites that run these combos.

The target of this injection attack are most likely sites that are still running IIS based on asp on WinXP. So the target is most likely the dying internet accessable data bases that still hold tonnes of user data including credit and personal info. The article earlier today that IE6 is down to 1% just goes to show that there is still an opportunity out there for blackhats to target mssql data bases. You can bet that one shitload of the businesses that still allow the use of Coldfusion are also stuck on IE6 and data base sql that is riddled with MS Access hack drop tables. I remember all the hype about how great access and excel were and why it is so important to easily make data available with simple drop tables and how this will make your data base so easy for the client to use. The Microsoft Access dominated courses in the colleges are largely responsible for this mess.

Don't for a minute think that the MS Access brainwashing that was done in the IT schools in the 1990's is not largely to blame for the fact that there are still a shit load IT data base idiots out there coding drop tables for MS Access on old XP based servers! There are still far too many out there who do not take data access security seriously and who want to just please a boss and others who do not want to be forced to change their passwords on a regular basis. And yes MICROSOFT is to blame for this situation!

Re:Classic ASP? (1)

FormOfActionBanana (966779) | more than 2 years ago | (#38593742)

Since when does DROP TABLE make data available??

Lalilulelo (0)

Anonymous Coward | more than 2 years ago | (#38586896)

Liluphilupop? Otacon, is the DARPA Chief high on drugs? Or is Hideo Kojima on them?

Oh noes not Adobe Flash! (5, Funny)

maple_shaft (1046302) | more than 2 years ago | (#38587400)

... Oh man I was worried for second! I thought the summary claimed that the javascript redirected you to download Adobe Flash. I was relieved to find out that it was a fake Adobe Flash download. Far less dangerous.

Although these attacks are evil in their intent... (1)

P-niiice (1703362) | more than 2 years ago | (#38588504)

The mechanics of their design and execution make for interesting reading. Injecting a bunch of hex that then is decoded by a second script. I can't help but repect it.

Re:Although these attacks are evil in their intent (1)

Bill Dog (726542) | more than 2 years ago | (#38591602)

If I'm understanding it correctly, it relies on both of the two following things being true of a given web site (besides it using an MS SQL Server backend (or maybe it also works on Sybase database product(s) which also use the T-SQL language and might still have the involved system tables in common)):
1) SQL commands constructed via string concatenation including web form text field values, and
2) No sanitization of data coming out of the database before inserting into the HTML.

I actually had to look up .nu... (1)

Anachragnome (1008495) | more than 2 years ago | (#38589538)

I actually had to look up .nu, as I've never encountered it before.

From AegisLab Security blog in regards to this attack:

"The detailed attacking paths are as follows:

[script] hxxp://lilupophilupop.com/sl.php

            [hop] hxxp://doutl31inesst.rr.nu/n.php?h=1&s=sl

            [hop] hxxp://www3.simplerfnetwork.rr.nu

            [hop] hxxp://www1.smartscanerjkm.rr.nu

                    [download] hxxp://www1.smartscanerjkm.rr.nu "

A little Googling and some interesting reading led me to the small South Pacific island country of Niue. Never heard of it.

http://en.wikipedia.org/wiki/Niue [wikipedia.org]

From that article:
"Niue purported to establish diplomatic relations with the People's Republic of China on December 12, 2007.[17] However, in light of its Constitution it is uncertain whether Niue had the capacity to enter diplomatic relations with any country. Traditionally, Niue's foreign relations and defence have been regarded as the responsibility of New Zealand, which has full diplomatic relations with China. Furthermore the Joint Communique signed by Niue and China is different in its treatment of the Taiwan question from that agreed by New Zealand and China. New Zealand "acknowledged" China's position on Taiwan but has never expressly agreed with it, but Niue "recognizes that there is only one China in the world, the Government of the People's Republic of China is the sole legal government representing the whole of China and Taiwan is an inalienable part of the territory of China."

Interesting.

A little more searching and I find this article that discusses the tax-haven aspects of Niue in terms of Chinese businessmen...

http://www.ibls.com/internet_law_news_portal_view.aspx?s=latestnews&id=2447 [ibls.com]

The closing statement from that article...
"Niue's trust laws resemble the laws of offshore centers that are, or sometime were, British colonies. The important factor here is that, due to its location, Niue has become a financial center for wealthy Chinese who want to use the financial figure of offshore trusts. This means, Niue has a good prospective given the flourishing of the Chinese economy."

Indeed, the Chinese have been trying to buy their way into residency status on Niue (in effect giving them New Zealand residency status)...

http://www.niueconfidential.com/2011/03/immigration-rort-may-liquidate-company.html [niueconfidential.com]

I know it is a leap, but is it possible the Chinese are using Niue as a "Cyberwar base of operations"?

It boggles the mind (0)

Anonymous Coward | more than 2 years ago | (#38590478)

Do people still really pass sql to the server to be executed instead of using stored procedures, or at the very least building the sql on the server? The payload was nothing more special than any other T-SQL script. I was expecting something a little more clever than someone merely exploiting bad server design. I would be willing to bet the sites that were affected by this probably have issues with this sort of thing all the time and will have them continue far into the future.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?