[RSnake] has developed a denial of service technique that can take down servers more effectively. Traditionally, performing a denial of service attack entailed sending thousands of requests to a server, these requests needlessly tie up resources until the server fails. This repetitive attack requires the requests to happen in quick succession, and is usually a distributed effort. However, [RSnake]’s new technique has a client open several HTTP sessions and keeps them open for as long as possible. Most servers are configured to handle only a set number of connections; the infinite sessions prevent legitimate requests from being handled, shutting down the site. This vulnerability is present on webservers that use threading, such as Apache.

A positive side effect of the hack is that the server does not crash, only the HTTP server is affected. His example perl implementation, slowloris, is able to take down an average website using only one computer. Once the attack stops, the website will come back online immediately.

Update: Reader [Motoma] sent in a python implementation of slowloris called pyloris

[photo: cutebreak]

Bittorrent is a great distribution method for large files, but its heavy bandwidth usage can be disruptive to both work and home networks. [Brett O'Connor] has decided to push all of his torrenting activity into the cloud. Amazon’s EC2 service lets you run any number of Amazon Machine Images (AMI, virtual machines) on top of their hardware. You pay for processing time and data transferred. [Brett] put together a guide for building your own seedbox on the service. First, you set up the Security Group, the firewall for the machine. Next, you specify what AMI you want to use. In this example, it’s a community build of Ubuntu. Once you have your SSH keypair, you can start the instance and install Apache, PHP, and MySQL. TorrentFlux is the web frontend for bittorrent in this case. It manages all the torrents and you just need to click download when you want to grab the completed file.

Even if you don’t plan on setting up a seedbox, the post is a straightforward example of how-to get started with EC2. He’s not sure what the cost will be; the current estimate is ~$30/mo.

[via Waxy]

[photo: nrkbeta]

[Josh] sent in a home automation project he did a little while ago. It has a total of eight switched outlets. The main focus of the project was WAP access for remote control from any cellphone. The control box is based on a design by [Ashley Roll] for controlling eight servos using a PIC microcontroller. A listener app written in Java monitors the control web page and sends signals to the board via serial port. He used opto-isolated 240V solid state relays for each of the outlets. All the pieces are available on the site and he might even do a custom control board design if there is enough interest.

Download Squad’s [Kristin Shoemaker] has just published part 2 of their guide to web development using Linux. This time around they’re installing Apache, MySQL, and PHP on Ubuntu Hardy Heron. It’s a straight forward process under Ubuntu since you just need to select the few packages in Synaptic. Once installed, she shows you how to poke at Apache to verify that it’s running. They finish up by installing phpMyAdmin and the WordPress CMS.

Having a web server installed is useful for more than just development work. Many open source tools have a simple web based interface you’ll be able to access through your local web server.