To whoever is spending their entire botnet on ddosing my project: its working, you successfully took down a 25 line api running on a free heroku dyno, you can stop now.

How I feel when code is working

Yes you do

the systemd botnet is taking over

So I guess you could say Dyn users got Dynied service when their servers were ddossed...

Badum tiss...

Every year my team runs an award ceremony during which people win “awards” for mistakes throughout the year. This years was quite good.

The integration partner award- one of our sysAdmins was talking with a partner from another company over Skype and was having some issues with azure. He intended to send me a small rant but instead sent “fucking azure can go fuck itself, won’t let me update to managed disks from a vhd built on unmanaged” to our jv partner.

Sysadmin wannabe award (mine)- ran “Sudo chmod -R 700 /“ on one of our dev systems then had to spend the next day trying to fix it 😓

The ain’t no sanity clause award - someone ran a massive update query on a prod database without a where clause

The dba wannabe award - one of our support guys was clearing out a prod dB server to make some disk space and accidentally deleted one of the databases devices bringing it down.

The open source community award - one of the devs had been messing about with an apache proxy on a prod web server and it ended up as part of a botnet

There were others but I can’t remember them all

"Will i be able to understand the da vinci code by the end of my work experience"?

WHAT THE FUCK? WHAT THE FUCK IS THIS SHIT? ARE YOU FUCKING SERIOUS.. I WAKE UP IN THE MIDDLE OF THE FUCKING NIGHT BECAUSE MY FUCKING PHONE VIBRATED UNDER MY FUCKING PILLOW WHICH I KNOW ISN'T VERY HEALTHY BUT WHATEVER, I CHECK MY PHONE AND IT'S A GODDAMN GOOGLE PLAY AD... IN THE FUCKING NOTIFICATIONS. THEY FUCKING SENT ME AN APP SUGGESTION IN MY NOTIFICATIONS EVEN THOUGH THAT OPTION IS SPECIFICALLY TURNED OFF IN THE FUCKING SETTINGS.
FUCK YOU GOOGLE YOU BOTNET GREEDY BLOATED "muh AI" PIECE OF SHIT. I HOPE YOUR SERVERS IN ALL CONTINENTS GET BURNED DOWN BY SOME SADIST NIHILIST HACKER WITH A 0DAY AND YOU SEIZE TO EXIST.

Goodnight.

//little Story of a sys admin

Wondered why a Server on my Linux Root couldn't build a network connection, even when it was running.

Checked iptables and saw, that the port of the Server was redirected to a different port.

I never added that rule to the firewall. Checked and a little script I used from someone else generated traffic for a mobile game.

OK beginn the DDoS Penetration. Over 10 Gbit/s on some small servers.

Checked Facebook and some idiot posted on my site:
Stop you little shithead or I will report you to the police!!!

Checked his profile page and he had a small shitty android game with a botnet.

Choose one:
1. let him be
2. Fuck him up for good

Lets Sudo with 2.

I scaled up my bandwith to 25 Gbit/s and found out that guys phone number.

Slowly started to eat away his bandwith for days. 3 days later his server was unreachable.

Then I masked my VoIP adress and called him:

Me: Hi, you know me?
He: No WTF! Why are you calling me.
Me: I love your're game a lot, I really love it.
He: What's wrong with you? Who are you?
Me: I'm teach
He: teach?
Me: Teach me lesson
He: Are you crazy I'm hanging up!
Me: I really love you're game. I even took away all your bandwith. Now you're servers are blocked, you're game banned on the store.
He: WHAT, WHAT? (hearing typing)

Me: Don't fuck with the wrong guys. I teached you a lesson, call me EL PENETRATO

He: FUCK Fuck Fuck you! Who are you???!!! I'm going to report you!
Me: How?
He: I got you're logs!
Me: Check it at Utrace...
He: Holy shit all around the world

Me: Lemme Smash Bitch
*hung up*

We just got into a malicious bots database with root access.

So guard duty gave us some warnings for our tableau server, after investigating we found an ip that was spamming us trying all sorts. After trying some stuff we managed to access their MySQL database, root root logged us in. Anyway the database we just broke into seems to have schemas for not only the bot but also a few Chinese gambling websites. There are lots of payment details on here.

Big question, who do we report this to, and what's the best way to do so anonymously? I'm assuming the malicious bot has just hyjacked the server for these gambling sites so we won't touch those but dropping the schema the bot is using is also viable. However it has a list of other ips, trying those we found more compromised servers which we could also log in to with root root.

This is kinda ongoing, writing this as my coworker is digging through this more.

Windows you dense motherfucker! Now you come with two different fucking candy crush games and some fucking disney piece of shit botnet useless game consuming an entire GB of precious ssd space?? What the flying fuck i swear i hate this piece of junk more and more every day.
Furthermore, i got my motherboard replaced the other day since it suddenly died and now i cant boot into linux anymore since windows decided it's the only os to live on my laptop? Fuck off

Well then, looks like my pihole attracted the attention of a botnet with 65 zombies attempting a large DNS amplification attack.
Time to unleash the BANHAMMER

Fun fact: only a few hundereds of their requests actually show up in the pihole logs. The other 40k+ requests they attempted were blocked by my firewall :D

Unnamed hacking game - "terminal" graphics
-Multiplayer. Last man standing.
-Like a tower-defence game but technical
You work for a company that has outsourced their technical department to Bykazistan, a country with good internet and bad laws. On one hand, labor is very cheap! There are no pesky laws protecting workers, so you don't need to pay them what they're worth. Phew. However, there are also no laws against cyber crime. But for a start-up like you, the risk is worth the reward!
...which would be great! If you were the only company with that idea. As it turns out, you aren't. All of your competitors also recently outsourced to Bykazistan, and that could be an issue.
You would be afraid, but you are a hardened businessman. You are familiar with the cut-throat nature of the business world and where others see risk, you see opportunity. Let the games begin.
Your mission is to protect your ciritical assets at all costs, eliminate your opponents, and make ciritical financial decisions - all while maintaining your uptime!
Build a botnet and attack your competition to decrease their uptime and disable their attacks. Port scan your opponents to learn more about their network, but beware of honeypots! Initiate devastating social engineering attacks - and train your employees against them! Brute-force their credentials, and strengthen your own.
Make sure to keep your software patched...

Hey! Heard you like scams.
Seriously, what even is this? I heard about this, but didn't think it would happen to me.
Also based on what they want to be doing with another person's computer can also double as a botnet too.

A site I manage in my spare time with a couple thousand normal users was getting attacked by a Chinese botnet. All the requests were coming from only two subnets. Easy to block. Feels like this was only the vanguard. Prelude to the real attack. I'm thinking about moving the site to its own server, so it won't affect my other sites. There at least if it gets kneeled, it'll only be that site.

GIRLS PRANK
Omg I changed her lipstick with one of a slightly different color I'm so random she'll go CrAaAaAzY

BOYS PRANK
Use Tampermonkey to transform your colleague's pc into a chinese botnet and redirect him to some PCC website on every click forever

Yeah long story short that's how my previous firm blocked access to domains hosted by the Chinese government.

chrome
>botnet
firefox
>cucknet
safari
>too much faggotry, doesnt play webms
edge
>too edgy for me, not multi platform
vivaldi
>whats the point runing a skin on top of chrome
brave
>same as vivaldi, also I can install my fucking adblock myself
Any suggestions for other browsers

These are my stickers, there are many like it, but these are mine!
@dfox thank you for the stickers 👍

Happy Ranting!

I wrote some simple pen test scripts that automatically get executed on every ip in my fail2ban log.

Ip count: 2500+ in a few days. Probably victims of botnet. Some have mysql, postgres, smb open and many of them support user/pass auth on their ssh.

The scripts were a lot of fun to write but I don't expect much results.

I was getting bored with programing cause a majority of it is boilerplate code then i heard of the Mirai virus. It infected alot of iot devices so I decided to look at it and it was written in golang. It is a beautifully written botnet even though they're parts where it could have been better. So i looked more into golang and saw that it could cross compile pretty easily and could build self contained binaries really easily. On top of all this i saw the smallest docker containers with golang programs so i looked into it more and kept finding more and more that i liked. Easy library packaging, concurancy without boilerplate, quick servers, and the libraries from other devs that did all kind of great things

@micheltombroff 👍 best happy face ive seen
@g-m-f pitty i couldn't reply with a pic

Thoughts after a security conference.

The private sector, no matter the size, often plays a role (e.g. entry vector, DDoS load generating botnet, etc.) in massive, sometimes country-wide attacks. Shouldn't that make private businesses' CyberSec a matter of national security? Shouldn't the government create and enforce a security framework for private businesses to implement in their IT systems? IMO that'd also enforce standardised data security and force all the companies treat ITSec with at least minimal care (where "minimal" is set by the gov)

What are your thoughts?

Beware of programmers that carry screwdrivers

I mean, TOR is great...until the bots starts to come out...

Chinese? Someone thinks this is funny...

Fokers... gtfo!

!rant; question = true;

Switched to non-google for every device I own, however:
When I accidently go to Google and try to search, it tells me that I am blocked for suspicious activity and need to solve a captcha - If I do, the current search works.. Shortly after tho, it gives me the same thing again.

Any idea how to get more detailed info about the issue, e.g. Ensure none of my systems is quietly participating in a botnet?

PS: why should I care? Just don't use Google! That's right, yes, it still bugs me tho

Anyone here use UFONet botnet?