Jon B,
Maybe my first post wasn't clear, but no, I'm not a VPS provisioner and I don't run a VPS service or anything like this. I host web based communities for people as a service. We have two dedicated servers; out of the many customers we have on our service, only this one is being attacked this aggressively. Attacks are pretty common; http floods, etc, all of which we've learned to handle, but this is impossible for us. Hence why we told them they had to go; it's unfortunate but it's the only thing economically that makes sense because the situation is so severe. We're the ones on the
receiving end of all the UDP floods because of irresponsible VPS & dedicated server administrators who choose to run XAMPP in production. Not the other way around. Every time our server gets attacked, I comb through the list of IP addresses; they are all XAMPP servers running an open WebDav - many of them just allow anyone to access the PHP based UDP flood shells that these kids upload. Pretty much open to anyone who wants to use them.
If I did run a VPS service... there is probably an easy way to tie these machines down at network level once they start spewing the standard UDP flood. I'd imagine an IDS or something like that could watch for such traffic and then take action automatically. But no, that is not my situation at all. And apparently there's tons of datacenters out there who clearly don't have anything in place to pick up on this type of bad traffic that's getting spewed *from* their network, or else some of these machines would have been stopped. To be on the receiving end of UDP floods as I'm sure you know really sucks... and there is little you can do except for pay out the nose for a filtering service in a case like this, or order more bandwidth to just absorb the garbage that comes in.
By the way, I didn't mean to imply that this is all XAMPP's fault, because it's not. It says not to use it in production, and yet idiots do anyway. At the end of the day the real blame is on the server admins, and perhaps the datacenters too for not having anything in place to detect something like this. I can imagine that when these machines start packeting the crap out of people; we are probably not the only ones who feel the effects of it. If the machine(s) are on a shared line then they're going to all feel the heat because of these UDP floods that maybe 1 VPS is spitting at some website.
If XAMPP didn't do anything about it, then it would be well within their rights. It says not to use it in production, and people are warned. However, as you said, sometimes you need to look at reality and account for the situation. XAMPP works too damn well, and is too easy to use. So, people use it in production and actually get away with it quite well, and 99% probably don't get hacked either except for this little WebDav issue. But, I think there is perhaps an ethical responsibility when something like this is provided; and there is a consistent and/or wide spread pattern of exploitation to fix the said "hole."
It looks like they've stepped up and done just that, so in time this shouldn't be a problem anymore.
<== geek watching 'iftop' freaked out about UDP floods.