The
bane of any
System Administrator, script kiddies
crack into systems, usually to prove to their
friends that they're "
l33t" or to run an
IRC bot. Luckily, they are generally as
incompetent as they are
annoying. It's amazing how much
effort script kiddies go through to
hide their tracks, even though they usually end up doing
one or two
stupid things that immediately
reveals their
presence. Some
examples I've dealt with in my
career:
- Deleting /var/adm. Within five minutes we received cron messages with errors to that effect.
- Replacing important system binaries. Tripwire catches this almost immediately.
- Starting a warez site. What's the point? Warez sites consume so much bandwidth and disk space that they will be shut down within a few hours at the most.
- Leaving files in /tmp. I look in /tmp frequently because I tend to make a mess of it myself. I quickly discover anything that isn't familiar.
It's also
amusing how much effort they go through to cover their tracks, when they forget the obvious, like
.bash_history files and the fact that the system
syslogs to a remote log
server.
Of course, this is a good thing. Imagine what it would be like if script kiddies were actually competent?