(old)Puppy Linux Discussion Forum

oh my gosh that attackpup is so beautiful

Much appreciated but now we need the computer savvy people among Puppy users to tell us how to protect ourselves.

1. Did you have a router at that time. Did him go through the router then.
2. Or did he lure you to visit some page him had prepared with a Flash thing or
3. did he send you something that had the downloader of something that allowed him to get in?

Was this a vulnerability in the Firefox Flash or something that that program he had paid for used?

I fail to get it.

It could well have been flash, because both the firefox, chromium that I installed via quickpet, and flash were all out of date at the time I installed them

(firefox has an updater built in that I ran twice to get fully up to date. chromium had to become chrome, and flash needed to be replaced via downloading and replacement in the file-manager)

(I actually know now to go into Puppy Package Manager ("install" desktop icon) and via the Configure Package Manager button, tick the ubuntu repositories (I chose main, multiverse, and universe) and then click the Update button before searching for chrome

I think chrome is in ubuntu lucid main, but I can't remember to tell the truth

Hope it is okay that I am a bit at it. I wonder about this

2. Or did he lure you to visit some page him had prepared with a Flash thing or

Suppose you are right about having an older version of Flash.

But that would only work for him if him had his own Blog or server or some place him could place a file on that make use of that Flash vulnerability.

But if it was through the Router then he has to have a program that actually penetrated from outside through the router.

Is it possible now to look in the log of the router if he came that way?

I guess this did happen days or weeks ago. Has he promised to never try again?

Anything you remember can help the Devs to make Puppy better or them tell us what we have to do to make us more secure.

to answer your questions nooby

>we (mostly he) shared links to gifs, jpegs, and flash
>he does have his own server - he swears by the use of it's vnc passthrough/proxy whatever capabilities and p2p use also
>no I don't log my router's activities (I probably shouldn't be sharing that knowledge I think and should actively log from now on *facepalm*)
>it's all a mystery to me to be honest - how do you get through my router and then my firewall too?

can set up a port .

Example : downloading a directory ( little /etc in this case ) : But until now I was not able to inject a file with scp or curl .

dru5k1,

Do you run samba? If you opened a folder of pictures to share, maybe translating through a samba-network-neighborhood or such it might have set up an environment that let your friend telnet into the "shared" space on your computer. I don't do samba, so I don't know what permissions are granted in puppy folders through it. But if all he managed was to run in a shared folder as a remote computer... That used to be pretty easy to do. I suppose doing something like that could be called a "hack" if done without permission. It's the kind of entry into a shared-files space that would slow your computer. Samba would be attempting to build a GUI to serve to a remote Windows environment. It should have been using a good deal of your cpu and keeping your net-activity blinky alight, with cpu temp and net Tx up.

Thanks Karl for being a CUR
(Puppy spreading Courage Understanding and Reassurance)
rather than a follower of FUD.
Did you 'think of the children'?
http://youtu.be/Qh2sWSVRrmo

That makes perfect sense to me
and also in technical terms seems very easy . . .

Pretty sure I have a static IP address (this is set up by the ISP)
http://whatismyipaddress.com/dynamic-static
Is there an easy way to use a dynamic IP address temporarily
for example if contacting SMERSH (gosh it actually exists)
http://en.wikipedia.org/wiki/SMERSH
or the Linux Users Conspiracy Klub (LUCK)

dru5k1, another question for you: were you running Puppy as root, or as a user with a login at the time your friend broke in?

ok, I was running as root with no samba

just to let you know, I've updated my browser+flash and added
iptables -A INPUT -j DROP
to my /etc/rc.d/rc.firewall script (I figure these are good security measures), also I haven't talked to my friend as much just recently (he was ridding some windows machines of virii last time we spoke), and I haven't had any more intrusions (he just did that for fun, and he'll obviously know that I've got nothing juicy on my computer, so failing aggravating some net-savvy-linuxnet-savvy person I don't see the same incident happening again in the near future *fingers crossed*

(I feel quite confident actually - I asked him to try again, but he declined as he's busy)

looking back over the thread,..

I *wish* I knew how this is done.. as far as I know it costs both money and time to learn though... I'm just an average web browser - it's way out of my league

To reedit up to date.

The guy who vandalized the forum a month or so ago used a TOR (anonymizer) server to hide his true IP address. Is that what you mean?

Someone mentioned GUI being built by SAMBA.

I don't think that is possible in any current SAMBA. So SAMBA exploits merely would let you "see" files in the shared folder if you got desktop/SAMBA access.

The exploit that the OP seemingly referencing is about gaining access to executes some desktop function.

Althought this hack isn't considered a virus, it does constitute an examination of how the system could or would be used, depending on which access ANY user would do.

And, as many people whose eyes and comments we can put on this, should make for a much better solution.

Now, again, knowing what we currently know about Puppy, with/without a F/W, what is running or available to allow and support access over the LAN/WAN???

Hope this helps

Hello,
1. Do you have your firewall on??
2. Do you have any tangible evidence he had access to your system, or did he just slow it down?
3. Would you like to pay him back?

Anyone know if its described somewhere how to properly implement syslog/syslog-ng in a modern PUP?

Thanks in advance

He's a bit of a joking snobby guy, only saying that the my browser was too old

Like he told you, it was probably a browser exploit. Try adding Ad Block Plus and a script stopper/blocker. Check Tuuxxx's Classic Pup 2.14X for a Flash blocker.