Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Wed 26 Nov 2014, 21:44
All times are UTC - 4
 Forum index » Taking the Puppy out for a walk » Announcements
[Resolved]01micko.com compromised
Moderators: Flash, Ian, JohnMurga
Post_new_topic   Reply_to_topic View_previous_topic :: View_next_topic
Page 1 of 4 Posts_count   Goto page: 1, 2, 3, 4 Next
Author Message
01micko


Joined: 11 Oct 2008
Posts: 7841
Location: qld

PostPosted: Fri 13 Jun 2014, 17:46    Post_subject:  [Resolved]01micko.com compromised
Sub_title: Friday the 13th? Full Moon?
 

My site has been compromised.

See UPDATE 1

See UPDATE 2

As far as I can tell mainly it's the domain name. All the files are still there but I can't access it via FTP. It appears to me that DNS is compromised, but that doesn't explain the FTP.

The files are unimportant (I have local copies) but my database is, to some degree. I have backed up the whole site but the download breaks (6GB) through a browser. Wget doesn't work as the domain is kaput.

Of course I have emailed my host's support but no response. I expect I won't see one until Monday. They are lazy.

Sorry for any inconvenience.

_________________
Woof Mailing List | keep the faith Cool |

Edited_times_total
Back to top
View user's profile Send_private_message Visit_website 
Sylvander

Joined: 15 Dec 2008
Posts: 3518
Location: West Lothian, Scotland, UK

PostPosted: Fri 13 Jun 2014, 18:22    Post_subject:  

Might "someone" be messing with the files whilst the site is compromised?
e.g. Inserting "backdoors"?

Would it perhaps be wise to scrap all of the files and replace them with known good copies?
Back to top
View user's profile Send_private_message 
Ted Dog


Joined: 13 Sep 2005
Posts: 2471
Location: Heart of Texas

PostPosted: Fri 13 Jun 2014, 20:14    Post_subject:  

A bad DNS record happens by accident as well. Sometimes more than one person buys a domain and the powers have to sort it out. Since he has the older record it should still be his. Contact the holder of the DNS record to get this resolved faster.
Back to top
View user's profile Send_private_message 
8-bit


Joined: 03 Apr 2007
Posts: 3393
Location: Oregon

PostPosted: Sat 14 Jun 2014, 01:09    Post_subject:  

It appears that some files are still accessible in some sub-directories.
I was able to access http://01micko.com/slacko5.5/ with no apparent problems. The mains site though would bring up a 404 error in the browser though.
I hope you get it remedied as I hate to see any sites that contain puppy related files un-accessible.
I just tried backing up the tree by using "Parent directory" using the above link and was able to get a tree list of the directories in 01mico.com!
That may help in recovering important personal and development files!
Back to top
View user's profile Send_private_message 
01micko


Joined: 11 Oct 2008
Posts: 7841
Location: qld

PostPosted: Sat 14 Jun 2014, 03:16    Post_subject:  

UPDATE

It is definitely a DNS attack on my host. My site HAS NOT been compromised. I can login using the IP address and nothing is amiss. As a precaution I have beefed up my already beefy password.

It's a waiting game now for the slack-assed host to get off it's rump and fix the issue.

_________________
Woof Mailing List | keep the faith Cool |
Back to top
View user's profile Send_private_message Visit_website 
russoodle


Joined: 12 Sep 2008
Posts: 667
Location: Down-Under in South Oz

PostPosted: Sat 14 Jun 2014, 06:27    Post_subject:  

Hey Micko....i empathise with you, matey....so many screwballs out there Evil or Very Mad

Hope your host gets off that lard-arse soon and sorts it out for you!

I don't imagine there's anything i can do to help in the circumstances, but if there is, please let me know..

Cheers,
russoodle

_________________
This aging business really bugs me - it didn't bother me years ago, so why is it happening now??
meownplanet - puppylinuxstuff
Back to top
View user's profile Send_private_message 
01micko


Joined: 11 Oct 2008
Posts: 7841
Location: qld

PostPosted: Sat 14 Jun 2014, 06:39    Post_subject:  

Thanks Suz,

I know exactly how you have felt on a couple of occasions now. Frustrated, pissed off and helpless.

What's worse is that my host is on Linux. Not a good advertisement. You would think that with Linux being free, in every sense of the word, that they wouldn't have a drama keeping up with security issues. I know bind (the Linux program for DNS) is continually updated. Obviously their's wasn't. Rolling Eyes

Stay cool. Cool

NB: next time I purchase hosting I want a VM that I am in charge of... can administer over ssh and scp. Cost isn't the issue. It's service. Thought about hosting from home but my upload speed maxes at 80kbps.. pathetic.

_________________
Woof Mailing List | keep the faith Cool |
Back to top
View user's profile Send_private_message Visit_website 
stemsee


Joined: 27 Jun 2013
Posts: 516
Location: London

PostPosted: Sat 14 Jun 2014, 07:03    Post_subject:  

http://01micko.com/

is this correct? It goes to ECSHOP Demo site. China. When I lived in China (7 year) They routinely hacked my phone's database and caused it to misbehave. I worked at a youth hostel in china and they hacked that and used it as a server with 40GB of hidden files!!
capture6763.jpg
 Description   
 Filesize   31.13 KB
 Viewed   501 Time(s)

capture6763.jpg

Back to top
View user's profile Send_private_message MSNM 
stemsee


Joined: 27 Jun 2013
Posts: 516
Location: London

PostPosted: Sat 14 Jun 2014, 08:03    Post_subject:  

Sylvander wrote:
Might "someone" be messing with the files whilst the site is compromised?
e.g. Inserting "backdoors"?

Would it perhaps be wise to scrap all of the files and replace them with known good copies?


I, too, have strongly suspected this!!
I would be amazed if some entity DIDN'T hack puppy linux in every way it could!! So your advise is sound!
Back to top
View user's profile Send_private_message MSNM 
01micko


Joined: 11 Oct 2008
Posts: 7841
Location: qld

PostPosted: Sat 14 Jun 2014, 09:01    Post_subject:  

stemsee.. nah, they hacked DNS of the host. Enough to piss me off and frustrate me but not much more. Should be fine by Tuesday (for me).. if they get off their lazy arse and fix it.
_________________
Woof Mailing List | keep the faith Cool |
Back to top
View user's profile Send_private_message Visit_website 
anikin

Joined: 10 May 2012
Posts: 529

PostPosted: Sat 14 Jun 2014, 10:12    Post_subject:  

stemsee wrote:
Sylvander wrote:
Might "someone" be messing with the files whilst the site is compromised?
e.g. Inserting "backdoors"?

Would it perhaps be wise to scrap all of the files and replace them with known good copies?


I, too, have strongly suspected this!!
I would be amazed if some entity DIDN'T hack puppy linux in every way it could!! So your advise is sound!

Yep, the hackers have had plenty of time to do anything they wanted. From now on, Slacko's communication with icanhazip will be under full control of the brutal Chinese regime. Outrageous. On the other hand, this is a good publicity opportunity for micko ... I didn't even suspect, he had a website.
Back to top
View user's profile Send_private_message 
01micko


Joined: 11 Oct 2008
Posts: 7841
Location: qld

PostPosted: Sat 14 Jun 2014, 10:25    Post_subject:  

Quote:
Yep, the hackers have had plenty of time to do anything they wanted. From now on, Slacko's communication with icanhazip will be under full control of the brutal Chinese regime. Outrageous

Laughing
Sad thing is that you are for real. Truly sad.
Quote:
On the other hand, this is a good publicity opportunity for micko ... I didn't even suspect, he had a website.

Oh yes. It's only been around for 3 years. More clicks is good. Especially for my Chinese partners.

_________________
Woof Mailing List | keep the faith Cool |
Back to top
View user's profile Send_private_message Visit_website 
Iguleder


Joined: 11 Aug 2009
Posts: 1924
Location: Israel, somewhere in the beautiful desert

PostPosted: Sat 14 Jun 2014, 13:33    Post_subject:  

double post
_________________
My homepage

Edited_time_total
Back to top
View user's profile Send_private_message Visit_website MSNM 
ICQ 
Iguleder


Joined: 11 Aug 2009
Posts: 1924
Location: Israel, somewhere in the beautiful desert

PostPosted: Sat 14 Jun 2014, 13:33    Post_subject:  

You can buy a cheap ARM computer and host everything at home. It's a one-time fee and you get full access to the server.

That's what I do - mine runs a modded distro with a web server I wrote myself. It's security hardened and surrounded with home-made honeypots. In total, I waste ten minutes on administration each month.

_________________
My homepage
Back to top
View user's profile Send_private_message Visit_website MSNM 
ICQ 
tlchost

Joined: 05 Aug 2007
Posts: 1738
Location: Baltimore, Maryland USA

PostPosted: Sat 14 Jun 2014, 15:30    Post_subject:  

Iguleder wrote:
You can buy a cheap ARM computer and host everything at home. It's a one-time fee and you get full access to the server.

Only if your ISP's TOS(Terms of Service) allows it
Back to top
View user's profile Send_private_message Visit_website 
Display_posts:   Sort by:   
Page 1 of 4 Posts_count   Goto page: 1, 2, 3, 4 Next
Post_new_topic   Reply_to_topic View_previous_topic :: View_next_topic
 Forum index » Taking the Puppy out for a walk » Announcements
Jump to:  

Rules_post_cannot
Rules_reply_cannot
Rules_edit_cannot
Rules_delete_cannot
Rules_vote_cannot
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0828s ][ Queries: 13 (0.0043s) ][ GZIP on ]