Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Fri 21 Nov 2014, 16:54
All times are UTC - 4
 Forum index » Taking the Puppy out for a walk » Announcements
[Resolved]01micko.com compromised
Moderators: Flash, Ian, JohnMurga
Post_new_topic   Reply_to_topic View_previous_topic :: View_next_topic
Page 3 of 4 Posts_count   Goto page: Previous 1, 2, 3, 4 Next
Author Message
James C


Joined: 26 Mar 2009
Posts: 5930
Location: Kentucky

PostPosted: Sun 15 Jun 2014, 17:15    Post_subject:  

Code:
james@mx1:~
$ ping -c5 01micko.com
PING 01micko.com (27.124.113.33) 56(84) bytes of data.
64 bytes from server-x-r6.ipv4.au.syrahost.com (27.124.113.33): icmp_req=1 ttl=42 time=313 ms
64 bytes from server-x-r6.ipv4.au.syrahost.com (27.124.113.33): icmp_req=2 ttl=42 time=314 ms
64 bytes from server-x-r6.ipv4.au.syrahost.com (27.124.113.33): icmp_req=3 ttl=42 time=321 ms
64 bytes from server-x-r6.ipv4.au.syrahost.com (27.124.113.33): icmp_req=4 ttl=42 time=321 ms
64 bytes from server-x-r6.ipv4.au.syrahost.com (27.124.113.33): icmp_req=5 ttl=42 time=318 ms

--- 01micko.com ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4004ms
rtt min/avg/max/mdev = 313.394/318.055/321.856/3.529 ms
james@mx1:~
computerfairy.net.jpg
 Description   
 Filesize   67.53 KB
 Viewed   432 Time(s)

computerfairy.net.jpg

Back to top
View user's profile Send_private_message 
8-bit


Joined: 03 Apr 2007
Posts: 3393
Location: Oregon

PostPosted: Sun 15 Jun 2014, 18:51    Post_subject:  

This ping request is from southern Oregon, USA.
Code:

# ping -c5 01micko.com
PING 01micko.com (27.124.113.33): 56 data bytes
64 bytes from 27.124.113.33: seq=0 ttl=50 time=241.197 ms
64 bytes from 27.124.113.33: seq=1 ttl=50 time=240.690 ms
64 bytes from 27.124.113.33: seq=2 ttl=50 time=239.967 ms
64 bytes from 27.124.113.33: seq=3 ttl=50 time=241.003 ms
64 bytes from 27.124.113.33: seq=4 ttl=50 time=240.462 ms

--- 01micko.com ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 239.967/240.663/241.197 ms


It seems to read about the same as others have got.
But the only information it gives is that the domain exists and gives the IP address found if I am correct in this.
Back to top
View user's profile Send_private_message 
Karl Godt


Joined: 20 Jun 2010
Posts: 3972
Location: Kiel,Germany

PostPosted: Sun 15 Jun 2014, 19:46    Post_subject:  

01micko wrote:
My host is allocated 27.124.111.0 to 27.124.118.255

My actual IP address is in the range 203.170.80.0 to 203.170.87.255. I can log on to that one with FTP. (Also allocated to my host)

Ping this domain; computerfairy.net, browse the site if you wish, it's a drupal install on my host, same root directory as 01micko.com. I own the domain. That's my real IP address.

Karl, see if you can log in through a browser once you have my real IP. The root folder is public_html, however you may only be able to get to public_html/KRG with your permissions.

In the browser bar
Code:
ftp://$REAL_IP_ADDRESS/public_html/


Happy hunting.

By the way, I've renamed my word press folder and removed any js from my index.html. I have removed a couple of perl scripts too. I don't expect to see an improvement based on the above info.


This is what I get using firefox and gftp :

Looking up ftp.01micko.com
Trying 01micko.com:21
Connected to 01micko.com:21
220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
220-You are user number 1 of 50 allowed.
220-Local time is now 07:35. Server port: 21.
220-IPv6 connections are also welcome on this server.
220 You will be disconnected after 15 minutes of inactivity.
USER KRG@01micko.com
331 User KRG@01micko.com OK. Password required
PASS xxxx
530 Login authentication failed
Disconnecting from site ftp.01micko.com

Micko, you gave me such a great password with a ']' in it .
Had already tried using
wget --ftp-user=USER --ftp-password=PASS
Code:
wget --ftp-user=KRG@01micko.com --ftp-password='VERY]GOODpassword' ftp://01micko.com
--01:41:27--  ftp://01micko.com/
           => `.listing'
Resolving 01micko.com... 27.124.113.33
Connecting to 01micko.com|27.124.113.33|:21... connected.
Logging in as KRG@01micko.com ...
Login incorrect.

So I had thought, that you had changed all passwords incl. mine or even removed it from the TOP SECRET hidden password file /var/.shalow ... Laughing
( Linux is very secure .. Confused )
Back to top
View user's profile Send_private_message Visit_website 
01micko


Joined: 11 Oct 2008
Posts: 7841
Location: qld

PostPosted: Sun 15 Jun 2014, 20:03    Post_subject:  

Karl,

You are responsible for your password and you can change it to whatever you want Cool

Try logging in with the IP. The real IP is 203.170.81.33. You should be able to just fine in gftp or filezilla. It works in browser too, ftp only.

Meanwhile I redirected my home page to micko.computerfairy.net and reinstated the javascript. If that is the cause (which I think not) then that address will succumb to the predator as well.

_________________
Woof Mailing List | keep the faith Cool |
Back to top
View user's profile Send_private_message Visit_website 
l0wt3ch

Joined: 23 Apr 2014
Posts: 55

PostPosted: Sun 15 Jun 2014, 20:58    Post_subject:  

Sorry to hear about this!

Hopefully it all gets sorted out without very much trouble.
Back to top
View user's profile Send_private_message 
musher0


Joined: 04 Jan 2009
Posts: 4319
Location: Gatineau (Qc), Canada

PostPosted: Sun 15 Jun 2014, 21:06    Post_subject: Re: Share what your PC sees relating 01Micko's problem, to help  

gcmartin wrote:
To begin to see the DNS issue I speak of, do this from a terminal Window:
Code:
# ping -c 5 01micko.com
PING 01micko.com (27.124.113.33): 56 data bytes
64 bytes from 27.124.113.33: seq=1 ttl=44 time=275.179 ms
64 bytes from 27.124.113.33: seq=2 ttl=43 time=278.243 ms
64 bytes from 27.124.113.33: seq=3 ttl=43 time=273.757 ms
64 bytes from 27.124.113.33: seq=4 ttl=43 time=274.601 ms

--- 01micko.com ping statistics ---
5 packets transmitted, 4 packets received, 20% packet loss
round-trip min/avg/max = 273.757/275.445/278.243 ms
If this is done from every continent we begin to see what the DNS resolutions are telling your browsers. The above is from a North-Western Hemisphere PC.

What continent and what does your resolution show? This helps in that we can get a worldly picture of what the browsers are being told. And, to how far the problem has cascaded.


Hello, gcmartin.

These are the results from my position:

Quote:
ping -c 5 01micko.com
PING 01micko.com (203.170.81.33): 56 data bytes
64 bytes from 203.170.81.33: seq=0 ttl=49 time=307.073 ms
64 bytes from 203.170.81.33: seq=1 ttl=49 time=300.629 ms
64 bytes from 203.170.81.33: seq=2 ttl=49 time=301.088 ms
64 bytes from 203.170.81.33: seq=3 ttl=49 time=302.288 ms
64 bytes from 203.170.81.33: seq=4 ttl=49 time=281.223 ms

--- 01micko.com ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 281.223/298.460/307.073 ms


I hope this helps. BFN.

Chris

_________________
"Logical entities must not be multiplied needlessly." / "Il ne faut pas multiplier les êtres logiques inutilement." (Ockham)
Back to top
View user's profile Send_private_message Visit_website 
01micko


Joined: 11 Oct 2008
Posts: 7841
Location: qld

PostPosted: Sun 15 Jun 2014, 21:23    Post_subject:  

musher0 wrote:
ping -c 5 01micko.com
PING 01micko.com (203.170.81.33): 56 data bytes
64 bytes from 203.170.81.33: seq=0 ttl=49 time=307.073 ms


Hey Musher0, that is the right address. Did 01micko.com work in a browser?

I just got word back from the host:
Quote:
Paul A (Customer Care Agent)

Jun 16 08:50 AM

Hello Michael,

Thank you for your email.

We do apologize for the inconvenience, Michael. Upon checking into the account and the settings, we found out that there were 2 hosting account on different server and unfortunately the inactive one was on the server with higher dns priority. We have already shut down that account and now there is only one hosting account. Please do consider waiting within 2 to 4 hours since changes have been applied and there is a downtime for 2 to 4 hours. After that it will be up and running.

Thank you
Paul A

Crazy Domains
Customer Support

www.CrazyDomains.com

Domains, Hosting & more...
Domain Names | Web Hosting | Email Hosting | Build your Site | Promote your Site

DISCLAIMER: This e-mail and/or attachments are confidential and may also be privileged. If you are not the named recipient, please notify the sender immediately and do not disclose the contents to other persons or use it for any purpose or store or copy the information in any medium. Any views expressed in this message are those of the individual sender, except where the sender specifically states them to be the views of Crazy Domains.


See what happens after 3:30 my time I guess.

_________________
Woof Mailing List | keep the faith Cool |
Back to top
View user's profile Send_private_message Visit_website 
greengeek

Joined: 20 Jul 2010
Posts: 2664
Location: New Zealand

PostPosted: Sun 15 Jun 2014, 21:39    Post_subject:  

I couldnt get the -c option to work - probably because I am on Windows at the moment, so I diid the following:
Code:
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

H:\>ping -c 5 01micko.com
Bad option -c.


Usage: ping [-t] [-a] [-n count] [-l size] [-f] [-i TTL] [-v TOS]
            [-r count] [-s count] [[-j host-list] | [-k host-list]]
            [-w timeout] target_name

Options:
    -t             Ping the specified host until stopped.
                   To see statistics and continue - type Control-Break;
                   To stop - type Control-C.
    -a             Resolve addresses to hostnames.
    -n count       Number of echo requests to send.
    -l size        Send buffer size.
    -f             Set Don't Fragment flag in packet.
    -i TTL         Time To Live.
    -v TOS         Type Of Service.
    -r count       Record route for count hops.
    -s count       Timestamp for count hops.
    -j host-list   Loose source route along host-list.
    -k host-list   Strict source route along host-list.
    -w timeout     Timeout in milliseconds to wait for each reply.

H:\>ping -n 5 01micko.com

Pinging 01micko.com [203.170.81.33] with 32 bytes of data:

Reply from 203.170.81.33: bytes=32 time=426ms TTL=44
Reply from 203.170.81.33: bytes=32 time=80ms TTL=44
Reply from 203.170.81.33: bytes=32 time=80ms TTL=44
Reply from 203.170.81.33: bytes=32 time=80ms TTL=44
Reply from 203.170.81.33: bytes=32 time=81ms TTL=44

Ping statistics for 203.170.81.33:
    Packets: Sent = 5, Received = 5, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 80ms, Maximum = 426ms, Average = 149ms

H:\>


http://www.01micko.com in the browser gives me your normal site so all good here at the moment.
Back to top
View user's profile Send_private_message 
01micko


Joined: 11 Oct 2008
Posts: 7841
Location: qld

PostPosted: Sun 15 Jun 2014, 21:52    Post_subject:  

Thanks Greengeek, looks like it's fixed.. but Google is still crawling the Chinese site - lol.. probably pissing them off too.

Too early to call "resolved" but looks like it is.
01micko.jpg
 Description   
 Filesize   81.13 KB
 Viewed   318 Time(s)

01micko.jpg


_________________
Woof Mailing List | keep the faith Cool |
Back to top
View user's profile Send_private_message Visit_website 
musher0


Joined: 04 Jan 2009
Posts: 4319
Location: Gatineau (Qc), Canada

PostPosted: Sun 15 Jun 2014, 22:27    Post_subject:  

Hi, micko.

Is this how it's supposed to look?

musher0
micko's_site.jpg
 Description   Reduced to 640x512 pixels
 Filesize   35.1 KB
 Viewed   289 Time(s)

micko's_site.jpg


_________________
"Logical entities must not be multiplied needlessly." / "Il ne faut pas multiplier les êtres logiques inutilement." (Ockham)
Back to top
View user's profile Send_private_message Visit_website 
8-bit


Joined: 03 Apr 2007
Posts: 3393
Location: Oregon

PostPosted: Sun 15 Jun 2014, 22:32    Post_subject:  

I just tried your site and the Chinese stuff no longer is there!
So it looks like it may be resolved now.
Back to top
View user's profile Send_private_message 
01micko


Joined: 11 Oct 2008
Posts: 7841
Location: qld

PostPosted: Sun 15 Jun 2014, 22:44    Post_subject:  

Musher0 - yep. That's how it looks when adblocker or sc0ttmans Pup-Advert-Blocker is running Smile

8-bit - I think it is but my sub-domains aren't working yet. I've marked "resolved" but it's not fully resolved until slacko.01micko.com gets back up. It is accessible at 01micko.com/slacko57.

_________________
Woof Mailing List | keep the faith Cool |
Back to top
View user's profile Send_private_message Visit_website 
technosaurus


Joined: 18 May 2008
Posts: 4376

PostPosted: Mon 16 Jun 2014, 01:36    Post_subject:  

speaking of advert blocker... it should be patched to use 0.0.0.0 instead of 127.0.0.1 so that proxy servers can use it. They are quite handy if you use multiple browsers so that caching is done in 1 place ...polipo is a nice one I discovered when building hv3 a while back ... its small and use multiple techniques to speed up browsing.
_________________
Web Programming - Pet Packaging 100 & 101
Back to top
View user's profile Send_private_message 
musher0


Joined: 04 Jan 2009
Posts: 4319
Location: Gatineau (Qc), Canada

PostPosted: Mon 16 Jun 2014, 06:38    Post_subject:  

01micko wrote:
Musher0 - yep. That's how it looks when adblocker or sc0ttmans Pup-Advert-Blocker is running Smile
(...)


Hi, micko.

None of the above! Laughing

The name of the opera extension I use for ad-blocking is called
"ghostery". (It does a lot more than that, too.)

Also a good recent "hosts" file in /etc.

Glad to see that your site is slowly getting back to normal, sort of.

BFN.

Chris

_________________
"Logical entities must not be multiplied needlessly." / "Il ne faut pas multiplier les êtres logiques inutilement." (Ockham)
Back to top
View user's profile Send_private_message Visit_website 
8-bit


Joined: 03 Apr 2007
Posts: 3393
Location: Oregon

PostPosted: Tue 17 Jun 2014, 01:46    Post_subject:  

01micko,
I see what you mean about the sub-sections of your site being slow coming back. I tried using some of the links in your threads on the forum that are supposed to access areas of your web site and still get a 404 error a lot.
This is not good in that someone new that was browsing the forum and wanted to check out more about some of your ISOs or download one would get a 404 error and possibly assume that the version of Puppy no longer existed.

Of course one could expand this to the Additional Software section of the forum that had links to bigger files that do not work now with the lower file size restriction on the forum and file sharing sites that only keep a file available for a limited time.
Back to top
View user's profile Send_private_message 
Display_posts:   Sort by:   
Page 3 of 4 Posts_count   Goto page: Previous 1, 2, 3, 4 Next
Post_new_topic   Reply_to_topic View_previous_topic :: View_next_topic
 Forum index » Taking the Puppy out for a walk » Announcements
Jump to:  

Rules_post_cannot
Rules_reply_cannot
Rules_edit_cannot
Rules_delete_cannot
Rules_vote_cannot
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.1078s ][ Queries: 13 (0.0056s) ][ GZIP on ]