(old)Puppy Linux Discussion Forum

prehistoric wrote:he appears to speak German as well as he speaks any language.

And he appears to be unable to identify French since he posted in English in a French thread stating that he didn't understand what was going on.

I agree that some of his posts appear completely random and nonsensical, like what a spammer uses to tag a forum, but others seem well-informed and relevant to the thread.

My guess is that he is not a spammer, and that his posts that made no sense were just a literal translation of some German colloquialism that doesn't mean the same thing when directly translated. That doesn't really explain the comment to Mr. Murga (put what in spam?), though.

As long as one uses Web/PHP scripts, one is advised to check for updates daily and install those updates. Also, a user-friendly configuration of both Apache and PHP allows easy injection of code to the website. So it's really user vigilance that matters.

Possible moral of the story: when you go on leave, disable all scripts and run only static HTML. And make all folders read-only.

hi guys, I was on the french forum while it happened
was talking to Botanic about the french forum mods.... here not really fluent english so goes with Sir Duncan's thoughts
rather good translation though, but not perfect.

hope I didn't let the devil in by mistake...
maddox

looks like a bot to me. I've seen one in another forum. Same sort of strange postings, that somewhat correlate to the text but don't really seem to be part of the conversation.

Bear, you out there?

Are you a bot or a real person?

Some of his posts were very specific and not likely the ramblings of a bot (unless he is a better one than the ones I am used to). For instance:

bear wrote:lI'm running win2000 on a 25 GB file in virtualbox. Seamless integration is great!
With JWM you will have to use autohide tray.

Sometimes I use it as a fileserver, but note that bridge-utils won't work in newer puppies.
So there is only NAT.

in <http://www.murga-linux.com/puppy/viewto ... 0&start=15>. That doesn't look a bot to me.

SirDuncan wrote:That doesn't look a bot to me.

hmmm.. You're right, that looks like an actual conversation. Either he's real or the AI is getting way better.

@Sir Duncan,

The post aimed at me at time 6:23 reads like English produced by a native German speaker. Human, not a bot. Early posts, before this security breach thread started, also sound like English produced by a native German speaker with some education. Some other posts wouldn't read well in either English or German, except, of course, the statement about Nathan, which appears to be from a native speaker of German. That one has time 7:25, and couldn't have been prepared before John posted the announcement at 6:57.

Because I did several edits, I don't know the exact time I inserted my postscript. It seems, to me, like he decided the identity was known to sys admin. when he read that I had deliberately provoked him. Then, he made that revealing reply to John Murga, and the 'bot took over. This is the kind of bot herding which has been characteristic of our problems.

prehistoric

About this time last year BarryK and I set our domains to a FSF support host via the Univ. of NC.
I was informed by a friend of hacking scripts he located that was attacking, puppylinux.net ( which is registered to me ) I notified BarryK. I think it was in October. We disbanded the host of Univ. of NC, but somehow our domains remain interlocked. try puppylinux.net (no www.) and www.puppylinux.net its different.
I think his login and passwords was captured, once and secondary root pass accounts were setup.
Or, the puppylinux.net domain still points to Univ of NC, and its DNS is pointing to servage.

@Ted Dog,

The examples you gave now show the same result, for me. Is this true for everyone?

@bear

Still waiting for explanation. Are you a legitimate user whose account has been misused?

prehistoric

bears first 2 postings are too "on-topic" to be written by bots.
The rest is typical bot-behaviour.
It think his account was hacked by a bot, then the bot used this account to sporadically post messages.
Mark

John should be able to locate 'bear' from his registration details (and ISP, if appropriate)? Has anyone advised John yet?

Bear has posted from a range of IP addresses, 7 posts from one, 2 from several others, and just 1 post from several, which is consistent with someone using ADSL or Cable.

I don't know why he hasn't replied to the questions in this thread. He contributed to it one time; surely he's been following it. (If he's really a human. )

@ Sage,

I notified John Murga via PM while I was preparing the edit to the post which provoked a response, but have no reply from John, yet. When I sent that message I was not nearly as certain about bear as I now feel, so am not surprised, even if it turns out John saw my message and ignored it.

I am quite flattered that bear took John's announcement of a system shutdown for a security update as the result of behind the scenes coordination between us. Fooling some people is easy; for the paranoid there are no coincidences. To quote my sainted mother, "the wicked flee-eth when none pursue-eth".

prehistoric

Ted Dog wrote:About this time last year BarryK and I set our domains to a FSF support host via the Univ. of NC.
I was informed by a friend of hacking scripts he located that was attacking, puppylinux.net ( which is registered to me ) I notified BarryK. I think it was in October. We disbanded the host of Univ. of NC, but somehow our domains remain interlocked. try puppylinux.net (no www.) and www.puppylinux.net its different.
I think his login and passwords was captured, once and secondary root pass accounts were setup.
Or, the puppylinux.net domain still points to Univ of NC, and its DNS is pointing to servage.

Umm, I'm confused. Should I now login to the servage.net control panel and set the domain 'puppylinux.net' to point to same root directory as 'puppylinux.com'? I haven't done that yet, didn't know what the situation with puppylinux.net was.

This is what it shows: (Same result with and without www.)

Maybe you want it to point to puptrix.org, as it is a source repository? If that's the case, then its domain pointer should be toward the puptrix.org host, and Ted should park the domain in his host. Ted should give the domain info. (It seems that these have been done already, and Ted should point it to an appropriate page).

Just found a Puppy-related site displaying a login for LoLoLa, (don't have the accents right,) which a Google search seems to show as a singles' site. If anyone finds others out there, get the time of the attack as closely as possible, so we can trace propagation. I've notified the operator by gmail, while checking other sites.

prehistoric

edit: Now identified this as a Trojan, with name LoLoLo. Above name was mistake due to appearance.

If that's a Trojan, then www . ttuuxx . com is hacked also, the same LoLoLo stuff is displayed at its front page.

@ymer,

Didn't you stop to think why I failed to provide a link to a Trojan?

Are you under the control of dark powers?

prehistoric

Thanks for the info.

eric

I don't know if this is helpful to the problem, but I noticed in the TouTou Puppy thread ( http://www.murga-linux.com/puppy/viewtopic.php?t=24074 ) that there's a posting by "John Smith" that is an exact copy of the (French!) posting above it. It's the only posting by that user.

*EDIT* The duplicate posting features a link to a laser pointer sales site in the .sig. Also, when they cut-n-pasted the text, they turned "Cordialement " into "Cordialement Wink"...