Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Fri 25 Jul 2014, 03:00
All times are UTC - 4
 Forum index » Taking the Puppy out for a walk » Announcements
Serious security breach on Developer Blog
Moderators: Flash, Ian, JohnMurga
Post_new_topic   Reply_to_topic View_previous_topic :: View_next_topic
Page 4 of 9 Posts_count   Goto page: Previous 1, 2, 3, 4, 5, 6, 7, 8, 9 Next
Author Message
prehistoric


Joined: 23 Oct 2007
Posts: 1255

PostPosted: Mon 14 Jan 2008, 21:27    Post_subject: attack motivation?  

@Caneri, nic2109,

Not really arguing. I said they were already aware they face criminal penalties, if caught. (As for their future, it depends on what they get away with first.) What I was trying to say is that criminal organizations are probably not yet willing to pay specifically for attacking Puppy Linux sites.

There is a real wave of spamming attacks taking place all over. (The infoweek article linked above by inged explains a lot about how.) I just found another example, checked the site using wget, and did a Google search for sites mentioning spamming and containing those links; they're widespread, and most are coping poorly. I'm not talking about the forces of darkness behind these.

My comments were about the small group which has been harrassing Barry and others for months, and has now found powerful weapons made available by others. The speed with which they adapt, and evidence of monitoring, suggests human control and a special interest in scoring against Puppy sites. If we can neutralize these people, threats from the general Internet community will propagate much more slowly in our direction. We don't have to catch them, just make them real cautious, make their successes less rewarding, and the effort more like real work. Besides, there is always the chance they will slip up under this kind of scrutiny.

As for countermeasures, If they could hear a group of old timers rhythmically chanting assembly code, from the days before C, they would know they were messing with necromancy and flee. (No, no, don't even consider chanting JCL, your soul is at stake.)

prehistoric

p.s. I have succeeded in provoking a response I was looking for. What does anyone know about member "bear"? Is his post what DSM-IV calls "word salad", or is he simply working in an unfamiliar medium? Check out all his posts!

Edited_times_total
Back to top
View user's profile Send_private_message 
alienjeff


Joined: 08 Jul 2006
Posts: 2291
Location: Winsted, CT - USA

PostPosted: Mon 14 Jan 2008, 21:52    Post_subject:  

cthisbear wrote:
Ignore the spoilers


How? By rebroadcasting something like this?

Quote:
...one good thing is that they happened before Barry travelled to India ...


Now for some more Ignoring the Spoilers:

Quote:
...don't know what measures Barry has for emergencies in regard for
someone here to put things to rights


Here's your answer:

Raffy wrote:
I did not have access to FTP last night

Reference: http://www.murga-linux.com/puppy/viewtopic.php?p=166728#166728

cthisbear wrote:
Don't laugh at this....but maybe Intel could monitor and out this crumb. They have money, resources etc....


Sorry, but must LOL at that one. BTW, Intel not only has money and resources, but they also have "etc," which includes an unwritten yet very real IOU note from Barry for their "unconditional donation" of the two ClassMate computers.

Quote:
why not use them whilst they are using Barry.


At least we agree that there's no free lunch.

_________________
hangout: ##b0rked on irc.freenode.net
diversion: http://alienjeff.net - visit The Fringe
quote: "The foundation of authority is based upon the consent of the people." - Thomas Hooker

Back to top
View user's profile Send_private_message 
raffy

Joined: 25 May 2005
Posts: 4759
Location: Manila

PostPosted: Mon 14 Jan 2008, 21:58    Post_subject: attack and survival  

prehistoric wrote:
..criminal organizations are probably not yet willing to pay specifically for attacking Puppy Linux sites.

..small group which has been harrassing Barry and others for months..

It's in this sense that I've been quiet about criticisms of the multiple web presence of Puppy Linux. It's a good survival strategy when attacks come, and surely they will.

_________________
Puppy user since Oct 2004. Want FreeOffice? Get the sfs (English only).
Back to top
View user's profile Send_private_message 
bobwrit


Joined: 12 Mar 2007
Posts: 286

PostPosted: Mon 14 Jan 2008, 22:18    Post_subject:  

I've gotten hit now. It's not porn, but animie emoctions. There has been some posts that refer to puppy and thus it would explain it, but I know for my site A) I've got no way of removing the icons and B) it's a hhe ole in aceboard that has caused it. My site dosn't use phpbb. It's probaly an SQL or JS injection.
_________________
I need help with my forum. LINK:http://www.programers.co.nr/
http://www.freewebs.com/programm/iframe.html is my gateway page...
Back to top
View user's profile Send_private_message Visit_website YIM 
Pizzasgood


Joined: 04 May 2005
Posts: 6270
Location: Knoxville, TN, USA

PostPosted: Mon 14 Jan 2008, 23:26    Post_subject:  

Quote:
I've got no way of removing the icons
Why not? They didn't change your password on you did they?
_________________
Between depriving a man of one hour from his life and depriving him of his life there exists only a difference of degree. --Muad'Dib

Back to top
View user's profile Send_private_message Visit_website 
bobwrit


Joined: 12 Mar 2007
Posts: 286

PostPosted: Mon 14 Jan 2008, 23:36    Post_subject:  

No, no change in password. Just that in the admin uploaded smilies list they're not there. It's only the admin that can upload smilies on the board too.
_________________
I need help with my forum. LINK:http://www.programers.co.nr/
http://www.freewebs.com/programm/iframe.html is my gateway page...
Back to top
View user's profile Send_private_message Visit_website YIM 
bear

Joined: 25 Dec 2007
Posts: 14

PostPosted: Tue 15 Jan 2008, 06:23    Post_subject:  

@prehistoric

As far as i understood when I followed a link earlier from this thread some like that turkish guy use Barry's site as a proxy to illegal sites.

The rats show themselves on what they die, the bear shows his children....
About porn: maybe a year ago I suddenly saw spam in the forum from a poster named Grizzlybeer, which had been removed in minutes (shocking to me).

Maybe two decades ago Berlin was the second biggest turkish city!


So, what do I mean?

Personal attack to Barry or not maybe the question.

We're all lucky when we've got a job and we all know that the states employees always have to work coz work is growing and growing.

Months ago I saw in a post from NathanF his mp3's: shocking, "Spooky Tooth". (Couldn't buy them myself at that time)

In my opinion and knowledge secret services behave like flies: definately senseless (no more cold war)!

Nothing to do
Back to top
View user's profile Send_private_message 
bear

Joined: 25 Dec 2007
Posts: 14

PostPosted: Tue 15 Jan 2008, 06:39    Post_subject: P. S.  

in 1982 I saw my bookcase for a second in TV.

Talking with my woman, however daily I took an hour for myself in "my own" room. Listening to culture radio, the 2nd biggest Radiostation in Europe behind TASS.

Was it "tea time small talking" at seven pm?

EHEM!!!
Back to top
View user's profile Send_private_message 
rockym93


Joined: 04 Jul 2006
Posts: 21
Location: Australia

PostPosted: Tue 15 Jan 2008, 07:24    Post_subject:  

DON'T POST WHEN YOU'RE LEAVING. If they know you're away, they can strike without it being fixed.

This guy did (ironically enough he was going to India too), and ended up losing his domain name. Unrelated to porn links but better safe than sorry.

http://davidairey.co.uk/google-gmail-security-hijack/

_________________

Back to top
View user's profile Send_private_message Visit_website 
raffy

Joined: 25 May 2005
Posts: 4759
Location: Manila

PostPosted: Tue 15 Jan 2008, 09:36    Post_subject: planted  

In one site that I keep, it has planted php and mysql code on December 24, 2007, and the scripts have been intermittently called since then.
_________________
Puppy user since Oct 2004. Want FreeOffice? Get the sfs (English only).
Back to top
View user's profile Send_private_message 
alienjeff


Joined: 08 Jul 2006
Posts: 2291
Location: Winsted, CT - USA

PostPosted: Tue 15 Jan 2008, 12:37    Post_subject:  

Wonder what OS is in use by these Puppy hosting companies? Wink
_________________
hangout: ##b0rked on irc.freenode.net
diversion: http://alienjeff.net - visit The Fringe
quote: "The foundation of authority is based upon the consent of the people." - Thomas Hooker

Back to top
View user's profile Send_private_message 
MU


Joined: 24 Aug 2005
Posts: 13642
Location: Karlsruhe, Germany

PostPosted: Tue 15 Jan 2008, 13:38    Post_subject:  

Servage: Linux node2.c23 2.6.17-1.2142_FC4smp
So seems to be Fedora Core 4.
On minisys.org we use Slackware, Suse and Puppy, it depends on the Sub-websites. We migrate from Suse to Slackware/Puppy currently, but this is not completed yet.
Mark
Back to top
View user's profile Send_private_message Visit_website 
wingruntled

Joined: 20 Feb 2007
Posts: 287
Location: Great Lakes

PostPosted: Tue 15 Jan 2008, 14:38    Post_subject:  

AJ
To answer your question.

Initiating server query ...
Looking up IP address for domain: puppylinux.com
The IP address for the domain is: ********************
Connecting to the server on standard HTTP port: 80
[Connected] Requesting the server's default page.
The server returned the following response headers:
HTTP/1.1 200 OK
Date: Tue, 15 Jan 2008 18:29:09 GMT
Server: Apache
Last-Modified: Sun, 13 Jan 2008 19:31:34 GMT
ETag: "6ab00dd-8bbf-9b777180"
Accept-Ranges: bytes
Content-Length: 35775
Connection: close
Content-Type: text/html
Query complete.

Just for the heck of it I queried everybody in this thread that has a page and I did not find a single MS host server.

Das ist auch gut so Smile
Back to top
View user's profile Send_private_message 
Bruce B


Joined: 18 May 2005
Posts: 11080
Location: The Peoples Republic of California

PostPosted: Tue 15 Jan 2008, 17:06    Post_subject:  

This is the first I noticed this topic. Condolences extended.

After reading it through, my first theory was: It starts with a php capability which in turn exploits a wordpress vulnerability.

Following this theory, I then checked: Google wordpress php vulnerability
Back to top
View user's profile Send_private_message 
prehistoric


Joined: 23 Oct 2007
Posts: 1255

PostPosted: Tue 15 Jan 2008, 18:05    Post_subject: Doesn't this sound relevant?  

Notice this response to John Murga's announcement of security downtime by "bear".
http://www.murga-linux.com/puppy/viewtopic.php?t=25457

Quote:

move it to spam

NATHAN war der Weise!


Remember, how Nathan's Grafpup differs? He does not use root privileges for everything.

Bear has made 14 posts since 25 Dec 2007, and half of them were today, and also rather strange. He has not made any posts to German threads, yet he appears to speak German as well as he speaks any language.

I would say he decided this identity was compromised very recently and threw caution to the winds.

If bear isn't connected with security problems and spamming, what does this mean? Perhaps, he will post an explanation in this thread.

prehistoric
Back to top
View user's profile Send_private_message 
Display_posts:   Sort by:   
Page 4 of 9 Posts_count   Goto page: Previous 1, 2, 3, 4, 5, 6, 7, 8, 9 Next
Post_new_topic   Reply_to_topic View_previous_topic :: View_next_topic
 Forum index » Taking the Puppy out for a walk » Announcements
Jump to:  

Rules_post_cannot
Rules_reply_cannot
Rules_edit_cannot
Rules_delete_cannot
Rules_vote_cannot
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0917s ][ Queries: 12 (0.0047s) ][ GZIP on ]