I was damn near floored the first time I ever checked my logs within a week of leasing a server. It was non-fucking-stop. Trying to maintain a blacklist was pretty much useless. Any half-ass common piece of software that was existing in the public domain was subjected to continual targeting. Most hits originated from Russia.
It was mind-blowing, they were trying for any kind of exploit, even versions that were relatively recent and not outdated by much were subject to attacks for stuff that was patched out within a month prior. I wish I was savvier on how that shit operates, but it feels like there are swarms of botnets that scour the web looking for hits on known exploits. Lots came from the same address blocks, and they weren't just aimlessly targeting anything, they were all going after things that were on the server. It's actually pretty fucking scary.
Talk about being disheartened as an aspiring developer, what the fuck happens if somebody digs something out of the thing you've poured your time and patience over and it finds its way into that kind of shit before you can react to it?
Looked at the logs yesterday to see why our Intarwebs was slow as cold molasses. We were getting about 100 to 300 hits ("Scrapes") an hour from "Scrape Bots", just three of them, all run by a South Korean firm. I did a bit of sleuthing, found their server, managed to change their root and user passwords for them. I added insult to injury by making Russian the default language and rebooting their server for them before I backed out. Learned those hacks working part time for a local ISP some years ago. There are reasons why you must change default passwords . . .
A number of times that ISP was attacked by Russian Script Kiddies, running the same one hundred or so scripts over and over, hoping some combination would work for them. When this would happen, the senior tech would redirect the hacking to a particular node that was a honey pot. Within ten minutes tops, all attacks would cease.. Cant imagine why. He was the one that taught me forced entry into a server so you could fix something at night without going to the server farm.
BOT Nets usually go after a full block, like 143.16.34.xxx, where the target is the last octal. It makes a focused attack, requiring only 255 IP addresses to be loaded for exploit.
I do suggest people use Google's DNS servers for better security and faster resolve time, though. Especially if you're on Comcast.
