It's morning again and I am still waiting by Sebastian Morales

This project derived from another, as they often do. In this case I was studying internet bots and botnets, their patterns and flows. Soon after, I started creating honeypots designed to attract more bots, keeping them in the server as long as possible, setting baits to lure them back when they left.

After a couple days, bots where coming form everywhere, many different types. After a week, I had bots from a particularly bot net visiting the server every couple of hours. Each time what seem to be a different IP address would appear, try a combination of username and password, then disappear forever. Somewhere around the world, perhaps everywhere around it, these were loyal, punctual, and always present predators. Keep in mind that these bots were trying to hack my server, not very successfully, but their only purpose was harm. They continued visiting for months, then, inexplicably, stop to never come back again.

The week after they stop was strange. I found myself checking the server logs multiple times a day, always feeling somewhat abandoned. I am not sure where or how this relates to the Stockholm syndrome or if I should try to coin a new term. But there was something about this creatures, meaning harm but now absent, that made my yearning strong.

I couldn’t resist the curiosity, the urge to find out more. I started meticulously looking for clues though months of server logs, and there were patterns. In fact, not all the IP address where unique, they often came back again, and again, and again. Traveling oceans at the speed of light, no frontiers, the only boarder a Wordpress login page.

This sparked the idea in my head of writing/coding a poem for a particular(random) bot that came frequently. It is read/written as a system administrator, who knows the bot is trying to hack its system but cannot help to develop an unhealthy attraction and lust for it. Asking the system to help him track the bot back to its origin.

 

Original post:

This project was part of the final for Reading and Writing Electronic Text class. It was inspired by the bots that have been visiting my honey pot server the last couple of months. 

In particular it was inspired by a period of time about 1 week long that they stopped coming. I felt curiosity, and sadness for the sudden unexplained abandonment of these bots. 

I first started on Jupyter Notebook. For a period of 1.5 months I had been recording all bots that visited the server. It was a simple txt file logging every visit, in the order as they came.

I made the mistake to not save the log in a structured way as a dictionary or a Json, which meant that the first step was to convert the data into a structured values. 

I became particularly interested in bots seeking to hack a wordpress site. The honey pot server would always return an error message and the same page, it looks something like this: 

WP honey pot

I became fascinated by these bots, they all behave exactly the same way and acted in an orderly fashion. It would be safe to assume that they are all connected and orchestrated by the same master. Yet they seem to always come from different IP address. Looking at all the IPs plotted around the world we can see they are quite distributed...

world.jpg

Anyways, turning into poetry

As these type of bot arrive they leave behind a post request of the following structure.

Wed Apr 18 2018 08:22:14 GMT+0000 (UTC) ip 94.25.169.198 Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0 POST {"log":"admin","pwd":"viking","rememberme":"forever","submit":"Login","redirect_to":"wp-login-error.html"} Path: /wp-login.php

With this in mind I started parsing though the data, looking at common passwords and common User names. Also looking at the most repeated IP address.

I found that out of the 5010 WP logging attempts 2110 were from the same IPs.

Top 20:

[('95.79.33.65', 23),
 ('176.197.78.250', 22),
 ('93.157.168.25', 21),
 ('37.143.19.62', 20),
 ('46.61.152.185', 19),
 ('5.104.206.2', 19),
 ('185.59.58.52', 18),
 ('91.192.173.25', 18),
 ('185.13.112.104', 18),
 ('62.140.230.163', 17),
 ('109.172.30.247', 17),
 ('192.95.168.172', 16),
 ('93.170.177.233', 16),
 ('80.64.18.225', 16),
 ('185.81.248.18', 16),
 ('188.0.135.155', 16),
 ('176.120.211.202', 16),
 ('212.118.40.117', 16),
 ('46.35.243.27', 15),
 ('195.9.51.62', 15)]

This sparked in my head the idea of having a poem for a particular bot that has come frequently. It is read/written by the system administrator, who knows the bot is trying to hack the system but cant help to develop an unhealthy attraction and lust for it. Asking the system to help him track the bot to its origin.

Some of the text in the poem comes from the bot passwords and usernames, also the dates and times registered would help build some tension thought repetition.

The embedded jupyter notebook shows most of the process of developing the poem.

For the actual performance I didn't want to read streight form a jupyter notebook but rather from a terminal window. As the system administrator looks at the logs and talks to the terminal. 

 

The actual python script for the terminal version can be found [here].

Cheap micoroscope camera vs Mark III with adaptor by Sebastian Morales

Microscopes

Testing different camera setups on the school microscope. The microscope itself is pretty shitty but I wanted to compare the AmScope camera against the canon adapter and a markIII.

Canon Adapter and Mark III

The adapter is nothing but a simple mount to attach the camera to the microscope. Because of this the images end up not covering the entire frame. For reference, the specimen is about 3-5mm long.

If I were to take this pictures again I would like to pay closer attention to the with balance and make sure I was shooting in RAW.

This is the same picture but framed to avoid showing the black circle:

Digitalzoom

A closer look... (digital zoom)

Digitalzoom

Here we can still observe some details.

AmScope + ToupLite

ToupLite is the software used to capture the images. For some reason the camera won't be detected as a simple webcam.

Taking a closer (digital) look at this same image:

Digitalzoom

Side by side:

AmScope - Canon w/ adapter

Clearly a superior detail with the adapter. Future work would involve testing this with a live feed to the computer.

BUT where the Canon really outbids the cheap microscope camera is while taking video. The framerate I was getting with the AM camera was about 1fs, 3 at best. Compared to the 30 or 60fps of the Mark III.

Of course, if you compare the price tags then the AM camera might not be that terrible considering it is about 15 times cheaper.

The actual setup looks like this:

Canon_with_adptor.jpg

The following picture is a different microscope but same concept.

Canon mounted on microscope

Tracery, self generating HTML sites by Sebastian Morales

HW 4 is all about Tracery a tool that allows you to generate text using substitution rules. Depending on your patience and creativity, you can accomplish some pretty crazy stuff. 

This time we were challenged to create our own poetic form and rules. I decided to steer a little from the main assignment and explore the tool under another context.

I have notice that I am not a very good poet, and that my (computer generated poems) will get just a couple of views before disappearing to be never found again under other posts. To my surprise, there has been some very loyal readers, and no matter what I publish, they keep coming back. 

The following poems are dedicated to my loyal readership, bots:

The python script uses tracery to generate a different HTML page every time it is run. It will generate a top navigation menu, links, embed images, contact info as well as headers and text... the whole thing. 

On my server, using the npm package isBot I filter the requests by user agent, if it is a bot, I generate a new page and server it back, if it is human, I return what was asked for.

I have only tested my poem for 24 hours so far and I am amazed by the response. I feel so talented, I think I have finally found my audience. Some bots from Google are OBSESSED! They keep coming back and back and back! My server bill might be high this month bot I have to stay true to my fans! 

Over 4000 Google bot asking for poems

Over 4000 Google bot asking for poems