Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Wed 17 Sep 2014, 13:35
All times are UTC - 4
 Forum index » Taking the Puppy out for a walk » Announcements
Serious security breach on Developer Blog
Moderators: Flash, Ian, JohnMurga
Post new topic   Reply to topic View previous topic :: View next topic
Page 6 of 9 [121 Posts]   Goto page: Previous 1, 2, 3, 4, 5, 6, 7, 8, 9 Next
Author Message
prehistoric


Joined: 23 Oct 2007
Posts: 1271

PostPosted: Thu 17 Jan 2008, 13:30    Post subject: New attack?  

Just found a Puppy-related site displaying a login for LoLoLa, (don't have the accents right,) which a Google search seems to show as a singles' site. If anyone finds others out there, get the time of the attack as closely as possible, so we can trace propagation. I've notified the operator by gmail, while checking other sites.

prehistoric

edit: Now identified this as a Trojan, with name LoLoLo. Above name was mistake due to appearance.
Back to top
View user's profile Send private message 
ymer

Joined: 18 May 2007
Posts: 16

PostPosted: Thu 17 Jan 2008, 16:08    Post subject:  

If that's a Trojan, then www . ttuuxx . com is hacked also, the same LoLoLo stuff is displayed at its front page.
Last edited by ymer on Fri 18 Jan 2008, 17:01; edited 1 time in total
Back to top
View user's profile Send private message 
prehistoric


Joined: 23 Oct 2007
Posts: 1271

PostPosted: Thu 17 Jan 2008, 16:28    Post subject: Linked to Trojan?  

@ymer,

Didn't you stop to think why I failed to provide a link to a Trojan?

Are you under the control of dark powers?

prehistoric
Back to top
View user's profile Send private message 
Caneri

Joined: 04 Sep 2007
Posts: 1580
Location: Canada

PostPosted: Thu 17 Jan 2008, 17:14    Post subject:  

Thanks for the info.

eric

_________________
Be not afraid to grow slowly, only be afraid of standing still.
Chinese Proverb

Back to top
View user's profile Send private message 
RobertB


Joined: 02 Jan 2006
Posts: 145
Location: Big D

PostPosted: Thu 17 Jan 2008, 17:37    Post subject:  

I don't know if this is helpful to the problem, but I noticed in the TouTou Puppy thread ( http://www.murga-linux.com/puppy/viewtopic.php?t=24074 ) that there's a posting by "John Smith" that is an exact copy of the (French!) posting above it. It's the only posting by that user.

*EDIT* The duplicate posting features a link to a laser pointer sales site in the .sig. Also, when they cut-n-pasted the text, they turned "Cordialement Wink" into "Cordialement Wink"...
Back to top
View user's profile Send private message Visit poster's website 
Flash
Official Dog Handler


Joined: 04 May 2005
Posts: 11065
Location: Arizona USA

PostPosted: Thu 17 Jan 2008, 23:16    Post subject:  

If you mean this post, I'll remove it if the consensus is that it is spam. (And remove the poster from the membership list too.)
Back to top
View user's profile Send private message 
prehistoric


Joined: 23 Oct 2007
Posts: 1271

PostPosted: Fri 18 Jan 2008, 05:58    Post subject: spoor of the beast  

Things are slow here. Been off elsewhere, tracking. "bear" may have left a calling card on the computation freebies board some little time ago.
(WARNING: use any links with shields up! "pfix=ram", etc.)
http://freeforums.bizhat.com/index.php?mforum=com&showtopic=537&st=0&#entry1164
Doesn't anyone ever clean up that site?

How does the date and content compare with BarryK's problems? Has anyone seen an earlier example of this particular genre?

prehistoric
Back to top
View user's profile Send private message 
ymer

Joined: 18 May 2007
Posts: 16

PostPosted: Fri 18 Jan 2008, 17:00    Post subject:  

Quote:
Didn't you stop to think why I failed to provide a link to a Trojan?


Sorry, it wasn't intentional. Removed it.
Back to top
View user's profile Send private message 
prehistoric


Joined: 23 Oct 2007
Posts: 1271

PostPosted: Fri 18 Jan 2008, 17:57    Post subject: Re: linked Trojan  

@ymer,

Sorry, I was upset because I had had no response from all my attempts to contact ttuuxxx and the Trojan was still up. There was a typo which prevented the clueless from simply clicking through, so it did no real harm. Caneri saw it and realised he needed to disable some links, which was good.

@anyone,

I've now figured out how to handle warnings in that particular case. We need a better way in general to notify site administration when a hacked site is discovered. Suggestions?

prehistoric
Back to top
View user's profile Send private message 
maddox

Joined: 28 Sep 2007
Posts: 453
Location: sometimes in France

PostPosted: Fri 18 Jan 2008, 18:30    Post subject:  

might sound dumb, what about pseudo user accounts for this
use their trick
Back to top
View user's profile Send private message 
Sage

Joined: 04 Oct 2005
Posts: 4784
Location: GB

PostPosted: Sat 19 Jan 2008, 01:56    Post subject:  

I've been urging John to complete his appointment of additional savvy moderators, preferably distributed evenly across the globe. Originally, this I envisaged would better deal with the persistent spammers who remained visible until sun up in Arizona, but now the need becomes much more urgent.
Back to top
View user's profile Send private message 
prehistoric


Joined: 23 Oct 2007
Posts: 1271

PostPosted: Sat 19 Jan 2008, 07:36    Post subject: community vs. attackers  

Here's a quote from a PM I sent while worrying about the issues of openess and secrecy in relation to our current problem.
Quote:
Not wanting to say too much to the wrong people. That's the maddening thing about this whole business. Our whole model for problem solving is built on openess and cooperation. The damage attacks cause goes beyond the stuff you could take to court as evidence of monetary loss.

This episode has taught me one lesson; you shouldn't try to consider a software system in isolation from people. When you start trying to build programs that can stand on their own against a real, potentially-hostile human world you are into AI, where huge systems that consume all the resources you have and are never finished, or debugged, are all too common. The Puppy user/developer community is an integral part of Puppy.

If you want a case study in how not to organize the developer/user community read Daniel Robbins on the two cultures he found when he tried to return to Gentoo.
http://blog.funtoo.org/2008/01/tale-of-two-cultures.html

Most people in the software business still don't really believe it possible to create and maintain an operating system of any significance with volunteers. They've all seen how large teams of highly-paid people can fail to accomplish a fraction of the innovation found here. (This might have some connection with the idea that if the software is finished, and can stand on its own, there's no more need for developers.) I've seen several times how they keep looking for the trick, the exception which will allow them to classify Puppy as unreal.


Does that spark any thoughts about preserving the community as well as computer systems?

prehistoric

Edit: link fixed, and tested. This takes you to specific page. thanks to paulh177

Last edited by prehistoric on Sat 19 Jan 2008, 11:11; edited 2 times in total
Back to top
View user's profile Send private message 
paulh177


Joined: 22 Aug 2006
Posts: 875
Location: ST862228

PostPosted: Sat 19 Jan 2008, 08:14    Post subject:  

that blog is worth a read, but is at http://blog.funtoo.org/ (the link from primitive's PM is broken for me)
Back to top
View user's profile Send private message 
JohnMurga
Site Admin


Joined: 04 May 2005
Posts: 586
Location: Far to the east

PostPosted: Sat 19 Jan 2008, 09:23    Post subject:  

Hi,

I have received a lot of e-mails and private messages on this subject, and I am monitoring the situation and this thread. I have regular backups, and the whole server - and forum software will be upgraded some time at the end of Jan, when hopefully I'll have some time to go through the moderator situation too.

Either way I'd like to thank Flash publicly for taking care of everything moderation related so well for us Smile

Cheers
JohnM
Back to top
View user's profile Send private message Visit poster's website 
kattami

Joined: 17 Jan 2008
Posts: 109
Location: Norway

PostPosted: Sat 19 Jan 2008, 09:28    Post subject:  

Maybe its an idea to use the wiki at www.tiddlywiki.com that stores everything in one single html file? There is also a kubrick theme that is similar to the wordpress theme for tiddlywiki here:

http://tiddlythemes.com/empties/Kubrick.html

I would think that there would be no need for servers with stuff installed, like php scripts, to have a blog online if using tiddlywiki. And if writing offline and then upload to website it will be quick to delete everything on a website if something gets compromised and insert fresh copy from the one offline.

But minus with tiddlywiki is that per today its only firefox and IE that saves changes to tiddlywiki with no problems, and that some say it gets slow when its big. Opera has a problem with saving to the file and need some extra jar file which may not work. I dont know if Seamonkey is able to save to tiddlywiki.

As for security breaches and hacking attacks, its a good question who may be behind them. Some think that even governmental elements would like to get rid of things that is focused on freedom and cooperation and sharing. After all, the internet grew to be the peoples net and not something that could be controlled. I know someone in China so I hear very often about how they are blocked from websites and such. Thats the government whos doing this.

PS: As a matter of fact I told this person about puppylinux and a few days later I heard that all sites on puppylinux is blocked in China where they are (dont know how it is with other cities there). Really strange to hear...
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 6 of 9 [121 Posts]   Goto page: Previous 1, 2, 3, 4, 5, 6, 7, 8, 9 Next
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Taking the Puppy out for a walk » Announcements
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0863s ][ Queries: 12 (0.0089s) ][ GZIP on ]