Language:
switch to room list switch to menu My folders
Go to page: First ... 13 14 15 16 [17] 18 19 20 21 ... Last
[#] Tue Jan 11 2005 15:28:53 EST from Freakdog @ Dog Pound BBS II

[Reply] [ReplyQuoted] [Headers] [Print]

Nitz and DP2 network together. There's usually not much traffic in the rooms that we share, but we share. I'll add nitz to the list.

[#] Wed Jan 12 2005 12:43:05 EST from Ford II @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

I love seeing stuff go.

[#] Wed Jan 12 2005 13:48:06 EST from Freakdog @ Dog Pound BBS II

[Reply] [ReplyQuoted] [Headers] [Print]

Heh.

[#] Sat Mar 12 2005 02:46:33 EST from Freakdog @ Dog Pound BBS II

[Reply] [ReplyQuoted] [Headers] [Print]

Sorry we were down for a while...a few things necessitated an OS upgrade on my server...we're now running Cit6.41 on a Fedora Core 3 box.

[#] Sat Mar 19 2005 23:49:03 EST from Freakdog @ Dog Pound BBS II

[Reply] [ReplyQuoted] [Headers] [Print]

Sorry, folks.  Server got hacked, binaries replaced, etc...it was ugly.

In any event, the BBS is back up, DNS is back up...I hope to get the rest of this beast fixed, soon.


[#] Sat Mar 19 2005 23:58:17 EST from Patriot @ PixelBBS

[Reply] [ReplyQuoted] [Headers] [Print]

What happened, and how'd you find out?

[#] Sun Mar 20 2005 07:02:26 EST from Freakdog @ Dog Pound BBS II

[Reply] [ReplyQuoted] [Headers] [Print]

Still don't know how they got in...saw processes running that aren't normally there (perl processes and such...one process had a name that ended in .jpg).
I run top on all my systems, in separate windows...and these processes were at the top of the list when I looked.

Somehow, in my investigation, I triggered something that A) replaced a few binaries and B) somehow replaced the NIC driver or somesuch with one that put the NIC into promiscuous mode, whether I liked it or not.

[#] Sun Mar 20 2005 07:16:59 EST from Patriot @ PixelBBS

[Reply] [ReplyQuoted] [Headers] [Print]

Oh, fucking LOVELY. Let us know if you figure out how they got in.

What distro were you usin'?

[#] Sun Mar 20 2005 10:38:26 EST from Freakdog @ Dog Pound BBS II

[Reply] [ReplyQuoted] [Headers] [Print]

Modded up RH9...upgraded to FC3, but I think something from RH9 followed me over...actually, I think it might have been an extra package that I was using that horked me...not sure.

[#] Sun Mar 20 2005 10:50:44 EST from Patriot @ PixelBBS

[Reply] [ReplyQuoted] [Headers] [Print]

Ugh. Well let us know if you figure it out. I'm running an upgraded FC2-FC3 for Pixel.

[#] Sun Mar 20 2005 19:33:02 EST from Freakdog @ Dog Pound BBS II

[Reply] [ReplyQuoted] [Headers] [Print]

I think it might have been icecast that was the culprit.

I was running it when I discovered some ill-gotten gains in my /tmp dir.
When I upgraded to FC3, I purposely didn't run icecast for a while...then, the day after I restarted icecast (running the latest version, mind you), the next day, I say, I found some ill-gotten gains, again.

Coincidence? Possibly.

[#] Sun Mar 20 2005 20:51:42 EST from Seg @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

Was it running as root?

I don't let ANYTHING run as root. Except openssh, which kinda needs to. And is widely used so has more eyeballs on it that icecast...


[#] Sun Mar 20 2005 21:28:11 EST from fleeb @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]


How old is your version of Icecast?

The last Icecast exploit I've seen anything on Google for is back around 2002. Icecast 1.3.x in those days.

Unless, perhaps, there's something new. Or your copy of Icecast had trojans built into it.

[#] Sun Mar 20 2005 21:34:31 EST from IGnatius T Foobar @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

It appears that Bugzilla is still down.

[#] Sun Mar 20 2005 22:14:19 EST from Freakdog @ Dog Pound BBS II

[Reply] [ReplyQuoted] [Headers] [Print]

Nope...icecast was running as icecast. The odd processes were running as "apache".

[#] Sun Mar 20 2005 22:14:42 EST from Freakdog @ Dog Pound BBS II

[Reply] [ReplyQuoted] [Headers] [Print]

Latest version, from the icecast site...

[#] Sun Mar 20 2005 22:16:40 EST from Freakdog @ Dog Pound BBS II

[Reply] [ReplyQuoted] [Headers] [Print]

It appears that Bugzilla is still down.

All better...again. Damned Fedora /etc/httpd/conf.d/php.conf is minimal, at best...needed to add some options back in.

[#] Sun Mar 20 2005 22:17:16 EST from Freakdog @ Dog Pound BBS II

[Reply] [ReplyQuoted] [Headers] [Print]

Then again, maybe not.

[#] Sun Mar 20 2005 22:25:54 EST from Patriot @ PixelBBS

[Reply] [ReplyQuoted] [Headers] [Print]

I'll take a look at it tomorrow.

[#] Mon Mar 21 2005 04:50:54 EST from Nite*Star @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

Mar 20 2005 9:34pm from IGnatius T Foobar @uncnsrd
It appears that Bugzilla is still down.


Which Buzilla site are you trying to access, IG? bugzilla.com (a web site for Volkswagen cars), bugzilla.org (the Bugzilla software),
or bugzilla.mozilla.org (the MOzilla site for bug-management of Mozilla.org products)? All three appear to be functional as of the time of this posting ....

Go to page: First ... 13 14 15 16 [17] 18 19 20 21 ... Last