Ok figured out everything.
I know the name of the botnet, the infos, how it works, have a backup of everything (syslogs and home directory of the miner).
I might go to the police with all of those infos, even though i don't think they can do much.

Show thread

Found the issue, a miner got launched on the server, currently looking at reversing all the stack.
And rn there is an irc server used to get hooks.

Show thread

So right now all of my services are down, all my webservers, Minecraft proxy and server.
Nothing is running right now until I find the cause.

Show thread

I was thinking of catching every outgoing packets to port 22 and log the process responsible for it, but I don't know how to do it, don't know if it is possible, and don't know if this is a good idea.

Show thread

So today I received an abuse email from hetzner with logs of my server's IP scanning for port 22 on the 192.168.x.x IP range.
Problem, the only stuff that we changed is adding a Minecraft plugin and after decompiling it nothing looks out of place.
The suspicious activity also looks like it stopped during the night, but I now have no idea where it could come from.
I tried to look up packets with wireshark but didn't find anything of use.
Does anyone have an idea to fix this ?

🗳️ choose then boost :boost_requested:

@dottorblaster @rudolf @SonoMichele

Everything that @rudolf said is true, but there are a bunch of caveats that I think need to be mentioned.

First, dd itself. Feel free to search for this, but dd is basically unnecessary for this operation, you can do cat > /dev/sdX and that will work just as well- and usually much faster. The only reason for DD is essentially historical.

But that's not really important, what's important is that disks aren't really disks anymore...

1/

Stop using "Zoom" as a general term for video conferencing.
Stop using "Google" as a general term for searching the web.

Voilà aussi le gros problème des plaintes CNIL : ils ne les lisent même pas…

Happy 14th of July everyone 🇲🇫🥳🇲🇫🥳

SourceHut and Drew Devault are doing a great job for free and open source software and this post is only a small example of their work:

sourcehut.org/blog/2022-07-06-

Dear Linux desktop apps, you have full authorization to create a folder in my ~/.config directory, you are even invited to stuff your data in my ~/.local/share directory, and let's not forget about that ~/.cache y'all! Wunderbar! Much freedom!

So, now, please repeat after me:

👏 I 👏 SHALL 👏 NOT 👏 MAKE 👏 A 👏 FOLDER 👏 IN 👏 YOUR 👏 HOME 👏 DIRECTORY 👏

Thank you kindly

I currently have a minecraft server running Paper on 1.19, does anyone wanna come and play ?
It's chill vanilla survival and there's like 10 people playing from time to time.
We have made some progress and made some farms so if you're interested just tell me :)

Show older
Fosstodon

Fosstodon is an English speaking Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.