[volunteergrid2-l] I'm sorry, but Introducer furl leaked
Shawn Willden
shawn at willden.org
Wed Mar 7 16:33:36 UTC 2012
I was also waiting for someone else to respond :-)
Yes, we should probably do the introducer shuffle again. It went pretty
smoothly last time.
On Wed, Mar 7, 2012 at 8:20 AM, Steve Dodson <steve.dodson at gmail.com> wrote:
> It doesn't bother me a bit to switch; whatever needs to be done to keep
> the grid happily chugging along. ;-P
>
>
> On 03/07/2012 07:02 AM, Jody Harris wrote:
>
>> I think we're all waiting for someone else to chime in.
>>
>> j
>> ----
>> Ph. 575-208-4567
>> - Think carefully.
>>
>>
>>
>> On Wed, Mar 7, 2012 at 6:34 AM, <sabotrax at gmail.com
>> <mailto:sabotrax at gmail.com>> wrote:
>>
>> hi,
>> i sent this mail to the ml yesterday, but i didn't come through, so i
>> resend it as a reply:
>>
>> Hi all,
>> it seems as if my server who is running tahoe has been hacked.
>> i hate to say this, but i think the introducer furl has to be
>> changed again.
>>
>> i just looked around my system when i saw a new dir "test" under
>> "/home" that has been created on 2012/02/21.
>> i then did:
>>
>> root at foo:/home# lsof |grep test
>> bash 1458 test cwd DIR 0,18 460
>> 6108855 /run/shm/ / /bot
>> bash 1458 test rtd DIR 8,1 4096
>> 2 /
>> bash 1458 test txt REG 0,18 492135
>> 6108126 /run/shm/ / /bot/bash
>> bash 1458 test mem REG 8,1 79712
>> 14811193 /lib32/libresolv-2.13.so <http://libresolv-2.13.so>
>>
>> bash 1458 test mem REG 8,1 46736
>> 14811192 /lib32/libnss_files-2.13.so
>> <http://libnss_files-2.13.so>
>>
>> bash 1458 test mem REG 8,1 1532104
>> 14811189 /lib32/libc-2.13.so <http://libc-2.13.so>
>>
>> bash 1458 test mem REG 8,1 22092
>> 14811194 /lib32/libnss_dns-2.13.so <
>> http://libnss_dns-2.13.so>
>>
>> bash 1458 test mem REG 8,1 126152
>> 14811196 /lib32/ld-2.13.so <http://ld-2.13.so>
>>
>> bash 1458 test 0w REG 0,18 2153806
>> 6108891 /run/shm/ / /bot/LinkEvents
>> bash 1458 test 1u sock 0,7 0t0
>> 85480587 can't identify protocol
>> bash 1458 test 2u sock 0,7 0t0
>> 85479769 can't identify protocol
>> bash 1458 test 3u IPv4 6108142 0t0
>> UDP *:49486
>> bash 1458 test 4u sock 0,7 0t0
>> 85481277 can't identify protocol
>> bash 1458 test 5u sock 0,7 0t0
>> 85698092 can't identify protocol
>> bash 1458 test 6u sock 0,7 0t0
>> 85498612 can't identify protocol
>> bash 1458 test 7u sock 0,7 0t0
>> 85576571 can't identify protocol
>> bash 1458 test 8u sock 0,7 0t0
>> 86667704 can't identify protocol
>> bash 1458 test 9u sock 0,7 0t0
>> 86667741 can't identify protocol
>> bash 1458 test 10u sock 0,7 0t0
>> 86669526 can't identify protocol
>> bash 1458 test 11u sock 0,7 0t0
>> 86669303 can't identify protocol
>> bash 1458 test 12u sock 0,7 0t0
>> 86671788 can't identify protocol
>> bash 1458 test 13u sock 0,7 0t0
>> 86670345 can't identify protocol
>> bash 1458 test 14u IPv4 89167118 0t0
>> TCP foo.cyberdeck.null:38455->161.53.178.240:irc**d
>> (SYN_SENT)
>> bash 1458 test 15u sock 0,7 0t0
>> 86671794 can't identify protocol
>> bash 1458 test 16u sock 0,7 0t0
>> 86707925 can't identify protocol
>> bash 1458 test 17u sock 0,7 0t0
>> 87574595 can't identify protocol
>> bash 1458 test 18u IPv4 89167113 0t0
>> TCP
>> foo.cyberdeck.null:49523->173.245.201.28
>> <tel:173.245.201.28>:afs3-fileserver (SYN_SENT)
>>
>> root at foo:/home# halt
>> W: molly-guard: SSH session detected!
>> Please type in hostname of the machine to halt: foo
>>
>> An alle Benutzer verteilte Nachricht von undo at foo
>> (/dev/pts/0) um 16:24 ...
>>
>> Das System wird sich JETZT zum Anhalten herunterfahren!
>>
>> ---
>>
>> looks like my box has been a proud member of some botnet for the
>> last two weeks.
>> atm i really don't know how this could have happened. i just wanted to
>> tell you guys as fast as possible.
>>
>> greetings,
>> marcus
>>
>> 2012/3/5 Shawn Willden <shawn at willden.org <mailto:shawn at willden.org>>:
>>
>> > Yup, I can see sabotrax.
>> >
>> > I think that's everyone, isn't it?
>> >
>> >
>> > On Mon, Mar 5, 2012 at 8:13 AM, <sabotrax at gmail.com
>> <mailto:sabotrax at gmail.com>> wrote:
>> >>
>> >> hi,
>> >> i just changed the introducer and restartet tahoe.
>> >> is my node kqyu52 connected? i'm just asking because i don't see it
>> >> from another box that's located in the same local net (but that
>> could
>> >> be a routing issue).
>> >>
>> >> thanks
>> >>
>> >> 2012/3/3 Shawn Willden <shawn at willden.org
>> <mailto:shawn at willden.org>>:
>>
>> >> > 14 nodes on the new introducer FURL now! Only one or two haven't
>> >> > migrated.
>> >> >
>> >> >
>> >> > On Fri, Mar 2, 2012 at 4:15 PM, Christoph Langguth
>> >> > <christoph at rosenkeller.org <mailto:christoph at rosenkeller.**org<christoph at rosenkeller.org>
>> >>
>>
>> wrote:
>> >> >>
>> >> >> Wow!
>> >> >>
>> >> >> I'm absolutely amazed of you people here.
>> >> >>
>> >> >> It's been exactly 24 hours since we had a "911 call" on this
>> list, with
>> >> >> people distributed around the globe.
>> >> >>
>> >> >> Within these 24 hours, we have managed to "migrate" 2/3 of the
>> >> >> infrastructure, maintained by almost 20 people, to a different
>> >> >> location. And
>> >> >> I'm sure that the rest of the maintainers will follow within
>> a few
>> >> >> hours (or
>> >> >> when they read their mails.... jeez, it's weekend after all!).
>> >> >>
>> >> >> Quoting Jody, and in big letters:
>> >> >> YOU ARE AWESOME!
>> >> >>
>> >> >> Thanks! ;-)
>> >> >> -- Chris
>> >> >>
>> >> >>
>> >> >>
>> >> >> Am 01.03.2012 23:55, schrieb slush:
>> >> >>
>> >> >>> Hi all,
>> >> >>>
>> >> >>> I had deep-check cronjob on the same machine which has been
>> hacked
>> >> >>> today (see
>> >> >>>
>> >> >>>
>> http://bitcoinmedia.com/**compromised-linode-coins-**
>> stolen-from-slush-faucet-and-**others/<http://bitcoinmedia.com/compromised-linode-coins-stolen-from-slush-faucet-and-others/>
>> ).
>> >> >>> Although it looks like attackers come just for my bitcoins,
>> they had
>> >> >>> also access to tahoe config, so we should expect that
>> introducer furl
>> >> >>> leaked as well. How we should resolve this issue?
>> >> >>>
>> >> >>> Best,
>> >> >>> slush
>> >> >>> ______________________________**_________________
>> >> >>> volunteergrid2-l mailing list
>> >> >>> volunteergrid2-l at tahoe-lafs.**org<volunteergrid2-l at tahoe-lafs.org>
>> <mailto:volunteergrid2-l@**tahoe-lafs.org<volunteergrid2-l at tahoe-lafs.org>
>> >
>>
>> >> >>> http://tahoe-lafs.org/cgi-bin/**mailman/listinfo/**
>> volunteergrid2-l<http://tahoe-lafs.org/cgi-bin/mailman/listinfo/volunteergrid2-l>
>> >> >>> http://bigpig.org/twiki/bin/**view/Main/WebHome<http://bigpig.org/twiki/bin/view/Main/WebHome>
>> >> >>
>> >> >>
>> >> >>
>> >> >>
>> >> >> ______________________________**_________________
>> >> >> volunteergrid2-l mailing list
>> >> >> volunteergrid2-l at tahoe-lafs.**org<volunteergrid2-l at tahoe-lafs.org>
>> <mailto:volunteergrid2-l@**tahoe-lafs.org<volunteergrid2-l at tahoe-lafs.org>
>> >
>>
>> >> >> http://tahoe-lafs.org/cgi-bin/**mailman/listinfo/**
>> volunteergrid2-l<http://tahoe-lafs.org/cgi-bin/mailman/listinfo/volunteergrid2-l>
>> >> >> http://bigpig.org/twiki/bin/**view/Main/WebHome<http://bigpig.org/twiki/bin/view/Main/WebHome>
>> >> >
>> >> >
>> >> >
>> >> >
>> >> > --
>> >> > Shawn
>> >> >
>> >> > ______________________________**_________________
>> >> > volunteergrid2-l mailing list
>> >> > volunteergrid2-l at tahoe-lafs.**org<volunteergrid2-l at tahoe-lafs.org>
>> <mailto:volunteergrid2-l@**tahoe-lafs.org<volunteergrid2-l at tahoe-lafs.org>
>> >
>>
>> >> > http://tahoe-lafs.org/cgi-bin/**mailman/listinfo/**
>> volunteergrid2-l<http://tahoe-lafs.org/cgi-bin/mailman/listinfo/volunteergrid2-l>
>> >> > http://bigpig.org/twiki/bin/**view/Main/WebHome<http://bigpig.org/twiki/bin/view/Main/WebHome>
>> >>
>> >>
>> >>
>> >> --
>> >> Give us this day our garlic bread and lead us not into
>> vegetarianism
>> >> but deliver us some pizza.
>> >> ______________________________**_________________
>> >> volunteergrid2-l mailing list
>> >> volunteergrid2-l at tahoe-lafs.**org<volunteergrid2-l at tahoe-lafs.org>
>> <mailto:volunteergrid2-l@**tahoe-lafs.org<volunteergrid2-l at tahoe-lafs.org>
>> >
>>
>> >> http://tahoe-lafs.org/cgi-bin/**mailman/listinfo/**
>> volunteergrid2-l<http://tahoe-lafs.org/cgi-bin/mailman/listinfo/volunteergrid2-l>
>> >> http://bigpig.org/twiki/bin/**view/Main/WebHome<http://bigpig.org/twiki/bin/view/Main/WebHome>
>> >
>> >
>> >
>> >
>> > --
>> > Shawn
>> >
>> > ______________________________**_________________
>> > volunteergrid2-l mailing list
>> > volunteergrid2-l at tahoe-lafs.**org <volunteergrid2-l at tahoe-lafs.org>
>> <mailto:volunteergrid2-l@**tahoe-lafs.org<volunteergrid2-l at tahoe-lafs.org>
>> >
>>
>> > http://tahoe-lafs.org/cgi-bin/**mailman/listinfo/**volunteergrid2-l<http://tahoe-lafs.org/cgi-bin/mailman/listinfo/volunteergrid2-l>
>> > http://bigpig.org/twiki/bin/**view/Main/WebHome<http://bigpig.org/twiki/bin/view/Main/WebHome>
>>
>>
>>
>> --
>> Give us this day our garlic bread and lead us not into vegetarianism
>> but deliver us some pizza.
>> ______________________________**_________________
>> volunteergrid2-l mailing list
>> volunteergrid2-l at tahoe-lafs.**org <volunteergrid2-l at tahoe-lafs.org><mailto:
>> volunteergrid2-l@**tahoe-lafs.org <volunteergrid2-l at tahoe-lafs.org>>
>>
>> http://tahoe-lafs.org/cgi-bin/**mailman/listinfo/**volunteergrid2-l<http://tahoe-lafs.org/cgi-bin/mailman/listinfo/volunteergrid2-l>
>> http://bigpig.org/twiki/bin/**view/Main/WebHome<http://bigpig.org/twiki/bin/view/Main/WebHome>
>>
>>
>>
>>
>> ______________________________**_________________
>> volunteergrid2-l mailing list
>> volunteergrid2-l at tahoe-lafs.**org <volunteergrid2-l at tahoe-lafs.org>
>> http://tahoe-lafs.org/cgi-bin/**mailman/listinfo/**volunteergrid2-l<http://tahoe-lafs.org/cgi-bin/mailman/listinfo/volunteergrid2-l>
>> http://bigpig.org/twiki/bin/**view/Main/WebHome<http://bigpig.org/twiki/bin/view/Main/WebHome>
>>
>
> --
>
> soli Deo gloria
>
> ______________________________**_________________
> volunteergrid2-l mailing list
> volunteergrid2-l at tahoe-lafs.**org <volunteergrid2-l at tahoe-lafs.org>
> http://tahoe-lafs.org/cgi-bin/**mailman/listinfo/**volunteergrid2-l<http://tahoe-lafs.org/cgi-bin/mailman/listinfo/volunteergrid2-l>
> http://bigpig.org/twiki/bin/**view/Main/WebHome<http://bigpig.org/twiki/bin/view/Main/WebHome>
>
--
Shawn
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://tahoe-lafs.org/cgi-bin/mailman/private/volunteergrid2-l/attachments/20120307/98c6dab7/attachment-0001.html>
More information about the volunteergrid2-l
mailing list