Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Fri 24 Oct 2014, 08:13
All times are UTC - 4
 Forum index » Taking the Puppy out for a walk » Announcements
Serious security breach on Developer Blog
Moderators: Flash, Ian, JohnMurga
Post new topic   Reply to topic View previous topic :: View next topic
Page 5 of 9 [121 Posts]   Goto page: Previous 1, 2, 3, 4, 5, 6, 7, 8, 9 Next
Author Message
SirDuncan


Joined: 09 Dec 2006
Posts: 836
Location: Ohio, USA

PostPosted: Tue 15 Jan 2008, 20:23    Post subject: Re: Doesn't this sound relevant?  

prehistoric wrote:
he appears to speak German as well as he speaks any language.

And he appears to be unable to identify French since he posted in English in a French thread stating that he didn't understand what was going on.

I agree that some of his posts appear completely random and nonsensical, like what a spammer uses to tag a forum, but others seem well-informed and relevant to the thread.

My guess is that he is not a spammer, and that his posts that made no sense were just a literal translation of some German colloquialism that doesn't mean the same thing when directly translated. That doesn't really explain the comment to Mr. Murga (put what in spam?), though.

_________________
Be brave that God may help thee, speak the truth even if it leads to death, and safeguard the helpless. - A knight's oath
Back to top
View user's profile Send private message Visit poster's website 
raffy

Joined: 25 May 2005
Posts: 4779
Location: Manila

PostPosted: Tue 15 Jan 2008, 20:30    Post subject: php scripts  

As long as one uses Web/PHP scripts, one is advised to check for updates daily and install those updates. Also, a user-friendly configuration of both Apache and PHP allows easy injection of code to the website. So it's really user vigilance that matters.

Possible moral of the story: when you go on leave, disable all scripts and run only static HTML. And make all folders read-only.

_________________
Puppy user since Oct 2004. Want FreeOffice? Get the sfs (English only).
Back to top
View user's profile Send private message 
maddox

Joined: 28 Sep 2007
Posts: 453
Location: sometimes in France

PostPosted: Tue 15 Jan 2008, 20:39    Post subject:  

hi guys, I was on the french forum while it happened
was talking to Botanic about the french forum mods.... here
Code:
bear
Joined: 25 Dec 2007
Posts: 14
PostPosted: Today, at 8:23 am    Post subject:    
I'm not quite sure what you suppose to say


not really fluent english so goes with Sir Duncan's thoughts
rather good translation though, but not perfect.

hope I didn't let the devil in by mistake...
maddox
Back to top
View user's profile Send private message 
John Doe

Joined: 01 Aug 2005
Posts: 1689
Location: Michigan, US

PostPosted: Tue 15 Jan 2008, 20:59    Post subject:  

looks like a bot to me. I've seen one in another forum. Same sort of strange postings, that somewhat correlate to the text but don't really seem to be part of the conversation.

Bear, you out there?

Are you a bot or a real person?
Back to top
View user's profile Send private message 
SirDuncan


Joined: 09 Dec 2006
Posts: 836
Location: Ohio, USA

PostPosted: Tue 15 Jan 2008, 21:37    Post subject:  

Some of his posts were very specific and not likely the ramblings of a bot (unless he is a better one than the ones I am used to). For instance:
bear wrote:
lI'm running win2000 on a 25 GB file in virtualbox. Seamless integration is great!
With JWM you will have to use autohide tray.

Sometimes I use it as a fileserver, but note that bridge-utils won't work in newer puppies.
So there is only NAT.
in <http://www.murga-linux.com/puppy/viewtopic.php?t=24910&start=15>. That doesn't look a bot to me.
_________________
Be brave that God may help thee, speak the truth even if it leads to death, and safeguard the helpless. - A knight's oath
Back to top
View user's profile Send private message Visit poster's website 
John Doe

Joined: 01 Aug 2005
Posts: 1689
Location: Michigan, US

PostPosted: Tue 15 Jan 2008, 21:53    Post subject:  

SirDuncan wrote:
That doesn't look a bot to me.


hmmm.. You're right, that looks like an actual conversation. Either he's real or the AI is getting way better.
Back to top
View user's profile Send private message 
prehistoric


Joined: 23 Oct 2007
Posts: 1301

PostPosted: Tue 15 Jan 2008, 22:17    Post subject: bear hunting  

@Sir Duncan,

The post aimed at me at time 6:23 reads like English produced by a native German speaker. Human, not a bot. Early posts, before this security breach thread started, also sound like English produced by a native German speaker with some education. Some other posts wouldn't read well in either English or German, except, of course, the statement about Nathan, which appears to be from a native speaker of German. That one has time 7:25, and couldn't have been prepared before John posted the announcement at 6:57.

Because I did several edits, I don't know the exact time I inserted my postscript. It seems, to me, like he decided the identity was known to sys admin. when he read that I had deliberately provoked him. Then, he made that revealing reply to John Murga, and the 'bot took over. This is the kind of bot herding which has been characteristic of our problems.

prehistoric
Back to top
View user's profile Send private message 
Ted Dog


Joined: 13 Sep 2005
Posts: 2367
Location: Heart of Texas

PostPosted: Wed 16 Jan 2008, 00:39    Post subject: Multiple host broken, servage, and North Carolina  

About this time last year BarryK and I set our domains to a FSF support host via the Univ. of NC.
I was informed by a friend of hacking scripts he located that was attacking, puppylinux.net ( which is registered to me ) I notified BarryK. I think it was in October. We disbanded the host of Univ. of NC, but somehow our domains remain interlocked. try puppylinux.net (no www.) and www.puppylinux.net its different.
I think his login and passwords was captured, once and secondary root pass accounts were setup.
Or, the puppylinux.net domain still points to Univ of NC, and its DNS is pointing to servage.
Back to top
View user's profile Send private message 
prehistoric


Joined: 23 Oct 2007
Posts: 1301

PostPosted: Wed 16 Jan 2008, 07:10    Post subject: Domains now seem fixed  

@Ted Dog,

The examples you gave now show the same result, for me. Is this true for everyone?

@bear

Still waiting for explanation. Are you a legitimate user whose account has been misused?

prehistoric
Back to top
View user's profile Send private message 
MU


Joined: 24 Aug 2005
Posts: 13642
Location: Karlsruhe, Germany

PostPosted: Wed 16 Jan 2008, 07:45    Post subject:  

bears first 2 postings are too "on-topic" to be written by bots.
The rest is typical bot-behaviour.
It think his account was hacked by a bot, then the bot used this account to sporadically post messages.
Mark
Back to top
View user's profile Send private message Visit poster's website 
Sage

Joined: 04 Oct 2005
Posts: 4797
Location: GB

PostPosted: Wed 16 Jan 2008, 10:14    Post subject:  

John should be able to locate 'bear' from his registration details (and ISP, if appropriate)? Has anyone advised John yet?
Back to top
View user's profile Send private message 
Flash
Official Dog Handler


Joined: 04 May 2005
Posts: 11121
Location: Arizona USA

PostPosted: Wed 16 Jan 2008, 14:24    Post subject:  

Bear has posted from a range of IP addresses, 7 posts from one, 2 from several others, and just 1 post from several, which is consistent with someone using ADSL or Cable.

I don't know why he hasn't replied to the questions in this thread. He contributed to it one time; surely he's been following it. (If he's really a human. Smile )
Back to top
View user's profile Send private message 
prehistoric


Joined: 23 Oct 2007
Posts: 1301

PostPosted: Wed 16 Jan 2008, 15:10    Post subject: notifying John Murga  

@ Sage,

I notified John Murga via PM while I was preparing the edit to the post which provoked a response, but have no reply from John, yet. When I sent that message I was not nearly as certain about bear as I now feel, so am not surprised, even if it turns out John saw my message and ignored it.

I am quite flattered that bear took John's announcement of a system shutdown for a security update as the result of behind the scenes coordination between us. Fooling some people is easy; for the paranoid there are no coincidences. To quote my sainted mother, "the wicked flee-eth when none pursue-eth".

prehistoric
Back to top
View user's profile Send private message 
BarryK
Puppy Master


Joined: 09 May 2005
Posts: 7047
Location: Perth, Western Australia

PostPosted: Wed 16 Jan 2008, 19:54    Post subject: Re: Multiple host broken, servage, and North Carolina  

Ted Dog wrote:
About this time last year BarryK and I set our domains to a FSF support host via the Univ. of NC.
I was informed by a friend of hacking scripts he located that was attacking, puppylinux.net ( which is registered to me ) I notified BarryK. I think it was in October. We disbanded the host of Univ. of NC, but somehow our domains remain interlocked. try puppylinux.net (no www.) and www.puppylinux.net its different.
I think his login and passwords was captured, once and secondary root pass accounts were setup.
Or, the puppylinux.net domain still points to Univ of NC, and its DNS is pointing to servage.

Umm, I'm confused. Should I now login to the servage.net control panel and set the domain 'puppylinux.net' to point to same root directory as 'puppylinux.com'? I haven't done that yet, didn't know what the situation with puppylinux.net was.

_________________
http://bkhome.org/news/
Back to top
View user's profile Send private message Visit poster's website 
raffy

Joined: 25 May 2005
Posts: 4779
Location: Manila

PostPosted: Wed 16 Jan 2008, 20:22    Post subject: puppylinux.net  

This is what it shows:
Code:
 Welcome to Puppy Linux DOT net
ok this shows that my DNS record has been corrected
TedDog

(Same result with and without www.)

Maybe you want it to point to puptrix.org, as it is a source repository? If that's the case, then its domain pointer should be toward the puptrix.org host, and Ted should park the domain in his host. Ted should give the domain info. (It seems that these have been done already, and Ted should point it to an appropriate page).
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 5 of 9 [121 Posts]   Goto page: Previous 1, 2, 3, 4, 5, 6, 7, 8, 9 Next
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Taking the Puppy out for a walk » Announcements
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0842s ][ Queries: 12 (0.0045s) ][ GZIP on ]