Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Fri 28 Nov 2014, 08:19
All times are UTC - 4
 Forum index » Taking the Puppy out for a walk » Announcements
[Resolved]01micko.com compromised
Moderators: Flash, Ian, JohnMurga
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 4 [46 Posts]   Goto page: 1, 2, 3, 4 Next
Author Message
01micko


Joined: 11 Oct 2008
Posts: 7841
Location: qld

PostPosted: Fri 13 Jun 2014, 17:46    Post subject:  [Resolved]01micko.com compromised
Subject description: Friday the 13th? Full Moon?
 

My site has been compromised.

See UPDATE 1

See UPDATE 2

As far as I can tell mainly it's the domain name. All the files are still there but I can't access it via FTP. It appears to me that DNS is compromised, but that doesn't explain the FTP.

The files are unimportant (I have local copies) but my database is, to some degree. I have backed up the whole site but the download breaks (6GB) through a browser. Wget doesn't work as the domain is kaput.

Of course I have emailed my host's support but no response. I expect I won't see one until Monday. They are lazy.

Sorry for any inconvenience.

_________________
Woof Mailing List | keep the faith Cool |

Last edited by 01micko on Sun 15 Jun 2014, 22:09; edited 3 times in total
Back to top
View user's profile Send private message Visit poster's website 
Sylvander

Joined: 15 Dec 2008
Posts: 3524
Location: West Lothian, Scotland, UK

PostPosted: Fri 13 Jun 2014, 18:22    Post subject:  

Might "someone" be messing with the files whilst the site is compromised?
e.g. Inserting "backdoors"?

Would it perhaps be wise to scrap all of the files and replace them with known good copies?
Back to top
View user's profile Send private message 
Ted Dog


Joined: 13 Sep 2005
Posts: 2474
Location: Heart of Texas

PostPosted: Fri 13 Jun 2014, 20:14    Post subject:  

A bad DNS record happens by accident as well. Sometimes more than one person buys a domain and the powers have to sort it out. Since he has the older record it should still be his. Contact the holder of the DNS record to get this resolved faster.
Back to top
View user's profile Send private message 
8-bit


Joined: 03 Apr 2007
Posts: 3393
Location: Oregon

PostPosted: Sat 14 Jun 2014, 01:09    Post subject:  

It appears that some files are still accessible in some sub-directories.
I was able to access http://01micko.com/slacko5.5/ with no apparent problems. The mains site though would bring up a 404 error in the browser though.
I hope you get it remedied as I hate to see any sites that contain puppy related files un-accessible.
I just tried backing up the tree by using "Parent directory" using the above link and was able to get a tree list of the directories in 01mico.com!
That may help in recovering important personal and development files!
Back to top
View user's profile Send private message 
01micko


Joined: 11 Oct 2008
Posts: 7841
Location: qld

PostPosted: Sat 14 Jun 2014, 03:16    Post subject:  

UPDATE

It is definitely a DNS attack on my host. My site HAS NOT been compromised. I can login using the IP address and nothing is amiss. As a precaution I have beefed up my already beefy password.

It's a waiting game now for the slack-assed host to get off it's rump and fix the issue.

_________________
Woof Mailing List | keep the faith Cool |
Back to top
View user's profile Send private message Visit poster's website 
russoodle


Joined: 12 Sep 2008
Posts: 667
Location: Down-Under in South Oz

PostPosted: Sat 14 Jun 2014, 06:27    Post subject:  

Hey Micko....i empathise with you, matey....so many screwballs out there Evil or Very Mad

Hope your host gets off that lard-arse soon and sorts it out for you!

I don't imagine there's anything i can do to help in the circumstances, but if there is, please let me know..

Cheers,
russoodle

_________________
This aging business really bugs me - it didn't bother me years ago, so why is it happening now??
meownplanet - puppylinuxstuff
Back to top
View user's profile Send private message 
01micko


Joined: 11 Oct 2008
Posts: 7841
Location: qld

PostPosted: Sat 14 Jun 2014, 06:39    Post subject:  

Thanks Suz,

I know exactly how you have felt on a couple of occasions now. Frustrated, pissed off and helpless.

What's worse is that my host is on Linux. Not a good advertisement. You would think that with Linux being free, in every sense of the word, that they wouldn't have a drama keeping up with security issues. I know bind (the Linux program for DNS) is continually updated. Obviously their's wasn't. Rolling Eyes

Stay cool. Cool

NB: next time I purchase hosting I want a VM that I am in charge of... can administer over ssh and scp. Cost isn't the issue. It's service. Thought about hosting from home but my upload speed maxes at 80kbps.. pathetic.

_________________
Woof Mailing List | keep the faith Cool |
Back to top
View user's profile Send private message Visit poster's website 
stemsee

Joined: 27 Jun 2013
Posts: 531
Location: London

PostPosted: Sat 14 Jun 2014, 07:03    Post subject:  

http://01micko.com/

is this correct? It goes to ECSHOP Demo site. China. When I lived in China (7 year) They routinely hacked my phone's database and caused it to misbehave. I worked at a youth hostel in china and they hacked that and used it as a server with 40GB of hidden files!!
capture6763.jpg
 Description   
 Filesize   31.13 KB
 Viewed   504 Time(s)

capture6763.jpg

Back to top
View user's profile Send private message MSN Messenger 
stemsee

Joined: 27 Jun 2013
Posts: 531
Location: London

PostPosted: Sat 14 Jun 2014, 08:03    Post subject:  

Sylvander wrote:
Might "someone" be messing with the files whilst the site is compromised?
e.g. Inserting "backdoors"?

Would it perhaps be wise to scrap all of the files and replace them with known good copies?


I, too, have strongly suspected this!!
I would be amazed if some entity DIDN'T hack puppy linux in every way it could!! So your advise is sound!
Back to top
View user's profile Send private message MSN Messenger 
01micko


Joined: 11 Oct 2008
Posts: 7841
Location: qld

PostPosted: Sat 14 Jun 2014, 09:01    Post subject:  

stemsee.. nah, they hacked DNS of the host. Enough to piss me off and frustrate me but not much more. Should be fine by Tuesday (for me).. if they get off their lazy arse and fix it.
_________________
Woof Mailing List | keep the faith Cool |
Back to top
View user's profile Send private message Visit poster's website 
anikin

Joined: 10 May 2012
Posts: 529

PostPosted: Sat 14 Jun 2014, 10:12    Post subject:  

stemsee wrote:
Sylvander wrote:
Might "someone" be messing with the files whilst the site is compromised?
e.g. Inserting "backdoors"?

Would it perhaps be wise to scrap all of the files and replace them with known good copies?


I, too, have strongly suspected this!!
I would be amazed if some entity DIDN'T hack puppy linux in every way it could!! So your advise is sound!

Yep, the hackers have had plenty of time to do anything they wanted. From now on, Slacko's communication with icanhazip will be under full control of the brutal Chinese regime. Outrageous. On the other hand, this is a good publicity opportunity for micko ... I didn't even suspect, he had a website.
Back to top
View user's profile Send private message 
01micko


Joined: 11 Oct 2008
Posts: 7841
Location: qld

PostPosted: Sat 14 Jun 2014, 10:25    Post subject:  

Quote:
Yep, the hackers have had plenty of time to do anything they wanted. From now on, Slacko's communication with icanhazip will be under full control of the brutal Chinese regime. Outrageous

Laughing
Sad thing is that you are for real. Truly sad.
Quote:
On the other hand, this is a good publicity opportunity for micko ... I didn't even suspect, he had a website.

Oh yes. It's only been around for 3 years. More clicks is good. Especially for my Chinese partners.

_________________
Woof Mailing List | keep the faith Cool |
Back to top
View user's profile Send private message Visit poster's website 
Iguleder


Joined: 11 Aug 2009
Posts: 1925
Location: Israel, somewhere in the beautiful desert

PostPosted: Sat 14 Jun 2014, 13:33    Post subject:  

double post
_________________
My homepage

Last edited by Iguleder on Sat 14 Jun 2014, 13:35; edited 1 time in total
Back to top
View user's profile Send private message Visit poster's website MSN Messenger 
ICQ Number 
Iguleder


Joined: 11 Aug 2009
Posts: 1925
Location: Israel, somewhere in the beautiful desert

PostPosted: Sat 14 Jun 2014, 13:33    Post subject:  

You can buy a cheap ARM computer and host everything at home. It's a one-time fee and you get full access to the server.

That's what I do - mine runs a modded distro with a web server I wrote myself. It's security hardened and surrounded with home-made honeypots. In total, I waste ten minutes on administration each month.

_________________
My homepage
Back to top
View user's profile Send private message Visit poster's website MSN Messenger 
ICQ Number 
tlchost

Joined: 05 Aug 2007
Posts: 1741
Location: Baltimore, Maryland USA

PostPosted: Sat 14 Jun 2014, 15:30    Post subject:  

Iguleder wrote:
You can buy a cheap ARM computer and host everything at home. It's a one-time fee and you get full access to the server.

Only if your ISP's TOS(Terms of Service) allows it
Back to top
View user's profile Send private message Visit poster's website 
Display posts from previous:   Sort by:   
Page 1 of 4 [46 Posts]   Goto page: 1, 2, 3, 4 Next
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Taking the Puppy out for a walk » Announcements
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0816s ][ Queries: 13 (0.0046s) ][ GZIP on ]