Bad Actors Story

Bad actors are not the ones on television or movies, although I can quite name a few since I am a "B" movie junkie. But I digress a little bit. Bad actors as explained in this article are the ones trying to breach your webserver not matter what kind of firewall you have. Once in your system, they want to steal your data and or encrypt your files. Then, because they are bad actors, they want to charge you also called ransomware to get your data back and or system unencrypted. Or if they are really bad actors they may release your data on the internet or send it to your competitors. Some of these bad actors do what they say and return your system back the way it was. Some of these bad actors do not encrypt your system after you paid and demand more payments before they might decrypt your system. Some of these bad actors take your money sell your information on the web for more profit. Unfortunately, you cannot tell what type of bad actor will take over your system and whether you will have a positive outcome from them no matter what action you take. Since I am the cloud site network administrator of ill repute. I see a lot of these attacks and a daily basis. WordPress, PHP, and many others are easy vectors into your webserver. Just recently I had to update our webserver 4 times because of the log4j vulnerability. It seems log4j version 2.14, our original version needed to be replaced by version 2.15. Then log4j version 2.15 need to be replaced by version 2.16. Then log4j version 2.16 needed to be replaced by version 2.17. And finally, version 2.17 needed to be replaced by version 2.17.1. I did not see the article that described the log4j vulnerability until Dec 11, 2021, two days after the problem was announced. By then I had recorded 11 failed attempts by bad actors on our web server. I am constantly restricting IP addresses based on what I see them doing or trying to do. Whether these bad actors are from China, Russia, India, Singapore, North Korea, or even the United States, my external-facing website must be protected from these bad actors. So one holiday night not long ago, it was dark and gloomy from my workstation window. For some reason, the office light was not to be shinning on my back today, but I was fully illuminated from the glow of my two 27 inch monitors when I spotted these log entries from our external facing website. I edited them to fit this snippet box: [02/Jan/2022:17:28:10] "HEAD /?xHAPPY-NEW-YEAR-FROM-DC8044.COM HTTP/1.1" 302 [02/Jan/2022:17:28:10] "HEAD /?x.............................. HTTP/1.1" 302 [02/Jan/2022:17:28:10] "HEAD /?x..............A............... HTTP/1.1" 302 [02/Jan/2022:17:28:10] "HEAD /?x.............dXb.............. HTTP/1.1" 302 [02/Jan/2022:17:28:10] "HEAD /?x..........dXiXXdXXb........... HTTP/1.1" 302 [02/Jan/2022:17:28:10] "HEAD /?x........dXXOXXXXdXXib......... HTTP/1.1" 302 [02/Jan/2022:17:28:10] "HEAD /?x.............dXb.............. HTTP/1.1" 302 [02/Jan/2022:17:28:10] "HEAD /?x..........dXOXXXXXOb.......... HTTP/1.1" 302 [02/Jan/2022:17:28:10] "HEAD /?x......dXXXXiXXXdXXXXXXb....... HTTP/1.1" 302 [02/Jan/2022:17:28:10] "HEAD /?x.............III.............. HTTP/1.1" 302 [02/Jan/2022:17:28:10] "HEAD /?x.............III.............. HTTP/1.1" 302 [02/Jan/2022:17:28:10] "HEAD /?x.............................. HTTP/1.1" 302 [02/Jan/2022:17:28:10] "HEAD /?x...Follow.us....t.me/DC8044... HTTP/1.1" 302 [02/Jan/2022:17:28:10] "HEAD /?x...WEB...........dc8044.com... HTTP/1.1" 302 [02/Jan/2022:17:28:10] "HEAD /?x.............................. HTTP/1.1" 302 [02/Jan/2022:17:28:10] "HEAD /?x HTTP/1.1" 302 [02/Jan/2022:17:28:10] "HEAD /?x HTTP/1.1" 302 -- I don't to whether to commend this person and or company who wasted a lot of time sending me a "Christmas" tree 7 days after Christmas. Or maybe I should commend myself for actually looking at the logs and deciphering what was sent? I am very conflicted on this, but these are definitely bad actors because their website has the words: "Hack All The Things". Or should I be surprised that dc8044 is a hex color composed of red, green, and blue? This should be a warning to all of the companies and personnel to be very careful about who has access to your website. This stunt by this company may look innocuous but its players are "Bad Actors".