I guess this will only grow in volume. Nobody seems to acknowledge the task of an admin, that keeps things updated and secure and that can implemented preventive security measures. It's mostly hire someone as cheap as possible to install xyz on a rented dedicated box and forget about it.
Add some sloppy password policy, lot's of PHP code that is neither sandboxed or updated and you'll have an easy time to own such machines.
And if it's hacked and disabled it just get's reimagined. I guess most don't even notice if you don't do anything that get's on the providers radar.
But honestly even as toying around with Linux for more than 15 years I'd have a hard time to find a rootkit in daily ops that successfully managed to load as kernel module or via ld-preload.
Graphing the load e.g. munin is sometimes useful but that's more like having some post-mortem tools.
> It's mostly hire someone as cheap as possible to install xyz on a rented dedicated box and forget about it.
You can say that again!! I routinely come across job postings such as 'Setup my server for $10 to $30' floating about at various freelance tech marketplaces.
Hell, when starting out as a freelancer a couple of years ago, I took up some jobs like that myself, to - so to say - test the waters. I still take up such jobs, but at (much) higher rates and per my experience, most of the clients do not have the foggiest so far as security is concerned.
Scary to think how many more of such hacked servers are out there, I think dedicated server networks like OVH are easy targets, and that's just the tip of the iceberg.
You bet. Since OVH servers normally start north of $50-60/mo. (not exactly a very trivial sum), their clients may still be at least somewhat more serious/conscious about security, but talk about the likes of Kimsufi (incidentally, a subsidiary of OVH I believe) where dedi boxes (with low-end configs) are available for < $10/mo.!!!
Trying to get a profit from such things was and always will be a shady noob thing to do. Release groups don't exist to make a profit, and that's why they've thrown such a wrench in the for-profit internet. It's not like the types of people who used to hack boxes to set up an FTP drop didn't have the means to purchase legitimate hosting, but a combination of legitimate hosting not allowing such content knowingly, the lack of accountability / traceability on such a system, and the pure pleasure / glory / novelty / status of exploiting your way to free hosting, then using that hosting to distribute your exploits.
It was also an easy way to limit access to your cracks / serials / whatever to only your friends and other respected people in the scene. The exclusivity made it a status symbol, just like with any status symbol.
Fictive scenario. One TV channel executive could hurt the finances of a competing TV channel by seeding the competitions shows, and by this gaining power and influence in her own career
Certain FOX episodes have shown up on file sharing networks over the past years with trailers for other FOX shows preceding the actual content. You don't think networks are already promoting their tv shows directly to the file sharing demographic?
Back in the day, pre-torrent/p2p, we used to use hacked boxes to distribute our pirated materials over FTP. If you are lucky and find a stable box, it could last 1-2 years, though that was a pretty rare find. Most machines didn't last more than a month at most.
Add some sloppy password policy, lot's of PHP code that is neither sandboxed or updated and you'll have an easy time to own such machines.
And if it's hacked and disabled it just get's reimagined. I guess most don't even notice if you don't do anything that get's on the providers radar.
But honestly even as toying around with Linux for more than 15 years I'd have a hard time to find a rootkit in daily ops that successfully managed to load as kernel module or via ld-preload.
Graphing the load e.g. munin is sometimes useful but that's more like having some post-mortem tools.