Well, since I need a bit of clearing house for problems, here goes
Mission.net has been infected with what it looks like This guy is describing I’ll post updates as I find out more. To see what happened previously, look here. This doesn’t make me happy as I’ve been battling a migrain all day.
ST Infection
- Moved binary 21:28
netstat -tap shows
e PID/Program name
tcp 0 0 —.mission.net:58873 ik59064.ikexpress.com:ssh ESTABLISHED 11884/perl
a perl process that is running from apache that has ssh running. I kill the process.
21:43
Dan’s scrubbing files again with
grep -lR kgeba * | xargs sed -e ’s\/\\\< \/html\>//g’
Removing awstats and orca since this are probable entry vectors
21:51
- Cleaning out /tmp looking for anything more suspicious.
- Cleaning out all Orca related files
22:04
- Cleaning all SIB related /tmp files
22:24
- Orca cleared, confirming cleaning of html files
22:34
- Because I am ultra paranoid now, I am shutting down any third party application that I can’t get security info on in the Individual webmaster directories.
22:38
- Bringing up Apache again, please be vigilant when reviewing your sits.
- Watching for signs of infection again.
22:46
PURL (Perminant Url) is back up and running thanks to Dan.
- I know mysql is still borked. Please leave me comments so that I can track what ever else got borked through the fedora core 3 to fedora core ? upgrade.
Last Friday I woke up and checked on Mission.net a Alumni site for Mormon Missionaries. As I was in the midst of bringing up the home page, I was redirected to a site that redirected to a site call k*g*e*b*a. As I shut down the webserver, and started to investigate, I found that every file that the webserver could access was bringing up this page. As I was formulating a plan to fix this problem, Xmission, the ISP where the host lives, physically pulled the plug. Through the weekend I laboured to find someone who could help me get this fixed.
I was finally able to find contact my contact Deseret Book and he got the host SSH access on Tuesday. As soon as I was able to access the box I ran the following sed script
This removed the redirects that had been inserted into the files. The site was sitting pretty as far as having the infestation removed.
I then went to work upgrading the hosts, remotely, through two revisions (using there instructions) only to find all access to the outside had been blocked.
So I went to back to asking for access, asking for the ability to talk to the outside so that I could fix the problem. Every time I asked the ISP, I got rejected.
This is where the Frustration breaks in.
Then, today, I had an idea. I decided to work around the problem. I used what is called ssh port forwarding and I would now I’m using my DSL connection to upgrade the host
First, I created two remote SSH connections, then I used netcat to encapsulate dns traffic.
I’d go into more detail, but since most of the one readers of this blog aren’t tech nerds, I’ll spare ya’ll.
If you want to know the nitty gritty commands and what I did to get it let me know in the comments and I’ll add them to the post.
As I’ve made the trek back and forth to Utah for the occasional Family gathering, BNL concert and girlfriend, I noticed this little town on the side of the road, in the middle of nowhere.
It wasn’t like a small town, it was like someone had transplanted a small hunk of suburbia out in the middle of the hinterlands.
If I was a UFO believing man (and I probably am), I’d figure that the same aliens that show up at Devils Tower and play Simon with the US Military probably stole this block of houses from the Bermuda triangle. I mean, the pilots of the lost squadron could have lived in this town, right?
So after talking up my courage with the younger brother (who told me he had attempted to get in) I decided on the latest trip to see this little town. Here are some pictures.
Now, at no point did I ever leave my truck because there is no way I was going to become a Zombie snack. Zombies want you to be all relaxed, and the moment you walk out of your truck, you hear “Braaainnnnss” and then you are a goner.
This little town was kind of spooky, and there were drifts everywhere, there was an abandoned recreation center, I had to bust some drifts, and I was sweating up a storm (because, there was a no treaspasing sign, and I’m a rule keeper, so I was just waiting for security (Aka, this place was a top secret “Star Wars” facility like in Spies Like US) or the Zombies to get me.)
So I was happy to eventally leave.
Afterwards, Gordon was able to find an Article about the Table Rock Facility and the heyday of that little town, and then it’s eventual death (nother good reason to think Zombies just might live there).
I used to watch a little show called “In Search of” Voiced by the man who brought us the Ballad of Bilbo Baggins Leonard Nemoy himself.
In these compact little snippets of information I learned that no one knew why the Easter Island heads were there
or that aliens hung out at the bermuda triangle
or that bigfoot existed
or that Blackbeard knew how to bury treasure
or that One-Eyed Willie saved the Goonies from the Fratellis (no thanks to Chunk!)
or that Bilbo Baggins was three feet tall….
Regardless, I went to a movie and saw two movie clips that I must have for my overly complicated Movie setup 1) I heard in the snack line by Frankie and the Frogs (which I have found)
and
2) a THX/Shrek trailer, that I just can’t find online (using my awesome powers of googling). Anyone want to throw me a bone?
I was perusing digg when I saw that amongst the Star Wars NerdsGeeks err Fans that will be dressed up as Stormtroopers and other various members of the Star Wars Universe is Darth Vader, who hails from none other than Provo Utah. 700 applied, only 300 were chosen.
