Sorry, you need to enable JavaScript to visit this website.

When Microsoft Attacks

Homer's picture

Slated employs many different techniques to protect the site from hacking, but by far the most important is vigilance, and that means paying close attention to things like logs.

Like many sites, Slated is under constant attack, mostly from bots running on compromised Windows machines, but most of those attacks are purely opportunistic and random, or in other words aren't actually targeting Slated for any particular reason. But every now and then I discover something in the server logs that suggests otherwise.

Today was one of those days.

What aroused my suspicion wasn't so much the nature of the attack, but the source.

Type page not found
Date Saturday, 10 December 2011 - 1:43pm
User Anony Mouse
Message xgl_on_fc5</function.htmlspecialchars
Severity warning

The hack itself is a failed attempt at an XSS (Cross-Site Scripting) injection, neutered by security mechanisms built into Drupal.

What I find far more interesting is the IP address of this hacker:


NetRange: -
NetHandle: NET-207-46-0-0-1
Parent: NET-207-0-0-0-0
NetType: Direct Assignment
RegDate: 1997-03-31
Updated: 2004-12-09

Microsoft Corp

Address: One Microsoft Way
City: Redmond
StateProv: WA
PostalCode: 98052
Country: US
RegDate: 1998-07-10
Updated: 2011-04-26

Now, as regular readers will already know, Slated is a site dedicated to GNU/Linux, Free Software, Free Standards, civil and human rights, business ethics, altruism and, generally, the cause of social liberalism. This upsets certain types of people and companies, no doubt including Microsoft. So it doesn't really surprise me when they attack Slated, although I find it rather disturbing that a global corporation like Microsoft should do it so openly.

Perhaps this "hack" is nothing more than yet another compromised Windows PC inside Microsoft's Redmond HQ, or maybe it's something more sinister, but either way someone or something on Microsoft's network just attacked Slated.

Good to know I have their full attention.

It's also a good thing this site isn't running Windows.