Serious security breach on Developer Blog

News, happenings
Message
Author
ymer
Posts: 16
Joined: Fri 18 May 2007, 22:20

#41 Post by ymer »

Barry,

I use wordpress too, and to get rid of all spams I use a custom plugin called "Peter's Custom Anti-Spam". It forces everyone to type in a visually displayed word when posting comments. This saved my wordpress as I had to delete tons of spam everyday.

As I read through, your problem seemed to be more or less a server hack issue, this could save your time and get back your comments though.

nic2109
Posts: 405
Joined: Mon 01 Jan 2007, 20:24
Location: Hayslope, near Middlemarch, Midlands, England

Re: psychology of attackers

#42 Post by nic2109 »

prehistoric wrote:All I can contribute are observations on the psychology involved in these attacks on the Puppy community.
I agree with most of that except the comment that they are immature and only winning bragging rights/schadenfruede. While this may be true, I suspect a more sinister motivation.

It is well known that most spam and phishing is related to organised criminal activity, and that for the teckies willing to do the clever stuff there's money to be made. It seems possible to me that either someone is being groomed/trained, or else they think that they have a new angle - they are certainly very good at masquerading - and are wanting to perfect it somewhere (relatively) harmless. When they are ready they'll launch an attack on a more rewarding target having practiced on us.

Is this plausible?

Caneri
Posts: 1513
Joined: Tue 04 Sep 2007, 13:23
Location: Canada

#43 Post by Caneri »

@nic2109
yes and not only plausible but proven

Eric
[color=darkred][i]Be not afraid to grow slowly, only be afraid of standing still.[/i]
Chinese Proverb[/color]

raffy
Posts: 4798
Joined: Wed 25 May 2005, 12:20
Location: Manila

outbreak

#44 Post by raffy »

Here's an outbreak just reported:
http://blogs.techrepublic.com.com/tech-news/?p=1887
(This may or may not be related to this discussion.)

But in case you're not aware of it yet, spammers put up pages and links to get high search rating (a Google algorithm uses links to drive up a site in searches). If, for example, many links point to puppylinux.org than to puppylinux.com, puppylinux.org will have the higher placement in search results.
Puppy user since Oct 2004. Want FreeOffice? [url=http://puppylinux.info/topic/freeoffice-2012-sfs]Get the sfs (English only)[/url].

cthisbear
Posts: 4422
Joined: Sun 29 Jan 2006, 22:07
Location: Sydney Australia

#45 Post by cthisbear »

Although these attacks are seriously annoying....the one good thing is
that they happened before Barry travelled to India.
So hopefully these vermin can be defeated....or better detected.....pretty much once and for all.

I don't know what measures Barry has for emergencies in regard for
someone here to put things to rights......but at least there is now time to
address all these issues.

Of course not everything can be predicted or planned for....but for the spoilers who delight in their moments of glory....now is the time to employ
different tactics.

Pissants like these will always be around....take away their pleasure.
:::::::::::::::::::::::::
When grafitti is around you paint over it quickly.

http://torontograffiti.blogspot.com/200 ... rm_06.html
"
"One of the things we know is that continually removing graffiti and keeping the building up will actually lessen the amount of graffiti the building will get," Bowman says. "In some cases, we've had program member buildings that were hit two or three times in the first two months.

"In a short while, those same buildings may get graffiti once a month and in smaller amounts."

:::::::::::::::::::::::::::::::::
Take the pleasure away by not talking too much about this event on the forum.
The same tactics we used with our beloved Catilyns'? review of Puppy.
Ignore the spoilers......put them in the Naughty Corner.

PM the appropriate people on this forum if we think somethings happening.
Personally in retrospect...the slowing down of this forum lately may have been an indicator.

Let's not live in fear.....while Barry is sorting this out he cannot work
at Puppy with his usual talent.
Don't laugh at this....but maybe Intel could monitor and out this crumb.
They have money, resources etc....why not use them whilst they are
using Barry.

Plenty of talented types here to give advice.
::::::::::::::::::::::::::
Let's not feel insulted in being given advice......no-one here is the ultimate Font of Wisdom.....but we can still gather around the water cooler and have a sip.

http://en.wikipedia.org/wiki/The_Wisdom_of_Crowds

" Four elements required to form a wise crowd

Not all crowds (groups) are wise. Consider, for example, mobs or crazed investors in a stock market bubble. Refer to Failures of crowd intelligence (below) for more examples of unwise crowds. According to Surowiecki, these key criteria separate wise crowds from irrational ones:

Diversity of opinion
Each person should have private information even if it's just an eccentric interpretation of the known facts.
Independence
People's opinions aren't determined by the opinions of those around them.
Decentralization
People are able to specialize and draw on local knowledge.
Aggregation
Some mechanism exists for turning private judgments into a collective decision. "
////////////////////////////

Do what we do best. Keep going...have a laugh together and or at each other. Enjoy our fellowship in the knowledge that Puppy is about more good coding happening than bad....that sometimes there's a Blooper...
but we can most times get around this....that our pleasure is more than their pleasure...So They Lose.

Chris.

User avatar
prehistoric
Posts: 1744
Joined: Tue 23 Oct 2007, 17:34

attack motivation?

#46 Post by prehistoric »

@Caneri, nic2109,

Not really arguing. I said they were already aware they face criminal penalties, if caught. (As for their future, it depends on what they get away with first.) What I was trying to say is that criminal organizations are probably not yet willing to pay specifically for attacking Puppy Linux sites.

There is a real wave of spamming attacks taking place all over. (The infoweek article linked above by inged explains a lot about how.) I just found another example, checked the site using wget, and did a Google search for sites mentioning spamming and containing those links; they're widespread, and most are coping poorly. I'm not talking about the forces of darkness behind these.

My comments were about the small group which has been harrassing Barry and others for months, and has now found powerful weapons made available by others. The speed with which they adapt, and evidence of monitoring, suggests human control and a special interest in scoring against Puppy sites. If we can neutralize these people, threats from the general Internet community will propagate much more slowly in our direction. We don't have to catch them, just make them real cautious, make their successes less rewarding, and the effort more like real work. Besides, there is always the chance they will slip up under this kind of scrutiny.

As for countermeasures, If they could hear a group of old timers rhythmically chanting assembly code, from the days before C, they would know they were messing with necromancy and flee. (No, no, don't even consider chanting JCL, your soul is at stake.)

prehistoric

p.s. I have succeeded in provoking a response I was looking for. What does anyone know about member "bear"? Is his post what DSM-IV calls "word salad", or is he simply working in an unfamiliar medium? Check out all his posts!
Last edited by prehistoric on Tue 15 Jan 2008, 16:07, edited 2 times in total.

User avatar
alienjeff
Posts: 2265
Joined: Sat 08 Jul 2006, 20:19
Location: Winsted, CT - USA

#47 Post by alienjeff »

cthisbear wrote:Ignore the spoilers
How? By rebroadcasting something like this?
...one good thing is that they happened before Barry travelled to India ...
Now for some more Ignoring the Spoilers:
...don't know what measures Barry has for emergencies in regard for
someone here to put things to rights
Here's your answer:
Raffy wrote:I did not have access to FTP last night
Reference: http://www.murga-linux.com/puppy/viewto ... 728#166728
cthisbear wrote:Don't laugh at this....but maybe Intel could monitor and out this crumb. They have money, resources etc....
Sorry, but must LOL at that one. BTW, Intel not only has money and resources, but they also have "etc," which includes an unwritten yet very real IOU note from Barry for their "unconditional donation" of the two ClassMate computers.
why not use them whilst they are using Barry.
At least we agree that there's no free lunch.
[size=84][i]hangout:[/i] ##b0rked on irc.freenode.net
[i]diversion:[/i] [url]http://alienjeff.net[/url] - visit The Fringe
[i]quote:[/i] "The foundation of authority is based upon the consent of the people." - Thomas Hooker[/size]

raffy
Posts: 4798
Joined: Wed 25 May 2005, 12:20
Location: Manila

attack and survival

#48 Post by raffy »

prehistoric wrote:..criminal organizations are probably not yet willing to pay specifically for attacking Puppy Linux sites.

..small group which has been harrassing Barry and others for months..
It's in this sense that I've been quiet about criticisms of the multiple web presence of Puppy Linux. It's a good survival strategy when attacks come, and surely they will.
Puppy user since Oct 2004. Want FreeOffice? [url=http://puppylinux.info/topic/freeoffice-2012-sfs]Get the sfs (English only)[/url].

User avatar
bobwrit
Posts: 283
Joined: Mon 12 Mar 2007, 23:33
Contact:

#49 Post by bobwrit »

I've gotten hit now. It's not porn, but animie emoctions. There has been some posts that refer to puppy and thus it would explain it, but I know for my site A) I've got no way of removing the icons and B) it's a hhe ole in aceboard that has caused it. My site dosn't use phpbb. It's probaly an SQL or JS injection.
I need help with my forum. [b][u]LINK:[/u][/b][url]http://www.programers.co.nr/[/url]
[url]http://www.freewebs.com/programm/iframe.html[/url] is my gateway page...

User avatar
Pizzasgood
Posts: 6183
Joined: Wed 04 May 2005, 20:28
Location: Knoxville, TN, USA

#50 Post by Pizzasgood »

I've got no way of removing the icons
Why not? They didn't change your password on you did they?
[size=75]Between depriving a man of one hour from his life and depriving him of his life there exists only a difference of degree. --Muad'Dib[/size]
[img]http://www.browserloadofcoolness.com/sig.png[/img]

User avatar
bobwrit
Posts: 283
Joined: Mon 12 Mar 2007, 23:33
Contact:

#51 Post by bobwrit »

No, no change in password. Just that in the admin uploaded smilies list they're not there. It's only the admin that can upload smilies on the board too.
I need help with my forum. [b][u]LINK:[/u][/b][url]http://www.programers.co.nr/[/url]
[url]http://www.freewebs.com/programm/iframe.html[/url] is my gateway page...

bear
Posts: 14
Joined: Tue 25 Dec 2007, 18:57

#52 Post by bear »

@prehistoric

As far as i understood when I followed a link earlier from this thread some like that turkish guy use Barry's site as a proxy to illegal sites.

The rats show themselves on what they die, the bear shows his children....
About porn: maybe a year ago I suddenly saw spam in the forum from a poster named Grizzlybeer, which had been removed in minutes (shocking to me).

Maybe two decades ago Berlin was the second biggest turkish city!


So, what do I mean?

Personal attack to Barry or not maybe the question.

We're all lucky when we've got a job and we all know that the states employees always have to work coz work is growing and growing.

Months ago I saw in a post from NathanF his mp3's: shocking, "Spooky Tooth". (Couldn't buy them myself at that time)

In my opinion and knowledge secret services behave like flies: definately senseless (no more cold war)!

Nothing to do

bear
Posts: 14
Joined: Tue 25 Dec 2007, 18:57

P. S.

#53 Post by bear »

in 1982 I saw my bookcase for a second in TV.

Talking with my woman, however daily I took an hour for myself in "my own" room. Listening to culture radio, the 2nd biggest Radiostation in Europe behind TASS.

Was it "tea time small talking" at seven pm?

EHEM!!!

User avatar
rockym93
Posts: 21
Joined: Tue 04 Jul 2006, 08:26
Location: Australia
Contact:

#54 Post by rockym93 »

DON'T POST WHEN YOU'RE LEAVING. If they know you're away, they can strike without it being fixed.

This guy did (ironically enough he was going to India too), and ended up losing his domain name. Unrelated to porn links but better safe than sorry.

http://davidairey.co.uk/google-gmail-security-hijack/
[url=http://rockym93.dnsalias.net/][img]http://rockym93.dnsalias.net/puppy-powered.png[/img][/url]

raffy
Posts: 4798
Joined: Wed 25 May 2005, 12:20
Location: Manila

planted

#55 Post by raffy »

In one site that I keep, it has planted php and mysql code on December 24, 2007, and the scripts have been intermittently called since then.
Puppy user since Oct 2004. Want FreeOffice? [url=http://puppylinux.info/topic/freeoffice-2012-sfs]Get the sfs (English only)[/url].

User avatar
alienjeff
Posts: 2265
Joined: Sat 08 Jul 2006, 20:19
Location: Winsted, CT - USA

#56 Post by alienjeff »

Wonder what OS is in use by these Puppy hosting companies? ;)
[size=84][i]hangout:[/i] ##b0rked on irc.freenode.net
[i]diversion:[/i] [url]http://alienjeff.net[/url] - visit The Fringe
[i]quote:[/i] "The foundation of authority is based upon the consent of the people." - Thomas Hooker[/size]

User avatar
MU
Posts: 13649
Joined: Wed 24 Aug 2005, 16:52
Location: Karlsruhe, Germany
Contact:

#57 Post by MU »

Servage: Linux node2.c23 2.6.17-1.2142_FC4smp
So seems to be Fedora Core 4.
On minisys.org we use Slackware, Suse and Puppy, it depends on the Sub-websites. We migrate from Suse to Slackware/Puppy currently, but this is not completed yet.
Mark

wingruntled

#58 Post by wingruntled »

AJ
To answer your question.

Initiating server query ...
Looking up IP address for domain: puppylinux.com
The IP address for the domain is: ********************
Connecting to the server on standard HTTP port: 80
[Connected] Requesting the server's default page.
The server returned the following response headers:
HTTP/1.1 200 OK
Date: Tue, 15 Jan 2008 18:29:09 GMT
Server: Apache
Last-Modified: Sun, 13 Jan 2008 19:31:34 GMT
ETag: "6ab00dd-8bbf-9b777180"
Accept-Ranges: bytes
Content-Length: 35775
Connection: close
Content-Type: text/html
Query complete.

Just for the heck of it I queried everybody in this thread that has a page and I did not find a single MS host server.

Das ist auch gut so :)

Bruce B

#59 Post by Bruce B »

This is the first I noticed this topic. Condolences extended.

After reading it through, my first theory was: It starts with a php capability which in turn exploits a wordpress vulnerability.

Following this theory, I then checked: Google wordpress php vulnerability

User avatar
prehistoric
Posts: 1744
Joined: Tue 23 Oct 2007, 17:34

Doesn't this sound relevant?

#60 Post by prehistoric »

Notice this response to John Murga's announcement of security downtime by "bear".
http://www.murga-linux.com/puppy/viewtopic.php?t=25457
move it to spam

NATHAN war der Weise!
Remember, how Nathan's Grafpup differs? He does not use root privileges for everything.

Bear has made 14 posts since 25 Dec 2007, and half of them were today, and also rather strange. He has not made any posts to German threads, yet he appears to speak German as well as he speaks any language.

I would say he decided this identity was compromised very recently and threw caution to the winds.

If bear isn't connected with security problems and spamming, what does this mean? Perhaps, he will post an explanation in this thread.

prehistoric

Post Reply