[volunteergrid2-l] I'm sorry, but Introducer furl leaked
Brad Rupp
bradrupp at gmail.com
Thu Mar 8 05:09:36 UTC 2012
My two servers, sln and if3-1 are both on the new introducer. 12 nodes
as of this e-mail.
Brad
On 3/7/2012 10:57 AM, Jody Harris wrote:
> New introducer.furl published to wiki.
>
> jody
> ----
> Ph. 575-208-4567
> - Think carefully.
>
>
>
> On Wed, Mar 7, 2012 at 9:33 AM, Shawn Willden <shawn at willden.org
> <mailto:shawn at willden.org>> wrote:
>
> I was also waiting for someone else to respond :-)
>
> Yes, we should probably do the introducer shuffle again. It went
> pretty smoothly last time.
>
> On Wed, Mar 7, 2012 at 8:20 AM, Steve Dodson <steve.dodson at gmail.com
> <mailto:steve.dodson at gmail.com>> wrote:
>
> It doesn't bother me a bit to switch; whatever needs to be done
> to keep the grid happily chugging along. ;-P
>
>
> On 03/07/2012 07:02 AM, Jody Harris wrote:
>
> I think we're all waiting for someone else to chime in.
>
> j
> ----
> Ph. 575-208-4567 <tel:575-208-4567>
> - Think carefully.
>
>
>
> On Wed, Mar 7, 2012 at 6:34 AM, <sabotrax at gmail.com
> <mailto:sabotrax at gmail.com>
> <mailto:sabotrax at gmail.com <mailto:sabotrax at gmail.com>>> wrote:
>
> hi,
> i sent this mail to the ml yesterday, but i didn't come
> through, so i
> resend it as a reply:
>
> Hi all,
> it seems as if my server who is running tahoe has been
> hacked.
> i hate to say this, but i think the introducer furl has
> to be
> changed again.
>
> i just looked around my system when i saw a new dir
> "test" under
> "/home" that has been created on 2012/02/21.
> i then did:
>
> root at foo:/home# lsof |grep test
> bash 1458 test cwd DIR
> 0,18 460
> 6108855 /run/shm/ / /bot
> bash 1458 test rtd DIR
> 8,1 4096
> 2 /
> bash 1458 test txt REG
> 0,18 492135
> 6108126 /run/shm/ / /bot/bash
> bash 1458 test mem REG
> 8,1 79712
> 14811193 /lib32/libresolv-2.13.so
> <http://libresolv-2.13.so> <http://libresolv-2.13.so>
>
> bash 1458 test mem REG
> 8,1 46736
> 14811192 /lib32/libnss_files-2.13.so
> <http://libnss_files-2.13.so>
> <http://libnss_files-2.13.so>
>
> bash 1458 test mem REG
> 8,1 1532104
> 14811189 /lib32/libc-2.13.so
> <http://libc-2.13.so> <http://libc-2.13.so>
>
> bash 1458 test mem REG
> 8,1 22092
> 14811194 /lib32/libnss_dns-2.13.so
> <http://libnss_dns-2.13.so> <http://libnss_dns-2.13.so>
>
> bash 1458 test mem REG
> 8,1 126152
> 14811196 /lib32/ld-2.13.so <http://ld-2.13.so>
> <http://ld-2.13.so>
>
> bash 1458 test 0w REG
> 0,18 2153806
> 6108891 /run/shm/ / /bot/LinkEvents
> bash 1458 test 1u sock
> 0,7 0t0
> 85480587 can't identify protocol
> bash 1458 test 2u sock
> 0,7 0t0
> 85479769 can't identify protocol
> bash 1458 test 3u IPv4
> 6108142 0t0
> UDP *:49486
> bash 1458 test 4u sock
> 0,7 0t0
> 85481277 can't identify protocol
> bash 1458 test 5u sock
> 0,7 0t0
> 85698092 can't identify protocol
> bash 1458 test 6u sock
> 0,7 0t0
> 85498612 can't identify protocol
> bash 1458 test 7u sock
> 0,7 0t0
> 85576571 can't identify protocol
> bash 1458 test 8u sock
> 0,7 0t0
> 86667704 can't identify protocol
> bash 1458 test 9u sock
> 0,7 0t0
> 86667741 can't identify protocol
> bash 1458 test 10u sock
> 0,7 0t0
> 86669526 can't identify protocol
> bash 1458 test 11u sock
> 0,7 0t0
> 86669303 can't identify protocol
> bash 1458 test 12u sock
> 0,7 0t0
> 86671788 can't identify protocol
> bash 1458 test 13u sock
> 0,7 0t0
> 86670345 can't identify protocol
> bash 1458 test 14u IPv4
> 89167118 0t0
> TCP
> foo.cyberdeck.null:38455->161.53.178.240
> <tel:161.53.178.240>:irc__d
> (SYN_SENT)
> bash 1458 test 15u sock
> 0,7 0t0
> 86671794 can't identify protocol
> bash 1458 test 16u sock
> 0,7 0t0
> 86707925 can't identify protocol
> bash 1458 test 17u sock
> 0,7 0t0
> 87574595 can't identify protocol
> bash 1458 test 18u IPv4
> 89167113 0t0
> TCP
> foo.cyberdeck.null:49523->173.245.201.28
> <tel:173.245.201.28>
> <tel:173.245.201.28 <tel:173.245.201.28>>:afs3-fileserver
> (SYN_SENT)
>
> root at foo:/home# halt
> W: molly-guard: SSH session detected!
> Please type in hostname of the machine to halt: foo
>
> An alle Benutzer verteilte Nachricht von undo at foo
> (/dev/pts/0) um 16:24 ...
>
> Das System wird sich JETZT zum Anhalten herunterfahren!
>
> ---
>
> looks like my box has been a proud member of some botnet
> for the
> last two weeks.
> atm i really don't know how this could have happened. i
> just wanted to
> tell you guys as fast as possible.
>
> greetings,
> marcus
>
> 2012/3/5 Shawn Willden <shawn at willden.org
> <mailto:shawn at willden.org> <mailto:shawn at willden.org
> <mailto:shawn at willden.org>>>:
>
> > Yup, I can see sabotrax.
> >
> > I think that's everyone, isn't it?
> >
> >
> > On Mon, Mar 5, 2012 at 8:13 AM, <sabotrax at gmail.com
> <mailto:sabotrax at gmail.com>
> <mailto:sabotrax at gmail.com <mailto:sabotrax at gmail.com>>> wrote:
> >>
> >> hi,
> >> i just changed the introducer and restartet tahoe.
> >> is my node kqyu52 connected? i'm just asking because i
> don't see it
> >> from another box that's located in the same local net
> (but that
> could
> >> be a routing issue).
> >>
> >> thanks
> >>
> >> 2012/3/3 Shawn Willden <shawn at willden.org
> <mailto:shawn at willden.org>
> <mailto:shawn at willden.org <mailto:shawn at willden.org>>>:
>
> >> > 14 nodes on the new introducer FURL now! Only one or
> two haven't
> >> > migrated.
> >> >
> >> >
> >> > On Fri, Mar 2, 2012 at 4:15 PM, Christoph Langguth
> >> > <christoph at rosenkeller.org
> <mailto:christoph at rosenkeller.org>
> <mailto:christoph at rosenkeller.__org
> <mailto:christoph at rosenkeller.org>>>
>
> wrote:
> >> >>
> >> >> Wow!
> >> >>
> >> >> I'm absolutely amazed of you people here.
> >> >>
> >> >> It's been exactly 24 hours since we had a "911 call"
> on this
> list, with
> >> >> people distributed around the globe.
> >> >>
> >> >> Within these 24 hours, we have managed to "migrate"
> 2/3 of the
> >> >> infrastructure, maintained by almost 20 people, to a
> different
> >> >> location. And
> >> >> I'm sure that the rest of the maintainers will follow
> within
> a few
> >> >> hours (or
> >> >> when they read their mails.... jeez, it's weekend
> after all!).
> >> >>
> >> >> Quoting Jody, and in big letters:
> >> >> YOU ARE AWESOME!
> >> >>
> >> >> Thanks! ;-)
> >> >> -- Chris
> >> >>
> >> >>
> >> >>
> >> >> Am 01.03.2012 23:55, schrieb slush:
> >> >>
> >> >>> Hi all,
> >> >>>
> >> >>> I had deep-check cronjob on the same machine which
> has been
> hacked
> >> >>> today (see
> >> >>>
> >> >>>
> http://bitcoinmedia.com/__compromised-linode-coins-__stolen-from-slush-faucet-and-__others/
> <http://bitcoinmedia.com/compromised-linode-coins-stolen-from-slush-faucet-and-others/>).
> >> >>> Although it looks like attackers come just for my
> bitcoins,
> they had
> >> >>> also access to tahoe config, so we should expect that
> introducer furl
> >> >>> leaked as well. How we should resolve this issue?
> >> >>>
> >> >>> Best,
> >> >>> slush
> >> >>> _________________________________________________
> >> >>> volunteergrid2-l mailing list
> >> >>> volunteergrid2-l at tahoe-lafs.__org
> <mailto:volunteergrid2-l at tahoe-lafs.org>
> <mailto:volunteergrid2-l at __tahoe-lafs.org
> <mailto:volunteergrid2-l at tahoe-lafs.org>>
>
> >> >>>
> http://tahoe-lafs.org/cgi-bin/__mailman/listinfo/__volunteergrid2-l
> <http://tahoe-lafs.org/cgi-bin/mailman/listinfo/volunteergrid2-l>
> >> >>> http://bigpig.org/twiki/bin/__view/Main/WebHome
> <http://bigpig.org/twiki/bin/view/Main/WebHome>
> >> >>
> >> >>
> >> >>
> >> >>
> >> >> _________________________________________________
> >> >> volunteergrid2-l mailing list
> >> >> volunteergrid2-l at tahoe-lafs.__org
> <mailto:volunteergrid2-l at tahoe-lafs.org>
> <mailto:volunteergrid2-l at __tahoe-lafs.org
> <mailto:volunteergrid2-l at tahoe-lafs.org>>
>
> >> >>
> http://tahoe-lafs.org/cgi-bin/__mailman/listinfo/__volunteergrid2-l
> <http://tahoe-lafs.org/cgi-bin/mailman/listinfo/volunteergrid2-l>
> >> >> http://bigpig.org/twiki/bin/__view/Main/WebHome
> <http://bigpig.org/twiki/bin/view/Main/WebHome>
> >> >
> >> >
> >> >
> >> >
> >> > --
> >> > Shawn
> >> >
> >> > _________________________________________________
> >> > volunteergrid2-l mailing list
> >> > volunteergrid2-l at tahoe-lafs.__org
> <mailto:volunteergrid2-l at tahoe-lafs.org>
> <mailto:volunteergrid2-l at __tahoe-lafs.org
> <mailto:volunteergrid2-l at tahoe-lafs.org>>
>
> >> >
> http://tahoe-lafs.org/cgi-bin/__mailman/listinfo/__volunteergrid2-l
> <http://tahoe-lafs.org/cgi-bin/mailman/listinfo/volunteergrid2-l>
> >> > http://bigpig.org/twiki/bin/__view/Main/WebHome
> <http://bigpig.org/twiki/bin/view/Main/WebHome>
> >>
> >>
> >>
> >> --
> >> Give us this day our garlic bread and lead us not into
> vegetarianism
> >> but deliver us some pizza.
> >> _________________________________________________
> >> volunteergrid2-l mailing list
> >> volunteergrid2-l at tahoe-lafs.__org
> <mailto:volunteergrid2-l at tahoe-lafs.org>
> <mailto:volunteergrid2-l at __tahoe-lafs.org
> <mailto:volunteergrid2-l at tahoe-lafs.org>>
>
> >>
> http://tahoe-lafs.org/cgi-bin/__mailman/listinfo/__volunteergrid2-l
> <http://tahoe-lafs.org/cgi-bin/mailman/listinfo/volunteergrid2-l>
> >> http://bigpig.org/twiki/bin/__view/Main/WebHome
> <http://bigpig.org/twiki/bin/view/Main/WebHome>
> >
> >
> >
> >
> > --
> > Shawn
> >
> > _________________________________________________
> > volunteergrid2-l mailing list
> > volunteergrid2-l at tahoe-lafs.__org
> <mailto:volunteergrid2-l at tahoe-lafs.org>
> <mailto:volunteergrid2-l at __tahoe-lafs.org
> <mailto:volunteergrid2-l at tahoe-lafs.org>>
>
> >
> http://tahoe-lafs.org/cgi-bin/__mailman/listinfo/__volunteergrid2-l
> <http://tahoe-lafs.org/cgi-bin/mailman/listinfo/volunteergrid2-l>
> > http://bigpig.org/twiki/bin/__view/Main/WebHome
> <http://bigpig.org/twiki/bin/view/Main/WebHome>
>
>
>
> --
> Give us this day our garlic bread and lead us not into
> vegetarianism
> but deliver us some pizza.
> _________________________________________________
> volunteergrid2-l mailing list
> volunteergrid2-l at tahoe-lafs.__org
> <mailto:volunteergrid2-l at tahoe-lafs.org>
> <mailto:volunteergrid2-l at __tahoe-lafs.org
> <mailto:volunteergrid2-l at tahoe-lafs.org>>
>
> http://tahoe-lafs.org/cgi-bin/__mailman/listinfo/__volunteergrid2-l
> <http://tahoe-lafs.org/cgi-bin/mailman/listinfo/volunteergrid2-l>
> http://bigpig.org/twiki/bin/__view/Main/WebHome
> <http://bigpig.org/twiki/bin/view/Main/WebHome>
>
>
>
>
> _________________________________________________
> volunteergrid2-l mailing list
> volunteergrid2-l at tahoe-lafs.__org
> <mailto:volunteergrid2-l at tahoe-lafs.org>
> http://tahoe-lafs.org/cgi-bin/__mailman/listinfo/__volunteergrid2-l
> <http://tahoe-lafs.org/cgi-bin/mailman/listinfo/volunteergrid2-l>
> http://bigpig.org/twiki/bin/__view/Main/WebHome
> <http://bigpig.org/twiki/bin/view/Main/WebHome>
>
>
> --
>
> soli Deo gloria
>
> _________________________________________________
> volunteergrid2-l mailing list
> volunteergrid2-l at tahoe-lafs.__org
> <mailto:volunteergrid2-l at tahoe-lafs.org>
> http://tahoe-lafs.org/cgi-bin/__mailman/listinfo/__volunteergrid2-l
> <http://tahoe-lafs.org/cgi-bin/mailman/listinfo/volunteergrid2-l>
> http://bigpig.org/twiki/bin/__view/Main/WebHome
> <http://bigpig.org/twiki/bin/view/Main/WebHome>
>
>
>
>
> --
> Shawn
>
> _______________________________________________
> volunteergrid2-l mailing list
> volunteergrid2-l at tahoe-lafs.org <mailto:volunteergrid2-l at tahoe-lafs.org>
> http://tahoe-lafs.org/cgi-bin/mailman/listinfo/volunteergrid2-l
> http://bigpig.org/twiki/bin/view/Main/WebHome
>
>
>
>
> _______________________________________________
> volunteergrid2-l mailing list
> volunteergrid2-l at tahoe-lafs.org
> http://tahoe-lafs.org/cgi-bin/mailman/listinfo/volunteergrid2-l
> http://bigpig.org/twiki/bin/view/Main/WebHome
More information about the volunteergrid2-l
mailing list