BLOG |
|
 |
|
|
ABOUT zwarg.blog CATEGORIES
war ARCHIVES |
Friday, March 3, 2006
Had an interesting conversation last night with work folks about the concept of using blogging in a corporate environment. Interesting conversation. It's kind of along the lines of the conversation this guy has with himself. Blogging in the corporate environment, and how that message can be used. But isn't that just selling out? Tuesday, February 28, 2006 I have been working with the Philly Independent Media Center for a few months now, and we've been working like dogs (tonight especially) to roll it out. Check it out when you've got a second: http://www.phillyimc.org/ Oh, liberty never tasted so good. Thursday, February 23, 2006 Just defended myself from a hack attack today. AWESOME. Are you ready for the play-by-play? Here we go: I noticed my CVS was sooooo slow. I kept getting some kind of error that wouldn't let me log in via ssh. 'Odd', I thought. Indeed. I finally got in on ssh, and saw 'top' was running perl and eating up all the processor. Also, netstat showed some irc connections. I don't have irc, so this was a problem. Whoah. [ around this time, I started getting sweaty palms and increased heartbeat ] I found some interesting scripts that were being run by perl and nobody in /tmp (bad news #1 -- anything can run out of /tmp). I looked at the processed, and perl is kind enough to show me the command line arguments that it was running with. All those hidden files in /tmp. Ohhhh...you bastards. I went into top, and started killing them mercilessly. They eventually died. Somehow, though, they managed to start the default installation of apache httpd. Whoops. What was that doing there? (bad news #2) I started searching on the files that I found in /tmp, and got to a link that said something about phpbb. Step #1, disable that motherfucker. So it's down. I look back through the apache logs, and see a bunch of gobbledigook in the forums. I took that out, converted the characters back to ascii so I could read them, and started seeing things like: system( chr(...),chr(...),chr(...)... ). That's just bad. I piped the chr() crap through php, and looky here! Presents! That's where all the files in /tmp came from! Sweet. I moved all of them away and saved them for later, and read through them. Nifty little tricks, ya bastards. And then, well, it was all over! I removed the default apache (wtf was it doing there) and fixed anything that I mentioned here (of course), and hooray! Back to bones. I have to admit, I'm no sysadmin, but you've got to be a lot meaner. (You know that's not a challenge, right? I gotta start my dayjob, so just relax all you hackettes). Saturday, January 7, 2006If you couldn't tell, this post refers to the current site design. I didn't do it, and I like it. I hope you do, too. Friday, January 21, 2005 Looking on the http://sf.indymedia.org/ site, looks like they're under attack by some malicious hackers. Someone's taken down Texas, Oklahoma, Vermont, and New Hampshire IMC's. And they are quite cocky about it. Way to go free speech. Gotta love this country, where anyone can be as much of an asshole as they want to be. Also, "Fascist Right Wing Hackers"? Damn, have they got a clothing line? |