[volunteergrid2-l] I'm sorry, but Introducer furl leaked
Steve Dodson
steve.dodson at gmail.com
Wed Mar 7 15:20:28 UTC 2012
It doesn't bother me a bit to switch; whatever needs to be done to keep
the grid happily chugging along. ;-P
On 03/07/2012 07:02 AM, Jody Harris wrote:
> I think we're all waiting for someone else to chime in.
>
> j
> ----
> Ph. 575-208-4567
> - Think carefully.
>
>
>
> On Wed, Mar 7, 2012 at 6:34 AM, <sabotrax at gmail.com
> <mailto:sabotrax at gmail.com>> wrote:
>
> hi,
> i sent this mail to the ml yesterday, but i didn't come through, so i
> resend it as a reply:
>
> Hi all,
> it seems as if my server who is running tahoe has been hacked.
> i hate to say this, but i think the introducer furl has to be
> changed again.
>
> i just looked around my system when i saw a new dir "test" under
> "/home" that has been created on 2012/02/21.
> i then did:
>
> root at foo:/home# lsof |grep test
> bash 1458 test cwd DIR 0,18 460
> 6108855 /run/shm/ / /bot
> bash 1458 test rtd DIR 8,1 4096
> 2 /
> bash 1458 test txt REG 0,18 492135
> 6108126 /run/shm/ / /bot/bash
> bash 1458 test mem REG 8,1 79712
> 14811193 /lib32/libresolv-2.13.so <http://libresolv-2.13.so>
> bash 1458 test mem REG 8,1 46736
> 14811192 /lib32/libnss_files-2.13.so
> <http://libnss_files-2.13.so>
> bash 1458 test mem REG 8,1 1532104
> 14811189 /lib32/libc-2.13.so <http://libc-2.13.so>
> bash 1458 test mem REG 8,1 22092
> 14811194 /lib32/libnss_dns-2.13.so <http://libnss_dns-2.13.so>
> bash 1458 test mem REG 8,1 126152
> 14811196 /lib32/ld-2.13.so <http://ld-2.13.so>
> bash 1458 test 0w REG 0,18 2153806
> 6108891 /run/shm/ / /bot/LinkEvents
> bash 1458 test 1u sock 0,7 0t0
> 85480587 can't identify protocol
> bash 1458 test 2u sock 0,7 0t0
> 85479769 can't identify protocol
> bash 1458 test 3u IPv4 6108142 0t0
> UDP *:49486
> bash 1458 test 4u sock 0,7 0t0
> 85481277 can't identify protocol
> bash 1458 test 5u sock 0,7 0t0
> 85698092 can't identify protocol
> bash 1458 test 6u sock 0,7 0t0
> 85498612 can't identify protocol
> bash 1458 test 7u sock 0,7 0t0
> 85576571 can't identify protocol
> bash 1458 test 8u sock 0,7 0t0
> 86667704 can't identify protocol
> bash 1458 test 9u sock 0,7 0t0
> 86667741 can't identify protocol
> bash 1458 test 10u sock 0,7 0t0
> 86669526 can't identify protocol
> bash 1458 test 11u sock 0,7 0t0
> 86669303 can't identify protocol
> bash 1458 test 12u sock 0,7 0t0
> 86671788 can't identify protocol
> bash 1458 test 13u sock 0,7 0t0
> 86670345 can't identify protocol
> bash 1458 test 14u IPv4 89167118 0t0
> TCP foo.cyberdeck.null:38455->161.53.178.240:ircd
> (SYN_SENT)
> bash 1458 test 15u sock 0,7 0t0
> 86671794 can't identify protocol
> bash 1458 test 16u sock 0,7 0t0
> 86707925 can't identify protocol
> bash 1458 test 17u sock 0,7 0t0
> 87574595 can't identify protocol
> bash 1458 test 18u IPv4 89167113 0t0
> TCP
> foo.cyberdeck.null:49523->173.245.201.28
> <tel:173.245.201.28>:afs3-fileserver (SYN_SENT)
> root at foo:/home# halt
> W: molly-guard: SSH session detected!
> Please type in hostname of the machine to halt: foo
>
> An alle Benutzer verteilte Nachricht von undo at foo
> (/dev/pts/0) um 16:24 ...
>
> Das System wird sich JETZT zum Anhalten herunterfahren!
>
> ---
>
> looks like my box has been a proud member of some botnet for the
> last two weeks.
> atm i really don't know how this could have happened. i just wanted to
> tell you guys as fast as possible.
>
> greetings,
> marcus
>
> 2012/3/5 Shawn Willden <shawn at willden.org <mailto:shawn at willden.org>>:
> > Yup, I can see sabotrax.
> >
> > I think that's everyone, isn't it?
> >
> >
> > On Mon, Mar 5, 2012 at 8:13 AM, <sabotrax at gmail.com
> <mailto:sabotrax at gmail.com>> wrote:
> >>
> >> hi,
> >> i just changed the introducer and restartet tahoe.
> >> is my node kqyu52 connected? i'm just asking because i don't see it
> >> from another box that's located in the same local net (but that
> could
> >> be a routing issue).
> >>
> >> thanks
> >>
> >> 2012/3/3 Shawn Willden <shawn at willden.org
> <mailto:shawn at willden.org>>:
> >> > 14 nodes on the new introducer FURL now! Only one or two haven't
> >> > migrated.
> >> >
> >> >
> >> > On Fri, Mar 2, 2012 at 4:15 PM, Christoph Langguth
> >> > <christoph at rosenkeller.org <mailto:christoph at rosenkeller.org>>
> wrote:
> >> >>
> >> >> Wow!
> >> >>
> >> >> I'm absolutely amazed of you people here.
> >> >>
> >> >> It's been exactly 24 hours since we had a "911 call" on this
> list, with
> >> >> people distributed around the globe.
> >> >>
> >> >> Within these 24 hours, we have managed to "migrate" 2/3 of the
> >> >> infrastructure, maintained by almost 20 people, to a different
> >> >> location. And
> >> >> I'm sure that the rest of the maintainers will follow within
> a few
> >> >> hours (or
> >> >> when they read their mails.... jeez, it's weekend after all!).
> >> >>
> >> >> Quoting Jody, and in big letters:
> >> >> YOU ARE AWESOME!
> >> >>
> >> >> Thanks! ;-)
> >> >> -- Chris
> >> >>
> >> >>
> >> >>
> >> >> Am 01.03.2012 23:55, schrieb slush:
> >> >>
> >> >>> Hi all,
> >> >>>
> >> >>> I had deep-check cronjob on the same machine which has been
> hacked
> >> >>> today (see
> >> >>>
> >> >>>
> http://bitcoinmedia.com/compromised-linode-coins-stolen-from-slush-faucet-and-others/).
> >> >>> Although it looks like attackers come just for my bitcoins,
> they had
> >> >>> also access to tahoe config, so we should expect that
> introducer furl
> >> >>> leaked as well. How we should resolve this issue?
> >> >>>
> >> >>> Best,
> >> >>> slush
> >> >>> _______________________________________________
> >> >>> volunteergrid2-l mailing list
> >> >>> volunteergrid2-l at tahoe-lafs.org
> <mailto:volunteergrid2-l at tahoe-lafs.org>
> >> >>> http://tahoe-lafs.org/cgi-bin/mailman/listinfo/volunteergrid2-l
> >> >>> http://bigpig.org/twiki/bin/view/Main/WebHome
> >> >>
> >> >>
> >> >>
> >> >>
> >> >> _______________________________________________
> >> >> volunteergrid2-l mailing list
> >> >> volunteergrid2-l at tahoe-lafs.org
> <mailto:volunteergrid2-l at tahoe-lafs.org>
> >> >> http://tahoe-lafs.org/cgi-bin/mailman/listinfo/volunteergrid2-l
> >> >> http://bigpig.org/twiki/bin/view/Main/WebHome
> >> >
> >> >
> >> >
> >> >
> >> > --
> >> > Shawn
> >> >
> >> > _______________________________________________
> >> > volunteergrid2-l mailing list
> >> > volunteergrid2-l at tahoe-lafs.org
> <mailto:volunteergrid2-l at tahoe-lafs.org>
> >> > http://tahoe-lafs.org/cgi-bin/mailman/listinfo/volunteergrid2-l
> >> > http://bigpig.org/twiki/bin/view/Main/WebHome
> >>
> >>
> >>
> >> --
> >> Give us this day our garlic bread and lead us not into vegetarianism
> >> but deliver us some pizza.
> >> _______________________________________________
> >> volunteergrid2-l mailing list
> >> volunteergrid2-l at tahoe-lafs.org
> <mailto:volunteergrid2-l at tahoe-lafs.org>
> >> http://tahoe-lafs.org/cgi-bin/mailman/listinfo/volunteergrid2-l
> >> http://bigpig.org/twiki/bin/view/Main/WebHome
> >
> >
> >
> >
> > --
> > Shawn
> >
> > _______________________________________________
> > volunteergrid2-l mailing list
> > volunteergrid2-l at tahoe-lafs.org
> <mailto:volunteergrid2-l at tahoe-lafs.org>
> > http://tahoe-lafs.org/cgi-bin/mailman/listinfo/volunteergrid2-l
> > http://bigpig.org/twiki/bin/view/Main/WebHome
>
>
>
> --
> Give us this day our garlic bread and lead us not into vegetarianism
> but deliver us some pizza.
> _______________________________________________
> volunteergrid2-l mailing list
> volunteergrid2-l at tahoe-lafs.org <mailto:volunteergrid2-l at tahoe-lafs.org>
> http://tahoe-lafs.org/cgi-bin/mailman/listinfo/volunteergrid2-l
> http://bigpig.org/twiki/bin/view/Main/WebHome
>
>
>
>
> _______________________________________________
> volunteergrid2-l mailing list
> volunteergrid2-l at tahoe-lafs.org
> http://tahoe-lafs.org/cgi-bin/mailman/listinfo/volunteergrid2-l
> http://bigpig.org/twiki/bin/view/Main/WebHome
--
soli Deo gloria
More information about the volunteergrid2-l
mailing list