of any System Administrator
, script kiddies crack
into systems, usually to prove to their friends
that they're "l33t
" or to run an IRC bot
. Luckily, they are generally as incompetent
as they are annoying
. It's amazing how much effort
script kiddies go through to hide
their tracks, even though they usually end up doing one
or two stupid
things that immediately reveal
s their presence
. Some examples
I've dealt with in my career
- Deleting /var/adm. Within five minutes we received cron messages with errors to that effect.
- Replacing important system binaries. Tripwire catches this almost immediately.
- Starting a warez site. What's the point? Warez sites consume so much bandwidth and disk space that they will be shut down within a few hours at the most.
- Leaving files in /tmp. I look in /tmp frequently because I tend to make a mess of it myself. I quickly discover anything that isn't familiar.
It's also amusing
how much effort they go through to cover their tracks, when they forget the obvious, like .bash_history
files and the fact that the system syslog
s to a remote log server
Of course, this is a good thing. Imagine what it would be like if script kiddies were actually competent?