(old)Puppy Linux Discussion Forum

Hi guys,

It's with the ultimate degree of frustration and anger that i'm obliged to advise that my VPS has been seriously hacked. Maddening thing is that i don't use php, perl or other scripts on the site, just simple css and html, yet some lowlife has nevertheless managed to exploit it somehow

I don't know what damage might've been sustained, or how long it will take to restore things to normal, but i do know that my host is currently investigating....as soon as i have any (hopefully!) positive news, i'll update this post.

My sincere apologies to all puppians whose files reside in this area of the kennels, and to all users and supporters of my site..

EDIT: users' pawswords will have to be changed, so i'll take care of that and update those concerned....thanks for your patience and support..

************************

UPDATE: For those who didn't see this announcement or aren't aware, i'm not closing my site or anything, the issue is that the site was hacked and my hosts have closed it until all hackers files have been cleaned out. I'm delighted to hear that there's no damage to any of our Puppy files, the hackers have just tried to use my server to install phishing malware and other rip-off tactics

Couldn't have happened at a worse time, as i have a terminally-ill sister and was just going away to spend a few days with her when all this started! She's still visiting but i'm back home now, so it's easier to keep a paw on the pulse of what's going on..

I've been informed that it shouldn't be long before the host is satisfied that things are clean and secure, so fingers crossed for more news soon...

************************

ANOTHER EDIT:
So much for timely action on the part of my host, who is no longer my host, as i can't tolerate their heel-dragging and woeful lack of communication any longer! My domain will shortly be transferred to another host but the site will be rebuilt from scratch, so this will take a little time...it's tiresome but i don't want to risk any potentially suspect files causing any further grief and inconvenience to users or myself....however...I'll be keeping as much of the internal directory structure intact as possible, because to change that would break a lot of links and create even more headaches for some users.

For those who've had enough of being stuffed around, i know Smokey01 and Caneri are willing to help out with server space for Puppy-related files - thanks, guys! - and to those who are still hanging in there, i'll get things online as quickly as i can..

~ ~ UPDATE Sat July 20 ~ ~

Things are looking up - pls see post on page 2

~* FURTHER UPDATE Tues. July 12 *~

OK puppians...pupsters...some user accounts can once again be accessed and files downloaded! Internal directory structure is the same as before, to minimise broken links.

At this moment, accessible directories include:

01micko
10wt3ch
aarf
abushcrafter
alexandrion
argolance
battleshooter
catdude
choicepup
darkcity
DaveS
dejan
deltapup
Dingo
ETP
fatgamespup
gulk
hacao
happypuppy
Idolse
kitchenpup
LegacyOS
lupu500
mediapup
multiuser
newyearspup
NOP
producerpup
PSIP
Pupeez
PuppyFancy
puppyluvr
quirky-wary
RevPup
saturn-brainwave
Scim
sPup
starhawk
SucciLinux
swiatmar
Tipsy
vanchutr
zigbert

Been having a hell of a time re-uploading files....two blackouts
and many files in the uploading process lost! Not to mention woefully slow upload speeds (around 20kb/s!), so the remainder will take as long it takes, sorry..

I'll add to the list above as the uploads complete..

Please just ignore the index page if you happen to go there - i haven't had the time to play with the cosmetics yet, too much on the plate with RL..

I am imposing a couple of conditions - please no uploading any php or javascript files - i know most of you don't but i have to put it out there, thanks.

@Starhawk and anyone else who had an account on my server: if you want to rejoin the troops, please let me know and i'll create a new account and pawsword for you.

Thanks again for the patience and support

Cheers,

russoodle

PS: If anything like this ever happens again, (and with the thieving/phishing/unethical lifestyle currently in vogue, it'd be naive to think it won't, despite security in place!), it'd really help if account-holders backed up their own directories locally, so restoration wouldn't be the time-consuming PITA for me that it currently is - easy too to keep file structures intact

Sorry to hear of this. It's quite a shame that people have to mess things up for some sort of BS personal gain. Rodney King put it best, I think: "Why can't we all just get along?!"

starhawk wrote:Sorry to hear of this. It's quite a shame that people have to mess things up for some sort of BS personal gain. Rodney King put it best, I think: "Why can't we all just get along?!"

Thank you, starhawk....yes, i think we should have open season on these lowlife bottom-feeders (if caught, of course)

Man that sucks!

I was just talking security with a forum member and told of all the rotten traffic trying to crack my firewall. You should see my router logs... mostly Russian and Chinese IP addresses.

It's a jungle out there!

Some of this looks like redirects or bounces thru those countries, too.

russoodle wrote:thanks for your patience and support..

I am patience and I am the one who should be thankful


Sigmund

Hello,

I am patience and I am the one who should be thankful

... Quite the same!

Cordialement!

Hi,

I can host pburn on my server absolutely free. Zigbert, if you are interested please send me pburn-4.0.0.pet via email - kfgz@interia.pl

Russoodle,

You will be welcome to use my space if you need it...and save money as well.

I can take many of your, or should I say, the users (devs) files if they are intact and not contaminated....the ftp account holders will need to confirm this...aka re-upload from clean sources.

Your thoughts Suzz?

Ericz

I was planning on uploading devs to the puppy channel on archive.org when I'd finished with the puppies

If interested I will set up some guest accounts so files can be uploaded

pm me.....

Hooray!! for ally Suzz,

There are many solutions to the dilemma. If you can use the vps and "re-direct" in htaccess, this can handle moving url addresses to a new server so it's not all bad...takes time

pita....be well suzz

01micko wrote:Man that sucks!
....snip
It's a jungle out there!

You're not kidding! Bunch of b****y bogans..

zigbert wrote:

russoodle wrote:thanks for your patience and support..

I am patience and I am the one who should be thankful
Sigmund

.....

Argolance wrote:Hello,

I am patience and I am the one who should be thankful

... Quite the same!

Cordialement!

Makes me even happier to host for guys like you - thanks so much!!

Caneri wrote:Russoodle,

You will be welcome to use my space if you need it...and save money as well.

I can take many of your, or should I say, the users (devs) files if they are intact and not contaminated....the ftp account holders will need to confirm this...aka re-upload from clean sources.

Your thoughts Suzz?

Ericz

Ah, Ericz....thanks Canuck, you're a gem! Unfortunately, i can't access anything on the server yet, not until they've rid it of all the nasties that have been installed.

As mentioned above, it looks as if no users' files have been contaminated, which is a huge relief, but will leave it to the remaining account holders to confirm... a few devs have already made other arrangements for their hosting, which saddens me, but who can blame them? I'll just have to re-evaluate the situation when i can access the server and decide what to do - i hate to see users unable to upload/download and be so inconvenienced, it's infuriating..
....Suzz

ally wrote: I was planning on uploading devs to the puppy channel on archive.org when I'd finished with the puppies

If interested I will set up some guest accounts so files can be uploaded

Thanks ally, i see you've been doing a whale of a job for the Puppy community - we're lucky to have members like you!

russoodle

01micko wrote:Man that sucks!

I was just talking security with a forum member and told of all the rotten traffic trying to crack my firewall. You should see my router logs... mostly Russian and Chinese IP addresses.

It's a jungle out there!

Oops good that you tell us. How do I check up these router logs then?

Russ so sad such happens. Thanks providing that service
and hopefully the tech guys find out how to clean it up.

Sorry to hear this Russ.

Hopefully it will get sorted soon. People like you and smokey01 are providing value service to many people, and it is only obvious how important it is after the blackout happens

cheers!

Thank you for your kind thoughts, nooby....i'd hoped to be back online before now but it seems they're still working on cleaning things up..

@jamesbond.. thanks James....it's such a pain and rather like being caught with one's pants down

Talking to Smokey01 on psip last night and he said something about an attempted DDoS on his server....seems like this sort of garbage is becoming endemic these days and i remember that poor Eric put up with a lot of this sort of crap, too. When - and why - did people's brains become so negative geared, i wonder..?

Hi russoodle,

After all this time it's best to let your vps die...rebuild if you want, but I would let it die and let the ftp users find new space "aka" rebuild a server from new files.

All those files are now suspect and not to be trusted as far as I'm concerned.

All my best Suzz,

Ericz

To Add,
Russodle,

It's amazing how fast ftp users will find new servers to upload to...I would take a break and save some money. Rest and move on Suzzz

I will take some of your users if they can handle my restrictions.

Hey Ericz,

Yes, although the files are supposed to be ok, i guess they are suspect, so they'll have to go...i have a fair bit of stuff backed up locally, so not everything will be lost.

I've sacked my host for their heel-dragging handling of this crapola but i won't save any money because i'm transferring shortly to a new host (VPS) Yeah, i can't help myself.... have to rebuild the site from scratch and will also try to have a better-organised setup this time, although being well-organised is not something i'm usually accused of!

Thanks for your offer to host some of the users from my server - i guess it's up to them to decide what they want to do, but i imagine most of them will be tired of waiting around..

Cheers matey..
Suzzz

If not already done, only allow FTP write access over SSH. Gftp handles it fine and plain old ftp can be hacked by any script kiddy.

russoodle wrote:Hey Ericz,
Yes, although the files are supposed to be ok, i guess they are suspect,

a dumb question:

if you change the md5sum of files by adding nothing but else than a simple space at bottom of files like this: can be this enough or not to avoid the need of deletion? It is possible I don't read carefully