Oric computers, First Oric web server !

Starting from 19:00 tonight (WET time), you will be able to access the first
real Oric web server on http://80.119.96.30
... (if it doesn't get too overloaded)

Good luck... :-)

Fabrice

That web server is really cool.
Nice work Fabrice!

/Hakan Karlsson

"Euphoric" < XXXX@XXXXX.COM > skrev i meddelandet

first

Hiya Fabrice,



first

Excellent work my friend.
I must have been no.11 as it said it had served 10 requests before me.
This is truly wonderful.
--
Peter (TheSpider) @ Work
A Scotsman in Kentucky
Believer in the Lord Jesus Christ
Homepage : http://thespider.0catch.com
Web-blog : http://thespider.bbsmates.com

Yes, incredible :-)
I've been the 3rd request.
Congrats, can't wait for the next surprise :-)

Simon

> Starting from 19:00 tonight (WET time), you will be able to access the
first

Worked like a charm !

Good work :)

Ok, end of the experiment for tonight (23:20 WET)...
93 requests total (including a good ten from me, in order to check from time
to time if all was going well)...

Apologies to people who had problems : I had to reset the Telestrat a few
times at the beginning, and some web browsers apparently send a huge
quantity of headers with their requests (it seems the telestrat had problems
when the serial input buffer was full, or maybe the input buffer)... Ok, I
have to check to make it more robust...

I will soon share the web server program and the problems encountered, so
more people might develop their own Oric servers...

Thanks to all of you who visited !!

Cheers,

Fabrice

Ok, the server should soon provide some interesting features (somewhat like
CGI-commands), allowing to download the source, or see what your browser
sends...

Does anybody know how to get rid of an annoying attacker ?
The Telestrat is receiving port scans from 80.119.113.11, it's a real pain
in the ...

Cheers to all,

Fabrice

Put it behind a firewall and configure the firewall to drop all
packets which come from that address.

iptables -A FORWARD -s 80.119.113.11 DROP

--
Andr?Majorel <URL: http://www.teaser.fr/ ~amajorel/>
Respect for government [...] and its symbols is fundamentally fascist.
-- William Sommerwerck, on the subject of pissing on a national flag.

Great Work, Fabrice!
Thank You very much!
It is really COOOOOOOOOOOOLLLLLLLLLL!!!



Block that ip address!!!
drop all incoming packets from that ip!
...
something like hosts.allow and hosts.deny...
or... it may did in the web server, that will ignore requests from custom ip

BTW, I can't see something there... http://80.119.96.30/

Good Luck!

"Andre Majorel" < XXXX@XXXXX.COM > a rit dans le message de


Thanks for the command, Andr? I will try that...
In fact, I have received port scans from two other addresses too, always on
the same network...
So, these might be due to some worm thinking it is on a local network and
trying to infest all the machines on it...
I might block all the addresses coming from machines on the same network,
but that wouldn't be nice for people who chosed Neuf Telecom like me...

Best regards,

Fabrice

You could just block anything from them except TCP on port 80.
Most of the traffic generated by the scanning will be blocked
but legitimate connections will go through.

iptables -A FORWARD -p tcp --dport 80 ACCEPT
iptables -A FORWARD -s 80.119.113.11/24 DROP

But really, you should just block anything that's not 80/TCP,
regardless of where it comes from. And drop invalid TCP packets.
And filter out IIS exploits. And enforce rate limiting.. But
then it gets a little more involved.

OK, here's a simple rule to block everything that's not 80/TCP,
regardless of the source :

iptables -A FORWARD -P DROP
iptables -A FORWARD -p tcp --dport 80 ACCEPT

--
Andr?Majorel <URL: http://www.teaser.fr/ ~amajorel/>
Respect for government [...] and its symbols is fundamentally fascist.
-- William Sommerwerck, on the subject of pissing on a national flag.

"Andre Majorel" < XXXX@XXXXX.COM > a rit dans le message de


For now, I don't have a firewall, but with the NAT service, only trafic on
port 80 is able to enter; you can see the architecture depicted here:
http://80.119.98.33
(yeap, it's served by the Telestrat, it seems my address changes from time
to time, despite the fact I keep the PPP connection always open)
As soon as I run the Telestrat this morning, I started receiving badly
formed HTTP requests, surely the IIS exploits you are talking about...
hackers should be more respectful of non-Micro$oft platforms and only send
attacks when they have detected an IIS server ;-)

I guess I have to reconfigure the Linux PC as a router, insmod ip_tables
fails...

Cheers,

Fabrice

> For now, I don't have a firewall, but with the NAT service, only trafic on

Perhaps using a dyndns would be cool ?

Dbug

Yeah.. Use dyndns, or I personally would recommend myip.org (or dns2go
as it name is today) service...

Now, where is stuff needed to run Oric as webserver?

--

Jani Tiainen

Euphoric - XXXX@XXXXX.COM :


May be the simple way is to run your web server on a unused port (and
certainly a port not scanned by trojans and viruses) ? As long as you're
running it only for the community it's ok... But not if you want to make it
"public"...