Serious security breach on Developer Blog
- prehistoric
- Posts: 1744
- Joined: Tue 23 Oct 2007, 17:34
attack motivation?
@Caneri, nic2109,
Not really arguing. I said they were already aware they face criminal penalties, if caught. (As for their future, it depends on what they get away with first.) What I was trying to say is that criminal organizations are probably not yet willing to pay specifically for attacking Puppy Linux sites.
There is a real wave of spamming attacks taking place all over. (The infoweek article linked above by inged explains a lot about how.) I just found another example, checked the site using wget, and did a Google search for sites mentioning spamming and containing those links; they're widespread, and most are coping poorly. I'm not talking about the forces of darkness behind these.
My comments were about the small group which has been harrassing Barry and others for months, and has now found powerful weapons made available by others. The speed with which they adapt, and evidence of monitoring, suggests human control and a special interest in scoring against Puppy sites. If we can neutralize these people, threats from the general Internet community will propagate much more slowly in our direction. We don't have to catch them, just make them real cautious, make their successes less rewarding, and the effort more like real work. Besides, there is always the chance they will slip up under this kind of scrutiny.
As for countermeasures, If they could hear a group of old timers rhythmically chanting assembly code, from the days before C, they would know they were messing with necromancy and flee. (No, no, don't even consider chanting JCL, your soul is at stake.)
prehistoric
p.s. I have succeeded in provoking a response I was looking for. What does anyone know about member "bear"? Is his post what DSM-IV calls "word salad", or is he simply working in an unfamiliar medium? Check out all his posts!
Not really arguing. I said they were already aware they face criminal penalties, if caught. (As for their future, it depends on what they get away with first.) What I was trying to say is that criminal organizations are probably not yet willing to pay specifically for attacking Puppy Linux sites.
There is a real wave of spamming attacks taking place all over. (The infoweek article linked above by inged explains a lot about how.) I just found another example, checked the site using wget, and did a Google search for sites mentioning spamming and containing those links; they're widespread, and most are coping poorly. I'm not talking about the forces of darkness behind these.
My comments were about the small group which has been harrassing Barry and others for months, and has now found powerful weapons made available by others. The speed with which they adapt, and evidence of monitoring, suggests human control and a special interest in scoring against Puppy sites. If we can neutralize these people, threats from the general Internet community will propagate much more slowly in our direction. We don't have to catch them, just make them real cautious, make their successes less rewarding, and the effort more like real work. Besides, there is always the chance they will slip up under this kind of scrutiny.
As for countermeasures, If they could hear a group of old timers rhythmically chanting assembly code, from the days before C, they would know they were messing with necromancy and flee. (No, no, don't even consider chanting JCL, your soul is at stake.)
prehistoric
p.s. I have succeeded in provoking a response I was looking for. What does anyone know about member "bear"? Is his post what DSM-IV calls "word salad", or is he simply working in an unfamiliar medium? Check out all his posts!
Last edited by prehistoric on Tue 15 Jan 2008, 16:07, edited 2 times in total.
How? By rebroadcasting something like this?cthisbear wrote:Ignore the spoilers
Now for some more Ignoring the Spoilers:...one good thing is that they happened before Barry travelled to India ...
Here's your answer:...don't know what measures Barry has for emergencies in regard for
someone here to put things to rights
Reference: http://www.murga-linux.com/puppy/viewto ... 728#166728Raffy wrote:I did not have access to FTP last night
Sorry, but must LOL at that one. BTW, Intel not only has money and resources, but they also have "etc," which includes an unwritten yet very real IOU note from Barry for their "unconditional donation" of the two ClassMate computers.cthisbear wrote:Don't laugh at this....but maybe Intel could monitor and out this crumb. They have money, resources etc....
At least we agree that there's no free lunch.why not use them whilst they are using Barry.
[size=84][i]hangout:[/i] ##b0rked on irc.freenode.net
[i]diversion:[/i] [url]http://alienjeff.net[/url] - visit The Fringe
[i]quote:[/i] "The foundation of authority is based upon the consent of the people." - Thomas Hooker[/size]
[i]diversion:[/i] [url]http://alienjeff.net[/url] - visit The Fringe
[i]quote:[/i] "The foundation of authority is based upon the consent of the people." - Thomas Hooker[/size]
attack and survival
It's in this sense that I've been quiet about criticisms of the multiple web presence of Puppy Linux. It's a good survival strategy when attacks come, and surely they will.prehistoric wrote:..criminal organizations are probably not yet willing to pay specifically for attacking Puppy Linux sites.
..small group which has been harrassing Barry and others for months..
Puppy user since Oct 2004. Want FreeOffice? [url=http://puppylinux.info/topic/freeoffice-2012-sfs]Get the sfs (English only)[/url].
I've gotten hit now. It's not porn, but animie emoctions. There has been some posts that refer to puppy and thus it would explain it, but I know for my site A) I've got no way of removing the icons and B) it's a hhe ole in aceboard that has caused it. My site dosn't use phpbb. It's probaly an SQL or JS injection.
I need help with my forum. [b][u]LINK:[/u][/b][url]http://www.programers.co.nr/[/url]
[url]http://www.freewebs.com/programm/iframe.html[/url] is my gateway page...
[url]http://www.freewebs.com/programm/iframe.html[/url] is my gateway page...
- Pizzasgood
- Posts: 6183
- Joined: Wed 04 May 2005, 20:28
- Location: Knoxville, TN, USA
Why not? They didn't change your password on you did they?I've got no way of removing the icons
[size=75]Between depriving a man of one hour from his life and depriving him of his life there exists only a difference of degree. --Muad'Dib[/size]
[img]http://www.browserloadofcoolness.com/sig.png[/img]
[img]http://www.browserloadofcoolness.com/sig.png[/img]
No, no change in password. Just that in the admin uploaded smilies list they're not there. It's only the admin that can upload smilies on the board too.
I need help with my forum. [b][u]LINK:[/u][/b][url]http://www.programers.co.nr/[/url]
[url]http://www.freewebs.com/programm/iframe.html[/url] is my gateway page...
[url]http://www.freewebs.com/programm/iframe.html[/url] is my gateway page...
@prehistoric
As far as i understood when I followed a link earlier from this thread some like that turkish guy use Barry's site as a proxy to illegal sites.
The rats show themselves on what they die, the bear shows his children....
About porn: maybe a year ago I suddenly saw spam in the forum from a poster named Grizzlybeer, which had been removed in minutes (shocking to me).
Maybe two decades ago Berlin was the second biggest turkish city!
So, what do I mean?
Personal attack to Barry or not maybe the question.
We're all lucky when we've got a job and we all know that the states employees always have to work coz work is growing and growing.
Months ago I saw in a post from NathanF his mp3's: shocking, "Spooky Tooth". (Couldn't buy them myself at that time)
In my opinion and knowledge secret services behave like flies: definately senseless (no more cold war)!
Nothing to do
As far as i understood when I followed a link earlier from this thread some like that turkish guy use Barry's site as a proxy to illegal sites.
The rats show themselves on what they die, the bear shows his children....
About porn: maybe a year ago I suddenly saw spam in the forum from a poster named Grizzlybeer, which had been removed in minutes (shocking to me).
Maybe two decades ago Berlin was the second biggest turkish city!
So, what do I mean?
Personal attack to Barry or not maybe the question.
We're all lucky when we've got a job and we all know that the states employees always have to work coz work is growing and growing.
Months ago I saw in a post from NathanF his mp3's: shocking, "Spooky Tooth". (Couldn't buy them myself at that time)
In my opinion and knowledge secret services behave like flies: definately senseless (no more cold war)!
Nothing to do
P. S.
in 1982 I saw my bookcase for a second in TV.
Talking with my woman, however daily I took an hour for myself in "my own" room. Listening to culture radio, the 2nd biggest Radiostation in Europe behind TASS.
Was it "tea time small talking" at seven pm?
EHEM!!!
Talking with my woman, however daily I took an hour for myself in "my own" room. Listening to culture radio, the 2nd biggest Radiostation in Europe behind TASS.
Was it "tea time small talking" at seven pm?
EHEM!!!
DON'T POST WHEN YOU'RE LEAVING. If they know you're away, they can strike without it being fixed.
This guy did (ironically enough he was going to India too), and ended up losing his domain name. Unrelated to porn links but better safe than sorry.
http://davidairey.co.uk/google-gmail-security-hijack/
This guy did (ironically enough he was going to India too), and ended up losing his domain name. Unrelated to porn links but better safe than sorry.
http://davidairey.co.uk/google-gmail-security-hijack/
[url=http://rockym93.dnsalias.net/][img]http://rockym93.dnsalias.net/puppy-powered.png[/img][/url]
planted
In one site that I keep, it has planted php and mysql code on December 24, 2007, and the scripts have been intermittently called since then.
Puppy user since Oct 2004. Want FreeOffice? [url=http://puppylinux.info/topic/freeoffice-2012-sfs]Get the sfs (English only)[/url].
AJ
To answer your question.
Initiating server query ...
Looking up IP address for domain: puppylinux.com
The IP address for the domain is: ********************
Connecting to the server on standard HTTP port: 80
[Connected] Requesting the server's default page.
The server returned the following response headers:
HTTP/1.1 200 OK
Date: Tue, 15 Jan 2008 18:29:09 GMT
Server: Apache
Last-Modified: Sun, 13 Jan 2008 19:31:34 GMT
ETag: "6ab00dd-8bbf-9b777180"
Accept-Ranges: bytes
Content-Length: 35775
Connection: close
Content-Type: text/html
Query complete.
Just for the heck of it I queried everybody in this thread that has a page and I did not find a single MS host server.
Das ist auch gut so
To answer your question.
Initiating server query ...
Looking up IP address for domain: puppylinux.com
The IP address for the domain is: ********************
Connecting to the server on standard HTTP port: 80
[Connected] Requesting the server's default page.
The server returned the following response headers:
HTTP/1.1 200 OK
Date: Tue, 15 Jan 2008 18:29:09 GMT
Server: Apache
Last-Modified: Sun, 13 Jan 2008 19:31:34 GMT
ETag: "6ab00dd-8bbf-9b777180"
Accept-Ranges: bytes
Content-Length: 35775
Connection: close
Content-Type: text/html
Query complete.
Just for the heck of it I queried everybody in this thread that has a page and I did not find a single MS host server.
Das ist auch gut so
This is the first I noticed this topic. Condolences extended.
After reading it through, my first theory was: It starts with a php capability which in turn exploits a wordpress vulnerability.
Following this theory, I then checked: Google wordpress php vulnerability
After reading it through, my first theory was: It starts with a php capability which in turn exploits a wordpress vulnerability.
Following this theory, I then checked: Google wordpress php vulnerability
- prehistoric
- Posts: 1744
- Joined: Tue 23 Oct 2007, 17:34
Doesn't this sound relevant?
Notice this response to John Murga's announcement of security downtime by "bear".
http://www.murga-linux.com/puppy/viewtopic.php?t=25457
Bear has made 14 posts since 25 Dec 2007, and half of them were today, and also rather strange. He has not made any posts to German threads, yet he appears to speak German as well as he speaks any language.
I would say he decided this identity was compromised very recently and threw caution to the winds.
If bear isn't connected with security problems and spamming, what does this mean? Perhaps, he will post an explanation in this thread.
prehistoric
http://www.murga-linux.com/puppy/viewtopic.php?t=25457
Remember, how Nathan's Grafpup differs? He does not use root privileges for everything.move it to spam
NATHAN war der Weise!
Bear has made 14 posts since 25 Dec 2007, and half of them were today, and also rather strange. He has not made any posts to German threads, yet he appears to speak German as well as he speaks any language.
I would say he decided this identity was compromised very recently and threw caution to the winds.
If bear isn't connected with security problems and spamming, what does this mean? Perhaps, he will post an explanation in this thread.
prehistoric
Re: Doesn't this sound relevant?
And he appears to be unable to identify French since he posted in English in a French thread stating that he didn't understand what was going on.prehistoric wrote:he appears to speak German as well as he speaks any language.
I agree that some of his posts appear completely random and nonsensical, like what a spammer uses to tag a forum, but others seem well-informed and relevant to the thread.
My guess is that he is not a spammer, and that his posts that made no sense were just a literal translation of some German colloquialism that doesn't mean the same thing when directly translated. That doesn't really explain the comment to Mr. Murga (put what in spam?), though.
Be brave that God may help thee, speak the truth even if it leads to death, and safeguard the helpless. - A knight's oath
php scripts
As long as one uses Web/PHP scripts, one is advised to check for updates daily and install those updates. Also, a user-friendly configuration of both Apache and PHP allows easy injection of code to the website. So it's really user vigilance that matters.
Possible moral of the story: when you go on leave, disable all scripts and run only static HTML. And make all folders read-only.
Possible moral of the story: when you go on leave, disable all scripts and run only static HTML. And make all folders read-only.
Puppy user since Oct 2004. Want FreeOffice? [url=http://puppylinux.info/topic/freeoffice-2012-sfs]Get the sfs (English only)[/url].
hi guys, I was on the french forum while it happened
was talking to Botanic about the french forum mods.... here
not really fluent english so goes with Sir Duncan's thoughts
rather good translation though, but not perfect.
hope I didn't let the devil in by mistake...
maddox
was talking to Botanic about the french forum mods.... here
Code: Select all
bear
Joined: 25 Dec 2007
Posts: 14
PostPosted: Today, at 8:23 am Post subject:
I'm not quite sure what you suppose to say
rather good translation though, but not perfect.
hope I didn't let the devil in by mistake...
maddox
Some of his posts were very specific and not likely the ramblings of a bot (unless he is a better one than the ones I am used to). For instance:
in <http://www.murga-linux.com/puppy/viewto ... 0&start=15>. That doesn't look a bot to me.bear wrote:lI'm running win2000 on a 25 GB file in virtualbox. Seamless integration is great!
With JWM you will have to use autohide tray.
Sometimes I use it as a fileserver, but note that bridge-utils won't work in newer puppies.
So there is only NAT.
Be brave that God may help thee, speak the truth even if it leads to death, and safeguard the helpless. - A knight's oath