sony-svoid bites the dust

By the looks of this picture, I would say that sony-svoid actually choked on the dust. I really need to get some better ventilation. Of course it wouldn't hurt to crack open the case and blow out the dust every couple of years.



With the recent trouble that I had with sony-svoid getting hacked, I decided it was time for her to retire. She was running such an old version of Mandrake that I didn't believe that I was going to be able to get security updates and I didn't think that a pentium 133 could handle any of the modern bleeding edge linux distributions.

So, I've moved my webserver over to my other linux box... an Athlon 800 Mhz. It's still no speed demon, but then again for the 3 visitors that my sight gets a day, I think that it will be able to keep up with the load. I pulled the NIC from sony-svoid so that I can have an interface on both the internal and external network.

I had to update the OS as well as I was previously running Novell Linux Desktop (NLD) and it was not configured to be a web server. So, I grabbed the latest ISO's of SuSE Linux 9.3 Professional Beta1 and built me a new webserver. I wasn't kidding about bleeding edge :) I don't even know if the Beta is public yet but I work for Novell and have access to the ISO's on an internal FTP server. Cool!

All my base are belong to...

... some script kiddie. I had to take down my website for a couple of days due to it being hacked. It actually looks like it was compromised sometime around January 21st. It took me a short while to notice because nothing destructive was done to the website itself. It wasn't until I tried to copy some photos to my website that I noticed that samba wasn't running.

After ssh'ing into the box to restart the samba service, I noticed that not only was samba not running, it was no longer installed. I was beginning to get suspicious. I couldn't have unintstalled samba without remembering... could I? And then, I stumbled across this telltale sign:

ls -al .bash_history
-rw------- 1 root root 1387 Feb 26 12:52 .bash_history -> /dev/null

At that point, I dropped to runlevel 1 and yanked the ethernet cable from the back of the computer. The postmortem suggested that the attacker exploited a vulnerability in samba that was discovered in late December 2004. I would have been OK if I was only running samba on my local network. I used to run in this configuration, but I had just recently setup a router with my web server running outside of my private network. I should have installed a second NIC so that I could still copy files on the internal network... but I got lazy and just opened samba up to the world.

Shortly after breaking in, the attacker uninstalled samba (thus preventing someone else from breaking in in the same fashion) and installed a root kit which replaced certain key executable files such as /bin/login, /bin/ps, /bin/netstat, etc. and wiped out all of my log files. The strange thing is that this guy actually went through the trouble of doing an rpm uninstall of samba instead of just deleting smbd or disabling the service.

"For what purpose did all of this occur?", you may ask. Well, of course, for the purpose of running an IRC bot. Why else would a script kiddie break into a web server? I think that my attacker should be proud of himself. I mean any hacker can take on a dual opteron running the latest release of RedHat, but it takes some serious SKILLZ to violate a Pentium 133 running headless in a corner of my office with a 6 year old version of Linux. Congratulations!

Choice

I was searching for an old document that I wrote and came across these notes that I scribbled to myself one night in OpenOffice:

My head keeps wandering back to a line uttered in the movie "Fight Club" by Brad Pitt. “Our lives are our great depression”. He was speaking to the fact that the modern man has no great adversity to face. Nothing to spur him on. This ironically results in a middle class society that is bored with itself. A society that is searching for meaning, for purpose in life. Isn't it ironic that in times of better living circumstances that we long for times of hardship?

What is it about harder times that we find appealing? And why is it that so many prosperous people are bored, unsettled and unfulfilled by life? The answer is: choice. We have too many choices nowadays. In harder times choices are limited. Life is simple. It is amusing that choice, a tool that can bring infinite happiness and power, is also capable of making us so miserable.

Choice is the key to happiness.

One can achieve a level of happiness by removing the amount of choices in life.

The man who has the greatest capability for choice but chooses the least; he is the unhappiest of all.

The man who can and does choose in every facet of his life; he has found true happiness.

First bike ride of the year

I just got back from my first bike ride of the year... mountain bike not motorcycle... in early February. God bless Utah winters :) It's actually been over a year since I last had my bike out. It spent all last summer couped up in a corner of my garage. In fact, I still hadn't fixed the flat tire that I got in St. George last winter. So, I got her all patched up and went for a short ride in Provo Canyon. The weather was beautiful and it felt good to be on the bike again.

The ride was a little shorter than I had planned. There was a big ice slide that was covering the trail by Bridal Veil falls. It was really strange becuase there was no snow in the canyon at all... I can't imagine how there would be, it was so warm out. But when I got to Bridal Veil falls, the trail and river were covered by a mountain of ice 20 to 30 feet deep. I couldn't tell how much of the trail it covered but it was enough that there was no way to get around it.