[volunteergrid2-l] I'm sorry, but Introducer furl leaked
Jody Harris
jharris at harrisdev.com
Wed Mar 7 17:57:38 UTC 2012
New introducer.furl published to wiki.
jody
----
Ph. 575-208-4567
- Think carefully.
On Wed, Mar 7, 2012 at 9:33 AM, Shawn Willden <shawn at willden.org> wrote:
> I was also waiting for someone else to respond :-)
>
> Yes, we should probably do the introducer shuffle again. It went pretty
> smoothly last time.
>
> On Wed, Mar 7, 2012 at 8:20 AM, Steve Dodson <steve.dodson at gmail.com>wrote:
>
>> It doesn't bother me a bit to switch; whatever needs to be done to keep
>> the grid happily chugging along. ;-P
>>
>>
>> On 03/07/2012 07:02 AM, Jody Harris wrote:
>>
>>> I think we're all waiting for someone else to chime in.
>>>
>>> j
>>> ----
>>> Ph. 575-208-4567
>>> - Think carefully.
>>>
>>>
>>>
>>> On Wed, Mar 7, 2012 at 6:34 AM, <sabotrax at gmail.com
>>> <mailto:sabotrax at gmail.com>> wrote:
>>>
>>> hi,
>>> i sent this mail to the ml yesterday, but i didn't come through, so i
>>> resend it as a reply:
>>>
>>> Hi all,
>>> it seems as if my server who is running tahoe has been hacked.
>>> i hate to say this, but i think the introducer furl has to be
>>> changed again.
>>>
>>> i just looked around my system when i saw a new dir "test" under
>>> "/home" that has been created on 2012/02/21.
>>> i then did:
>>>
>>> root at foo:/home# lsof |grep test
>>> bash 1458 test cwd DIR 0,18 460
>>> 6108855 /run/shm/ / /bot
>>> bash 1458 test rtd DIR 8,1 4096
>>> 2 /
>>> bash 1458 test txt REG 0,18 492135
>>> 6108126 /run/shm/ / /bot/bash
>>> bash 1458 test mem REG 8,1 79712
>>> 14811193 /lib32/libresolv-2.13.so <http://libresolv-2.13.so
>>> >
>>>
>>> bash 1458 test mem REG 8,1 46736
>>> 14811192 /lib32/libnss_files-2.13.so
>>> <http://libnss_files-2.13.so>
>>>
>>> bash 1458 test mem REG 8,1 1532104
>>> 14811189 /lib32/libc-2.13.so <http://libc-2.13.so>
>>>
>>> bash 1458 test mem REG 8,1 22092
>>> 14811194 /lib32/libnss_dns-2.13.so <
>>> http://libnss_dns-2.13.so>
>>>
>>> bash 1458 test mem REG 8,1 126152
>>> 14811196 /lib32/ld-2.13.so <http://ld-2.13.so>
>>>
>>> bash 1458 test 0w REG 0,18 2153806
>>> 6108891 /run/shm/ / /bot/LinkEvents
>>> bash 1458 test 1u sock 0,7 0t0
>>> 85480587 can't identify protocol
>>> bash 1458 test 2u sock 0,7 0t0
>>> 85479769 can't identify protocol
>>> bash 1458 test 3u IPv4 6108142 0t0
>>> UDP *:49486
>>> bash 1458 test 4u sock 0,7 0t0
>>> 85481277 can't identify protocol
>>> bash 1458 test 5u sock 0,7 0t0
>>> 85698092 can't identify protocol
>>> bash 1458 test 6u sock 0,7 0t0
>>> 85498612 can't identify protocol
>>> bash 1458 test 7u sock 0,7 0t0
>>> 85576571 can't identify protocol
>>> bash 1458 test 8u sock 0,7 0t0
>>> 86667704 can't identify protocol
>>> bash 1458 test 9u sock 0,7 0t0
>>> 86667741 can't identify protocol
>>> bash 1458 test 10u sock 0,7 0t0
>>> 86669526 can't identify protocol
>>> bash 1458 test 11u sock 0,7 0t0
>>> 86669303 can't identify protocol
>>> bash 1458 test 12u sock 0,7 0t0
>>> 86671788 can't identify protocol
>>> bash 1458 test 13u sock 0,7 0t0
>>> 86670345 can't identify protocol
>>> bash 1458 test 14u IPv4 89167118 0t0
>>> TCP foo.cyberdeck.null:38455->161.53.178.240:irc**d
>>> (SYN_SENT)
>>> bash 1458 test 15u sock 0,7 0t0
>>> 86671794 can't identify protocol
>>> bash 1458 test 16u sock 0,7 0t0
>>> 86707925 can't identify protocol
>>> bash 1458 test 17u sock 0,7 0t0
>>> 87574595 can't identify protocol
>>> bash 1458 test 18u IPv4 89167113 0t0
>>> TCP
>>> foo.cyberdeck.null:49523->173.245.201.28
>>> <tel:173.245.201.28>:afs3-fileserver (SYN_SENT)
>>>
>>> root at foo:/home# halt
>>> W: molly-guard: SSH session detected!
>>> Please type in hostname of the machine to halt: foo
>>>
>>> An alle Benutzer verteilte Nachricht von undo at foo
>>> (/dev/pts/0) um 16:24 ...
>>>
>>> Das System wird sich JETZT zum Anhalten herunterfahren!
>>>
>>> ---
>>>
>>> looks like my box has been a proud member of some botnet for the
>>> last two weeks.
>>> atm i really don't know how this could have happened. i just wanted to
>>> tell you guys as fast as possible.
>>>
>>> greetings,
>>> marcus
>>>
>>> 2012/3/5 Shawn Willden <shawn at willden.org <mailto:shawn at willden.org
>>> >>:
>>>
>>> > Yup, I can see sabotrax.
>>> >
>>> > I think that's everyone, isn't it?
>>> >
>>> >
>>> > On Mon, Mar 5, 2012 at 8:13 AM, <sabotrax at gmail.com
>>> <mailto:sabotrax at gmail.com>> wrote:
>>> >>
>>> >> hi,
>>> >> i just changed the introducer and restartet tahoe.
>>> >> is my node kqyu52 connected? i'm just asking because i don't see
>>> it
>>> >> from another box that's located in the same local net (but that
>>> could
>>> >> be a routing issue).
>>> >>
>>> >> thanks
>>> >>
>>> >> 2012/3/3 Shawn Willden <shawn at willden.org
>>> <mailto:shawn at willden.org>>:
>>>
>>> >> > 14 nodes on the new introducer FURL now! Only one or two
>>> haven't
>>> >> > migrated.
>>> >> >
>>> >> >
>>> >> > On Fri, Mar 2, 2012 at 4:15 PM, Christoph Langguth
>>> >> > <christoph at rosenkeller.org <mailto:christoph at rosenkeller.**org<christoph at rosenkeller.org>
>>> >>
>>>
>>> wrote:
>>> >> >>
>>> >> >> Wow!
>>> >> >>
>>> >> >> I'm absolutely amazed of you people here.
>>> >> >>
>>> >> >> It's been exactly 24 hours since we had a "911 call" on this
>>> list, with
>>> >> >> people distributed around the globe.
>>> >> >>
>>> >> >> Within these 24 hours, we have managed to "migrate" 2/3 of the
>>> >> >> infrastructure, maintained by almost 20 people, to a different
>>> >> >> location. And
>>> >> >> I'm sure that the rest of the maintainers will follow within
>>> a few
>>> >> >> hours (or
>>> >> >> when they read their mails.... jeez, it's weekend after all!).
>>> >> >>
>>> >> >> Quoting Jody, and in big letters:
>>> >> >> YOU ARE AWESOME!
>>> >> >>
>>> >> >> Thanks! ;-)
>>> >> >> -- Chris
>>> >> >>
>>> >> >>
>>> >> >>
>>> >> >> Am 01.03.2012 23:55, schrieb slush:
>>> >> >>
>>> >> >>> Hi all,
>>> >> >>>
>>> >> >>> I had deep-check cronjob on the same machine which has been
>>> hacked
>>> >> >>> today (see
>>> >> >>>
>>> >> >>>
>>> http://bitcoinmedia.com/**compromised-linode-coins-**
>>> stolen-from-slush-faucet-and-**others/<http://bitcoinmedia.com/compromised-linode-coins-stolen-from-slush-faucet-and-others/>
>>> ).
>>> >> >>> Although it looks like attackers come just for my bitcoins,
>>> they had
>>> >> >>> also access to tahoe config, so we should expect that
>>> introducer furl
>>> >> >>> leaked as well. How we should resolve this issue?
>>> >> >>>
>>> >> >>> Best,
>>> >> >>> slush
>>> >> >>> ______________________________**_________________
>>> >> >>> volunteergrid2-l mailing list
>>> >> >>> volunteergrid2-l at tahoe-lafs.**org<volunteergrid2-l at tahoe-lafs.org>
>>> <mailto:volunteergrid2-l@**tahoe-lafs.org<volunteergrid2-l at tahoe-lafs.org>
>>> >
>>>
>>> >> >>> http://tahoe-lafs.org/cgi-bin/**mailman/listinfo/**
>>> volunteergrid2-l<http://tahoe-lafs.org/cgi-bin/mailman/listinfo/volunteergrid2-l>
>>> >> >>> http://bigpig.org/twiki/bin/**view/Main/WebHome<http://bigpig.org/twiki/bin/view/Main/WebHome>
>>> >> >>
>>> >> >>
>>> >> >>
>>> >> >>
>>> >> >> ______________________________**_________________
>>> >> >> volunteergrid2-l mailing list
>>> >> >> volunteergrid2-l at tahoe-lafs.**org<volunteergrid2-l at tahoe-lafs.org>
>>> <mailto:volunteergrid2-l@**tahoe-lafs.org<volunteergrid2-l at tahoe-lafs.org>
>>> >
>>>
>>> >> >> http://tahoe-lafs.org/cgi-bin/**mailman/listinfo/**
>>> volunteergrid2-l<http://tahoe-lafs.org/cgi-bin/mailman/listinfo/volunteergrid2-l>
>>> >> >> http://bigpig.org/twiki/bin/**view/Main/WebHome<http://bigpig.org/twiki/bin/view/Main/WebHome>
>>> >> >
>>> >> >
>>> >> >
>>> >> >
>>> >> > --
>>> >> > Shawn
>>> >> >
>>> >> > ______________________________**_________________
>>> >> > volunteergrid2-l mailing list
>>> >> > volunteergrid2-l at tahoe-lafs.**org<volunteergrid2-l at tahoe-lafs.org>
>>> <mailto:volunteergrid2-l@**tahoe-lafs.org<volunteergrid2-l at tahoe-lafs.org>
>>> >
>>>
>>> >> > http://tahoe-lafs.org/cgi-bin/**mailman/listinfo/**
>>> volunteergrid2-l<http://tahoe-lafs.org/cgi-bin/mailman/listinfo/volunteergrid2-l>
>>> >> > http://bigpig.org/twiki/bin/**view/Main/WebHome<http://bigpig.org/twiki/bin/view/Main/WebHome>
>>> >>
>>> >>
>>> >>
>>> >> --
>>> >> Give us this day our garlic bread and lead us not into
>>> vegetarianism
>>> >> but deliver us some pizza.
>>> >> ______________________________**_________________
>>> >> volunteergrid2-l mailing list
>>> >> volunteergrid2-l at tahoe-lafs.**org<volunteergrid2-l at tahoe-lafs.org>
>>> <mailto:volunteergrid2-l@**tahoe-lafs.org<volunteergrid2-l at tahoe-lafs.org>
>>> >
>>>
>>> >> http://tahoe-lafs.org/cgi-bin/**mailman/listinfo/**
>>> volunteergrid2-l<http://tahoe-lafs.org/cgi-bin/mailman/listinfo/volunteergrid2-l>
>>> >> http://bigpig.org/twiki/bin/**view/Main/WebHome<http://bigpig.org/twiki/bin/view/Main/WebHome>
>>> >
>>> >
>>> >
>>> >
>>> > --
>>> > Shawn
>>> >
>>> > ______________________________**_________________
>>> > volunteergrid2-l mailing list
>>> > volunteergrid2-l at tahoe-lafs.**org<volunteergrid2-l at tahoe-lafs.org>
>>> <mailto:volunteergrid2-l@**tahoe-lafs.org<volunteergrid2-l at tahoe-lafs.org>
>>> >
>>>
>>> > http://tahoe-lafs.org/cgi-bin/**mailman/listinfo/**
>>> volunteergrid2-l<http://tahoe-lafs.org/cgi-bin/mailman/listinfo/volunteergrid2-l>
>>> > http://bigpig.org/twiki/bin/**view/Main/WebHome<http://bigpig.org/twiki/bin/view/Main/WebHome>
>>>
>>>
>>>
>>> --
>>> Give us this day our garlic bread and lead us not into vegetarianism
>>> but deliver us some pizza.
>>> ______________________________**_________________
>>> volunteergrid2-l mailing list
>>> volunteergrid2-l at tahoe-lafs.**org <volunteergrid2-l at tahoe-lafs.org><mailto:
>>> volunteergrid2-l@**tahoe-lafs.org <volunteergrid2-l at tahoe-lafs.org>>
>>>
>>> http://tahoe-lafs.org/cgi-bin/**mailman/listinfo/**volunteergrid2-l<http://tahoe-lafs.org/cgi-bin/mailman/listinfo/volunteergrid2-l>
>>> http://bigpig.org/twiki/bin/**view/Main/WebHome<http://bigpig.org/twiki/bin/view/Main/WebHome>
>>>
>>>
>>>
>>>
>>> ______________________________**_________________
>>> volunteergrid2-l mailing list
>>> volunteergrid2-l at tahoe-lafs.**org <volunteergrid2-l at tahoe-lafs.org>
>>> http://tahoe-lafs.org/cgi-bin/**mailman/listinfo/**volunteergrid2-l<http://tahoe-lafs.org/cgi-bin/mailman/listinfo/volunteergrid2-l>
>>> http://bigpig.org/twiki/bin/**view/Main/WebHome<http://bigpig.org/twiki/bin/view/Main/WebHome>
>>>
>>
>> --
>>
>> soli Deo gloria
>>
>> ______________________________**_________________
>> volunteergrid2-l mailing list
>> volunteergrid2-l at tahoe-lafs.**org <volunteergrid2-l at tahoe-lafs.org>
>> http://tahoe-lafs.org/cgi-bin/**mailman/listinfo/**volunteergrid2-l<http://tahoe-lafs.org/cgi-bin/mailman/listinfo/volunteergrid2-l>
>> http://bigpig.org/twiki/bin/**view/Main/WebHome<http://bigpig.org/twiki/bin/view/Main/WebHome>
>>
>
>
>
> --
> Shawn
>
> _______________________________________________
> volunteergrid2-l mailing list
> volunteergrid2-l at tahoe-lafs.org
> http://tahoe-lafs.org/cgi-bin/mailman/listinfo/volunteergrid2-l
> http://bigpig.org/twiki/bin/view/Main/WebHome
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://tahoe-lafs.org/cgi-bin/mailman/private/volunteergrid2-l/attachments/20120307/699a116f/attachment-0001.html>
More information about the volunteergrid2-l
mailing list