05:05 < ryan_> Hey I can tell you
05:05 < ryan_> exact details of the attack
05:05 < Ruchira_> well even if they werent hacked. forcing people to change password once a while is a good idea :P
05:05 < ryan_> manager.linode.com was breached with a coldfusion exploit
05:05 < ryan_> it was compromised for a couple of weeks
05:05 < mestri> yes??
05:05 < kyhwana> I hope they're using bcrypt/similar, etc.
05:05 < ryan_> we made a deal with linode staff not to share it
05:05 < ryan_> kyhwana: sha256crypt
05:05 < kyhwana> ryan_: god some proof?
05:05 < shmoon> "we"?
05:05 < kyhwana> s/d/t
05:05 < kyhwana> heh
05:05 < ryan_> they contacted law enforcement
05:05 < ryan_> broke the deal
05:05 < ryan_> kyhwana: the released database should serve as proof
05:06 < mestri> wow
05:06 < Ruchira_> <_<
05:06 < ryan_> We will also release the logs of the linode staff who participated in this deal
05:06 < shmoon> "WE"???
05:06 < shmoon> who is we?
05:06 < ryan_> of course they wouldn't have ever told you (customers) about it if we didn't tell them that we will release the data after we saw them contacting LE
05:06 < ryan_> does it matter who is "we"?
05:06 < ryan_> It's an entity I represent
05:07 < drclawski> of course it matters who you represent
05:07 < ryan_> you probably weren't targetted but doesn't stop us from releasing your credit card info since linode staff tried to fuck us over
05:07 < shmoon> hm
05:08 < drclawski> well, the way you talk right now I'm glad linode contacted law enforcement
05:08 < shmoon> :D
05:08 < gerryvdm_mbp> ah, could change back to my original password after intermediary one!
05:08 < Ruchira_> ryan_: got a link to that db where I can download it?
05:08 < Ruchira_> :*
05:08 < kyhwana> link 2 pastebin plz
05:09 < ryan_> Ruchira_: not yet
05:09 < mestri> this sounds so fishy
05:09 < shmoon> credit card details were leaked ? :o
05:09 < chesty> full of it
05:09 < ryan_> https://twitter.com/hacktheplanet
05:09 < ryan_> you can follow there
05:10 < ryan_> hey
05:10 < ryan_> lets prove it this way
05:10 < chesty> there's nothing there
05:10 < Ruchira_> ryan_: gimme the db or GTFO
05:10 < ryan_> https://bin.defuse.ca/hq0Ay8RzpKdR6vQwYxnmhc
05:11 < ryan_> if that's not proof I don't know what is
05:12 < mestri> hm i see.
05:12 < Ruchira_> wow someone can right click and view source O_o
05:12 < ryan_> Ruchira_: do you have the slightest idea on what you are talking about?
05:12 < Ruchira_> yup
05:12 < ryan_> well then, I wouldn't have the source code of any of those files, right?
05:13 < ryan_> and why would I have the y_key_57284cb2de704e02.html file name?
05:13 < ryan_> caker:{SHA}f6gtSn8vrtJfOr5BL73qur9pZjM=
05:13 < ryan_> mgreb:{SHA}Rs6+t2AmP8Zk9Tt2L8V6KoF/p68=
05:13 < ryan_> tasaro:{SHA}VX3HOGFij2T+vBPQsJziNeFih9s=
05:13 < ryan_> restelow:kO8AB7F2vGeTY
05:13 < ryan_> irgeek:{SHA}vB9kanV+A2b6YBHskkgrWPmDLhU=
05:13 < ryan_> sschwertly:{SHA}MhAwd561ZtgAH2NgXLltvmWlgfQ=
05:13 < ryan_> dariti:{SHA}qWfPCORks8jobCzOHX6BcX5FS+Q=
05:13 < ryan_> bkaplan:{SHA}npf7EGrBJVP/L70h830WZcjBMP8=
05:13 < ryan_> psandin:{SHA}tKrcBAD/mj25kX0MSrZKtWAbpRk=
05:13 < kyhwana> why would there be random AMI bios ROMS in that htdoc?
05:13 < ryan_> afolson:{SHA}udkD+S5jcqr66VDf6OgSxhHhbzQ=
05:13 < ryan_> cron:{SHA}FFwIAcaqmbdxfVGfpoCtd4pva4Y=
05:13 < ryan_> I wouldn't have those either
05:14 < ryan_> I don't know
05:14 < scottymeuk> kyhwana: even linode has random shit lying around like the rest of us :P
05:14 < ryan_> ask linode staff
05:16 < vegardx> Lets not jump to conclusion. There is nothing that suggest that owning linode.com has any effect other than being able to change the webpage.
05:17 < mestri> kyhwana: i assume this guy is not bullshiting, so why the lie on the blog ?
05:17 < mestri> i am concerned about my credit card informations
05:17 < mestri> now to be honest
05:17 -!- niemeyer [~niemeyer@177.194.199.196] has quit [Ping timeout: 480 seconds]
05:17 < kyhwana> post something from manager.linode.com then, heh. hacking the main page doesn't prove much
05:17 < mestri> i cant believe where linode has gone to...
05:18 -!- Kowalczyk [kowalczyk@00012fb5.user.oftc.net] has quit [Ping timeout: 480 seconds]
05:18 -!- epiloque [~epiloque@00019c03.user.oftc.net] has joined #linode
05:18 -!- Kowalczyk [kowalczyk@tilde.kowalczyk.no] has joined #linode
05:18 < ryan_> kyhwana: I just pasted admin hashes
05:18 < ryan_> that should be enough
05:19 < ryan_> and manager is on the same box as the main website
05:19 < mestri> D:::::::
05:19 < Daevien> mestri: very interesting you came in same time as ryan_ pretty much btw
05:19 < kyhwana> So what? anyone can make up hashes
05:19 -!- xinming [~xinming@113.248.68.127] has joined #linode
05:19 < mestri> ?
05:19 < ryan_> See http://www1.linode.com/manager/
05:19 < mestri> i woke up now
05:19 < AlexC_> The best thing to do is to wait for an official response from Linode, a follow up to their blog post
05:19 < mestri> and i got promted to change pass?
05:19 < ryan_> kyhwana: yes and I can get all the files in their wwwroot?
05:19 < AlexC_> mestri: Read the blog
05:19 < mestri> i did
05:19 < ryan_> give me a name of a file which source you want
05:19 < mestri> noone replies to the comments
05:19 < mestri> which i agrees with most of them
05:20 < mestri> sorry for my poor english
05:20 -!- seanh-corona [~Adium@23-24-204-249-static.hfc.comcastbusiness.net] has quit [Ping timeout: 480 seconds]
05:20 -!- xinming_ [~xinming@125.84.26.85] has quit [Ping timeout: 480 seconds]
05:21 < Daevien> mestri: emails were sent out to all customers before this, you should have gotten notifcation. i just fidn it very interesting that you show yo same time and try to make linode look bad
05:21 -!- hipsterslapfight [~hipstersl@188.30.25.121.threembb.co.uk] has quit [Ping timeout: 480 seconds]
05:21 < mestri> i ve been away all weekend lol
05:21 < mikegrb> lulz
05:21 < mestri> carp fishing hard
05:21 -!- mode/#linode [+b *!*ryan@54.228.197.*] by akerl
05:21 -!- mode/#linode [+ntc ] by ChanServ
05:21 -!- ryan_ was kicked from #linode by akerl [ryan_]
05:22 < rww> I don'
05:22 < rww> I don't remember getting notification, for what it's worth.
05:22 -!- mode/#linode [+b *!*@54.228.197.*] by akerl
05:22 < Daevien> rww: check your email on file then,maybe yoru anti spam is too strict or something
05:22 < kyhwana> akerl: took long enough
05:22 < akerl> Sorry, I was busy nomming
05:23 < vegardx> There is cake?!
05:23 < mikegrb> mmm cake
05:23 < rww> Daevien: I did. That address doesn't have spam filtering as far as I know.
05:23 < Daevien> hrm, my anti mike trigger filter seems to have broken, i actually saw that :p
05:23 < shmoon> please dont get me wrong but how can you say that the guy was talking nonsense? i am trying to understand
05:23 < Daevien> rww: strange, i got it no problem
05:23 < AlexC_> I sure do Linode write a far more indepth follow up about all of this.
05:23 < AlexC_> s/do/do hope/
05:23 < chesty> AlexC_: ha
05:24 < rww> If they're using the same service they used to send me repeated emails offering me $50 in credit to sign up again after I deleted my account, then I unsubscribed from that bulk mailer and that might be why.
05:24 < rww> (I did, in fact, sign up again. Hence me talking.)
05:24 -!- ssthormess [~c9f90a58@chat.linode.com] has joined #linode
05:24 < kyhwana> well, LEO involvement just imply CC breaches. If there's any chance of a CC breach, i'd like to know so I can change my CC number
05:24 < AlexC_> chesty: If they don't, they're stupid (and I don't like using that word to describe Linode after being with them for years!)
05:24 -!- ryan| [~violator@37.235.49.168] has joined #linode
05:24 < ryan|> quite rude of you
05:24 < Ruchira_> hi ryan!:
05:24 -!- azizur [~rahmaa09@gatek.mh.bbc.co.uk] has joined #linode
05:24 -!- mode/#linode [+b *!*@37.235.49.*] by akerl
05:25 < ssthormess> anyone works for linode here?
05:25 -!- ryan| was kicked from #linode by akerl [ryan|]
05:25 < chesty> and the cover up begins
05:25 -!- Ruchira_ is now known as Ruchira
05:25 < kyhwana> ssthormess: just ask your question
05:25 < ssthormess> I need to know if Linode is able to help me recovering data from a crashed Amazon Ec2 Instance to a Linode Container
05:25 -!- Myon [~myon@myon.noc.oftc.net] has joined #linode
05:26 < kyhwana> ssthormess: uh nope, linode doesn't do data recover off other peoples services
05:26 < ssthormess> As Amazon haves "gimme a hundred bucks or nothing" support.
05:26 < ssthormess> Do you have any suggestion?
05:26 < ssthormess> I am down right now
05:26 < kyhwana> ssthormess: restore from backup?
05:26 < Ruchira> ssthormess: what do you mean by crashed?
05:27 < ssthormess> Look, I was using an Amazon AMI with Lighttpd.
05:27 -!- root__ [~h@vmx13318.hosting24.com.au] has joined #linode
05:27 -!- root__ is now known as ryan||
05:27 < chesty> http://seclists.org/nmap-dev/2013/q2/3
05:27 < ryan||> Quite rude out of you
05:27 < ryan||> To ban me like that
05:27 < ssthormess> So I said well I am going to create a new ec2 instance and attach the old "ebs container".
05:28 < Ruchira> and
05:28 < ssthormess> But, I can't, because they don't allow me to associate it as a secondary drive due to licensing restrictions.
05:28 < ssthormess> https://forums.aws.amazon.com/thread.jspa?threadID=122072&tstart=0
05:28 < kyhwana> ssthormess: so restore from your backups to a linode?
05:28 < ryan||> akerl: Mind sharing what motivated your bans on me?
05:28 < Daevien> in before no abckup
05:28 < ryan||> Did I offend you by sharing the truth?
05:28 < ssthormess> Yes, restore my data to a Linode.
05:29 < ssthormess> Partial backups but not "everything" is backed up.
05:29 < ryan||> Hey, you didn't go by our deal. What did you expect?
05:29 -!- hipsterslapfight [~hipstersl@88-104-205-137.dynamic.dsl.as9105.com] has joined #linode
05:29 < ssthormess> ryanll stop trolling people man.
05:29 < kyhwana> ssthormess: welp.
05:29 < ryan||> ssthormess: I'm just sharing the truth sir
05:30 < ssthormess> ok, whatever.
05:30 < ryan||> I had a nice deal with linode staff that they don't share the fact htat they got owned with anyone and we won't release info on their hack
05:30 < Ruchira> ssthormess: thats such a weird crash log
05:30 < ryan||> (including customer credit cards)
05:30 < ryan||> which will now be released
05:30 < AlexC_> ryan||: This is best sorted between you and Linode, if you could just let this channel get on to normalilty and support users that'd be great
05:30 < ssthormess> lol
05:30 < mikegrb> lulz
05:31 < ryan||> AlexC_: oh, but it's users data at stake here
05:31 < ssthormess> ryanll I believe that in America there is a banking standard calling "fraud is not your responsability" so I don't care sincerely.
05:31 < chesty> i'm interested in what ryan|| has to say
05:31 < scottymeuk> ryan||: if your going to release it, then why are you here? Nothing we can do to stop you.
05:31 < ssthormess> I got many owned cc's and I just call my bank and pop! money back.
05:31 < ryan||> scottymeuk: why can't I stop by and talk
05:31 < ryan||> Is that illegal?
05:31 < kyhwana> i'm interested in the addresses of more of the owned boxes he has
05:32 < ssthormess> Ruchira: I was thinking I was the only one, as I just googled everything I know about linux, etc.
05:32 < ryan||> ssthormess: you don't care about the fact that it took linode staff about two weeks to tell their customers about the breach?
05:33 -!- stafamus [~stafamus@host-2-102-172-224.as13285.net] has quit [Ping timeout: 480 seconds]
05:33 < ssthormess> ryanll: no. I work with Citibank Chase and Bank of America and all three have zero customer liability.
05:33 -!- akerl [~akerl@akerl.scrtybybscrty.org] has quit [Ping timeout: 480 seconds]
05:33 < Ruchira> ryan||: give us the link to cold fusion vulnerability that you are talking about
05:34 < ssthormess> Also here over Venezuela is the same. I believe is a global
05:34 < ssthormess> trend*
05:34 < ryan||> Ruchira: 0day
05:34 < ryan||> linode staff apparently failed to deduce it themselves and relied on chmodding CFIDE to 000
05:35 -!- akerl [~akerl@akerl.scrtybybscrty.org] has joined #linode
05:35 < linbot> oh man!
05:36 < ssthormess> i'm leaving
05:36 < ssthormess> ryanll: good luck with your CC's
05:36 < ryan||> (It's surprising that anyone is still running coldfusion, that's like connection a windows 98 box to the internet without a firewall)
05:36 < ryan||> ssthormess: did you reset your instance api keys?
05:36 < ryan||> lish keys too?
05:36 < ssthormess> ryanll: how I do that?
05:37 < ryan||> Do you care about your data integrity?
05:37 < ryan||> would you mind if your linode was hacked?
05:37 < kyhwana> ohnoes, you have a public key!
05:37 < ryan||> kyhwana: lish passwords were stored in plain text
05:38 < ryan||> Last time I checked you couldn't disable password authnetication
05:38 < ryan||> and linode staff didn't properly secure the screen setup lish uses so it allowed breaking out of lish to the host environment
05:38 < ryan||> so someone using the same node as you being compromised would be enough for your server to be compromised
05:38 < kyhwana> and who leaves a login into their box logged in on lish eh?
05:38 < ryan||> Does it matter when you can break out to the host environment?
05:39 -!- jaybe [~Username@98.156.104.48] has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]
05:39 < ryan||> And unless you changed your api key, someone can just change your boot configs to init=/bin/bash
05:39 -!- andybooth [~boothy@188.84.6.177] has joined #linode
05:40 < gerryvdm_mbp> lish passwords were saved in plaintext?
05:40 < ryan||> Yep
05:40 < ryan||> so were the api keys (which could at least have been hashed)
05:41 -!- d-b [~db@d1b.org] has joined #linode
05:42 < ryan||> credit cards were encrypted, sadly both the private and public keys were stored on the webserver so that provides 0 additional security
05:42 < AlexC_> If this is true, which I'm guessing it is, it's like finding out a good friend of many years has betrayed you :P I deeply hope that Linode provide full transparency on this
05:42 < gerryvdm_mbp> are they hashed now?
05:42 < ryan||> AlexC_: did they provide any transparency on the previous hacks?
05:42 < ryan||> gerryvdm_mbp: probably not
05:43 -!- kleinishere [~kleinishe@s229-199.resnet.ucla.edu] has joined #linode
05:43 < AlexC_> ryan||: Not entirely, which was just wonderful
05:43 < ryan||> I don't know, but seeing how long it took for linode staff to detect us. I doubt it
05:43 < gerryvdm_mbp> i can understand php script kiddies storing passwords as plaintext, but a hoster.... that would be quite shocking
05:43 < AlexC_> But if they don't give details this time, they are going to have to do something incredilble to keep me as a customer
05:43 < ryan||> Well linode also had terribly configured coldfusion
05:43 < Ruchira> ryan||: I dont think linode would ever store lish passwords on plain text.
05:44 < ryan||> (adobe manuals tell you to not allow public access to /CFIDE/, which linode did)
05:44 < ryan||> Ruchira: oh but they did
05:44 < gerryvdm_mbp> ryan|| how do you know this?
05:44 < scottymeuk> gerryvdm_mbp: im pretty sure its one of the first things even script kiddles learn :P
05:44 < ryan||> Because I'm one of the people who hacked it?
05:44 < Ruchira> ryan||: proof?
05:45 < gerryvdm_mbp> you cant be a professional and not knowing how even hashing with salts is such a bad idea, but plaintext... that would be several levels of incompetence
05:45 < ryan||> The zine is scheluded to be released on the first of may which will contain the full database
05:45 < ryan||> Ruchira: I can get you the source code of the script that stores lish passwords
05:45 < ryan||> sec
05:45 < d-b> ryan||: which zine?
05:45 < ryan||> let me find it, coldfusion is horrible to read
05:45 < ryan||> d-b: htp5
05:47 < Ruchira> ryan||: first of the may? why?
05:47 < ryan||> Ruchira: due to other content
05:48 -!- ryan|| [~h@vmx13318.hosting24.com.au] has quit [autokilled: This host violated network policy. Mail support@oftc.net if you think this in error. (2013-04-15 09:48:28)]
05:48 < chesty> how has he violated network policy?
05:48 < shmoon> even i am wondering
05:49 < kyhwana> hacked box, obviously
05:49 < scottymeuk> Because they want to try and hide it?
05:49 < AlexC_> Not cool Linode, not cool
05:49 < shmoon> man even i am afraid now :S
05:49 -!- ryann [~25eb31a8@chat.linode.com] has joined #linode
05:49 < Ruchira> wow :D
05:49 < ryann> Why are people so rude nowadays
05:49 < ryann> glining me like that and stuff
05:49 < ryann> Well akilling, little difference
05:50 < chesty> someone doesn't want the truth to be known
05:50 < ryann> Generally having to ban users is a clear sign of incompetence by the staff
05:50 < AlexC_> Yep, which is *very* bad of Linode
05:51 < AlexC_> I understand they may not want someone to disclose details like this, but the details *need* to come out. If Linode don't do it them selves, then they are fools
05:51 < ryann> If linode had any way of proving that I'm not telling the truth they wouldn't be banning me
05:51 < ryann> they'd be calling me out
05:51 < chesty> ryann: so my linode has FDE, do you need to reboot in order to break in?
05:51 < Ruchira> all the staff should be eyeing on this chat right now lol
05:51 < mikegrb> lulz
05:51 < ryann> chesty, not necessary
05:52 < AlexC_> Ruchira: I assume due to the lack of their presence, they are all huddled around a table discussing this
05:52 < ryann> FDE will make it significantly harder, but you can still access the memory while it's running
05:52 < rww> except for mikegrb, who is dilligently sitting here typing "lulz" every so often
05:52 < rww> (yes, I know)
05:52 < Ruchira> rofl
05:52 < mikegrb> ruflz
05:53 < chesty> ah well, i made it harder, so I'm happy
05:53 < ryann> btw
05:53 < ryann> $dbhost = 'newnova.theshore.net';
05:53 < ryann> $dbname = 'linode_forums';
05:53 < ryann> $dbuser = 'linode';
05:53 < ryann> $dbpasswd = 'cfr41qa';
05:54 -!- theblazehen [~c4d2be9b@chat.linode.com] has joined #linode
05:54 < theblazehen> hi. Any chance for a trial?
05:54 < chesty> theblazehen: yes, see linode.com
05:55 < Ruchira> theblazehen: linode.com
05:55 -!- kleinishere [~kleinishe@s229-199.resnet.ucla.edu] has quit [Ping timeout: 480 seconds]
05:55 -!- eren [~eren@194.27.149.32] has joined #linode
05:55 < theblazehen> thanks. The sign up for free account button?
05:55 < Ruchira> yes
05:56 < theblazehen> thank you
05:56 < ryann> gdi can't linode just use some normal language
05:56 < ryann> Their current source is horrible to read trough
05:56 < Ruchira> ryann: the shore was abandoned long time ago. Im wondering why would they use that host name for a db host
05:57 < ryann> Ruchira, the forum is pretty old too
05:57 < ryann> phpbb2
05:57 < ryann>
05:57 < ryann> this code
05:57 < ryann> It's so dirty I feel bad reading it
05:58 < theblazehen> Wow. I see you have an arch linux image. Any chance you will accept bitcoin?
05:58 < kyhwana> theblazehen: lol no
05:58 < mikegrb> lulz
05:58 < theblazehen> Why not?
05:58 -!- bob2 [rob@0000f84f.user.oftc.net] has joined #linode
05:58 < Ruchira> instability
05:58 < ryann> Maybe because it's not real money?
05:58 < AlexC_> ryann: People have been bugging them to upgrade the forums for a long time
05:58 < chesty> they don't want anonymous customers
05:59 < Ruchira> why would anyone spend bitcoins right now?
05:59 < theblazehen> you can use bitpay to convert it to USD as the order is accepted
05:59 < theblazehen> Ruchira: because I have some
05:59 < ryann> I like how linode does stuff like this
05:59 < ryann> manager/controllers/Signup.cfc: var lsd = query("getLinodeSignupData", "SELECT FieldName, Fieldvalue FROM ln_LinodeSignupData WHERE LinodeSignupID = #ls.LinodeSignupID#").recordSet;
05:59 < ryann> var lsd
05:59 < Ruchira> theblazehen: save it for the future man :P
05:59 < scottymeuk> theblazehen: just pay with real money :P
05:59 < chesty> yes, and who are you? what is your name, what is your address?
05:59 < chesty> theblazehen: ^
06:00 < AlexC_> ryann: So, are you saying CC details have also been compromised?
06:00 < ryann> Yep
06:00 < theblazehen> Jeandre Henderson, south africa
06:00 < AlexC_> ryann: And you plan on releasing these?
06:00 < ryann> They did try to encrypt them, but using public key encryption doesn't work if you have the public and private key in the same directory
06:00 < AlexC_> Oh linode
06:00 < shmoon> please dont get me wrong, can you hack someone's box here? so that its compeltely proved or something, i need to ge tback to work too. dont hack mine.
06:00 < ryann> AlexC_, probably. Linode didn't hold on to their part of the deal
06:01 < AlexC_> ryann: Sure, but there is no reason to compromise so many people
06:01 < Ruchira> ryann: money deal?
06:01 < ryann> Ruchira, "We won't share if you don't share"
06:02 < ryann> But they contacted law enforcement, we were monitoring their communications and caught onto that though
06:02 < Ruchira> so whats the point of hacking linode then?
06:02 < ryann> Access to a couple of clients
06:02 < ryann> nmap was just funny
06:02 < Ruchira> bitcoin?
06:02 < ryann> If I wanted bitcoins, I'd have went after softlayer and got mtgox
06:02 < ryann> But money's boring
06:03 < scottymeuk> Money is boring, i agree.
06:03 < gerryvdm_mbp> bitcoin is money?
06:03 < ryann> Well, it's not
06:03 < scottymeuk> gerryvdm_mbp: naa
06:04 < ryann> But what would you do with it besides exchange it to money?
06:04 < scottymeuk> ryann: try to buy a linode on IRC
06:04 < gerryvdm_mbp> store it :)
06:04 -!- ryann [~25eb31a8@chat.linode.com] has quit [Quit: CGI:IRC]
06:05 -!- ryannn [~25eb31a8@chat.linode.com] has joined #linode
06:05 -!- brennannovak [~brennanno@67-5-163-45.ptld.qwest.net] has joined #linode
06:05 < ryannn> Bitcoins are quite useless, and besides storing bitcoins after stealing everything from mtgox would be pointless
06:05 < Ruchira> ryannn: for what kind of "content" that you are waiting for?
06:05 < ryannn> as bitcoin prices would permanently crash as the last bits of trust are gone
06:06 < ryannn> Ruchira, other targets
06:06 < Ruchira> to release it on may 1
06:06 < gerryvdm_mbp> only use i can think of it is exchanging pure services :)
06:06 < gerryvdm_mbp> but then again its an unnecessary layer
06:06 < scottymeuk> gerryvdm_mbp: if it ever got mainstream, governments would find a way to control it anyway, so its pointless
06:07 < gerryvdm_mbp> its a scheme, it cant get mainstream
06:07 < ryannn> Bitcoins are mostly a lie anyways
06:07 < scottymeuk> Regardless, if it got 'big', they would find a way
06:07 < ryannn> They say there's no 'central weak point'
06:07 < ryannn> Yeah there is, there's the developers
06:08 < ryannn> There's been bugs in the client that have allowed the blockchain to split previously
06:08 < ryannn> One could just backdoor the bitcoin client binaries, not the source.
06:08 < ryannn> Nobody would figure it out until it's too late
06:10 -!- eren [~eren@194.27.149.32] has quit [Quit: WeeChat 0.3.7]
06:10 < scottymeuk> Id rather a bank control my money, so that if it all goes fucked up, there is atleast someone to blame.
06:11 -!- ssthormess [~c9f90a58@chat.linode.com] has quit [Quit: CGI:IRC (Ping timeout)]
06:13 -!- arnaslu [~arnaslu@ip-195-14-189-162.bnk.lt] has quit [Ping timeout: 480 seconds]
06:13 -!- brennannovak [~brennanno@67-5-163-45.ptld.qwest.net] has quit [Ping timeout: 480 seconds]
06:13 -!- Conjuro__ [~Conjuro@cm-84.209.198.228.getinternet.no] has joined #linode
06:14 -!- gkmngrgn [~gokmen@95.6.97.92] has joined #linode
06:15 < gkmngrgn> hello, i forgot my password and linode's email reminder service doesn't work. i checked spam box but there's no email from linode.
06:15 < shmoon> ryannn: can you give him the password?
06:15 < scottymeuk> shmoon: damn you, you beat me to it!
06:15 -!- Juok [~598b2cf2@chat.linode.com] has joined #linode
06:16 < Juok> Hi, I'm new
06:16 < scottymeuk> Hello new
06:16 < Juok> *here
06:16 < Juok> I'm trying to install wordpress with nginx server
06:17 < Juok> I created a sub domain - blog.mydomain.com
06:17 < Juok> and get an error
06:17 < Juok> Error establishing a database connection
06:18 < Juok> some1 can guide me how to solve it
06:18 -!- theblazehen [~c4d2be9b@chat.linode.com] has quit [Quit: CGI:IRC (Ping timeout)]
06:18 < scottymeuk> what hostname have you put for the database?
06:19 < Juok> the same
06:19 < scottymeuk> put 127.0.0.1
06:19 < shmoon> use `localhost`
06:20 < scottymeuk> and if that doesnt work, then your username/password are not correct
06:20 < Juok> where? in the wordpress configuration?
06:20 < scottymeuk> Yeah
06:20 < scottymeuk> wp-config.php in root
06:20 -!- Conjuro_ [~Conjuro@98.158.117.204] has quit [Ping timeout: 480 seconds]
06:21 < Juok> i have localhost
06:21 < scottymeuk> ok, then the username/password is not correct.
06:21 < shmoon> so did we reach any conclusion about linode being hacked by sir?
06:21 < scottymeuk> shmoon: i think its genuine
06:21 < shmoon> really i spend hours having my face stuck on this session :(
06:21 < scottymeuk> :P
06:22 < shmoon> ye i feel the same, but then topic changes to bitcoin and everyone goes quiet. OPs dont respond, when they usually help anyone anytime
06:22 < scottymeuk> the fact that they are just kicking him, suggests its true to me
06:22 -!- gkmngrgn [~gokmen@95.6.97.92] has left #linode [Leaving]
06:22 < scottymeuk> They would tell him to STFU if it was not true .
06:23 < shmoon> true, still i love the people here, very helpful :D
06:23 < scottymeuk> To be fair, a lot of hosts get hacked, but they have handled this badly.
06:23 < ryannn> shmoon, sorry I only have the sources on my server
06:23 < ryannn> db is on my desktop
06:24 < scottymeuk> ryannn: so your not in this to do large scale damage, only after a few clients?
06:31 < linbot> New news from forum: Best Distro, DB & Language for Large Data Volume? in Web Servers and Web App Development
06:33 < Juok> 10x
06:33 -!- Juok [~598b2cf2@chat.linode.com] has quit [Quit: CGI:IRC]
06:34 < chesty> coldfusion
06:36 < Solver> LENR
06:36 -!- rww [~rww@0001b2aa.user.oftc.net] has quit [Quit: leaving]
06:36 < linbot> New news from forum: Best Distro, DB & Language for Large Data Volume? in Web Servers and Web App Development
06:36 < scottymeuk> chesty: i agree. Its really secure.
06:37 -!- kleinishere [~kleinishe@s229-199.resnet.ucla.edu] has joined #linode
06:44 -!- steveg [~steveg@pool-108-52-148-43.phlapa.fios.verizon.net] has joined #linode
06:49 -!- kleinishere [~kleinishe@s229-199.resnet.ucla.edu] has quit [Ping timeout: 480 seconds]
06:50 -!- StevenK [~stevenk@mangled.wedontsleep.org] has joined #linode
06:50 < chesty> i thought you said you left StevenK ?
06:55 -!- workbeanEC2 [~androirc@49.124.176.184] has joined #linode
06:56 -!- StevenK [~stevenk@mangled.wedontsleep.org] has left #linode [inviting me to prove me wrong does not do so]
06:58 -!- Hawke [~Thunderbi@122-61-207-251.jetstream.xtra.co.nz] has quit [Quit: Hawke]
06:58 -!- A-KO [as@2601:a:f00:1f:50e6:eee9:ddc7:8fa4] has joined #linode
06:59 < workbeanEC2> Guys uwsgi vs gunicorn vs mod_python
07:00 < bob2> well, obviously don't use mod_python, since it's been abandoned for many years
07:00 < bob2> and doesn't run wsgi apps
07:01 < workbeanEC2> Sorry mod_wsgi
07:02 < bob2> whatever you find easier then
07:02 < bob2> probably wouldn't bother with uwsgi though
07:04 -!- drclawski [~84e59124@chat.linode.com] has quit [Quit: CGI:IRC]
07:07 < chesty> damn, I run uwsgi, what don't you like about it bob2 ?
07:10 -!- ircuser-1 [~ircuser-1@35.222-62-69.ftth.swbr.surewest.net] has quit [Ping timeout: 480 seconds]
07:14 -!- workbeanEC2 [~androirc@49.124.176.184] has quit [Remote host closed the connection]
07:21 * AlexC_ pokes Linode to provide full details on the breach
07:22 -!- lduros [~user@c-68-55-8-149.hsd1.md.comcast.net] has joined #linode
07:23 < k00pa> yeah some details would be nice..
07:25 < AlexC_> Some? No. The key word there was *full*
07:27 -!- R12 [~017d7fea@chat.linode.com] has joined #linode
07:27 < k00pa> yeah full details would be better
07:27 < Alan> also support for twofactor would be nice ¬_¬
07:27 < AlexC_> Alan: Yep, absolutely must
07:27 < k00pa> well the ip limitting adds some factors
07:27 < AlexC_> And inform users of an email provider change so we don't all think the email is bloody spam
07:28 < Alan> my linode is so idle :(
07:28 < Alan> 1GB Used, 2065GB Remaining
07:28 < gerryvdm_mbp> https://twitter.com/_chesty/status/323751860378951682 really they took down the irc log?
07:28 < chesty> gerryvdm_mbp: what?
07:28 < gerryvdm_mbp> ah now it works again
07:28 < gerryvdm_mbp> got an error before
07:29 < chesty> the second link won't work yet
07:29 < gerryvdm_mbp> ah ok
07:30 < Alan> ugh, twitter and their obfuscation of URLs...
07:30 < Alan> they … them so you can't see the full thing, and they replace the target so you can't see the target when you hover
07:30 < k00pa> well that sounds fishy
07:30 < chesty> k00pa: the api has no ip limiting and you can't disable it, two factor
07:30 < chesty> two factor or ip limiting is useless
07:31 < AlexC_> chesty: =(
07:31 < chesty> in the current setup
07:31 < Alan> ... does the API expect username + password?
07:32 -!- R12 [~017d7fea@chat.linode.com] has quit [Quit: CGI:IRC (Ping timeout)]
07:32 < k00pa> yeaah wtf, I should have known this information from their announcement, not from irc
07:32 -!- arnaslu [~arnaslu@ip-195-14-189-162.bnk.lt] has joined #linode
07:32 < AlexC_> Yep
07:32 -!- kleinishere [~kleinishe@s229-199.resnet.ucla.edu] has joined #linode
07:32 < Alan> instead of using something like oauth, at which point you can do the two-factor before returning an oauth token?
07:32 < Alan> that's what anything using google services with oauth do...
07:33 -!- Ruchira [~ruchira@124.43.0.230] has quit [Ping timeout: 480 seconds]
07:33 < AlexC_> Alan: Linode uses an API key
07:33 -!- workbeanEC2 [~androirc@49.124.176.184] has joined #linode
07:33 < AlexC_> (which I suggest you regenerate)
07:35 < Alan> reading those logs... seems like the game was extortion anyway
07:35 < Alan> "don't share the info with anyone" = "let us exploit all this endlessly"
07:36 -!- jspiros [jspiros@hylia.us] has quit [Ping timeout: 480 seconds]
07:36 < workbeanEC2> Guys random poll, who were you using before Linode
07:36 < workbeanEC2> <---- slicehost
07:37 < HedgeMage> I don't recall, that was years ago.
07:37 < Kim> Nothing
07:38 -!- epiloque [~epiloque@00019c03.user.oftc.net] has quit [Ping timeout: 480 seconds]
07:38 < shmoon> digitalocean seems to be in a lot of news these days
07:39 < k00pa> Alan: yeah but if my data gets leaked I would like to know about it
07:39 < scottymeuk> shmoon: although they have ran out of IPv4 in Amsterdam :P
07:39 < k00pa> the message that was send was bit confusing about what was actually leaked and why the pw reset
07:40 < chesty> nothing has been leaked yet
07:40 -!- TeddyR [~TeddyR@2602:100:18cd:3939:ade1:3a47:db52:1a93] has joined #linode
07:41 < Alan> k00pa: yeah, they should have given more details, even though the urge to maintain credibility is strong
07:41 < gerryvdm_mbp> if my password was leaked plaintext, they need to disclose that imo
07:41 < Alan> but they also have a legal obligation to report data breaches
07:41 < gerryvdm_mbp> i'd need to change my pw in other places too
07:41 < bob2> you share passwords????
07:42 < bob2> that's entirely on you man
07:42 < HedgeMage> gerryvdm_mbp: recycling a pw that valuable is *insane*
07:42 < AlexC_> gerryvdm_mbp: Well that's just your own fault
07:42 < HedgeMage> gerryvdm_mbp: you deserve to get compromised
07:42 < Alan> and leaving that info floating around out there without telling any customers would have been a crappy thing to do
07:42 < gerryvdm_mbp> no i dont
07:42 < k00pa> Alan: credibility is gone if I cant trust them when leaks happen
07:42 < Kim> gerryvdm_mbp: I can't imagine them storing passwords cleartext
07:42 < HedgeMage> Does anyone here have any actual reason to believe Linode has been less than forthcoming?
07:42 < k00pa> well without the recet ram upgrade I would have considered switching hosts
07:42 < gerryvdm_mbp> Kim: i couldnt either
07:42 < AlexC_> k00pa: Linode wasn't that great at telling us what happened with the last security breach
07:43 < k00pa> yeh
07:43 < HedgeMage> I have seen no evidence that they've done anything wrong, and while I'd like more detail than I have, I don't see what good idle speculation can do.
07:43 < shmoon> k00pa: hehe i was thinking of moving 1 linode to digitalocean but then right day after they upgraded ram and i didnt :D
07:44 -!- kleinishere [~kleinishe@s229-199.resnet.ucla.edu] has quit [Ping timeout: 480 seconds]
07:44 < AlexC_> HedgeMage: It's more than idle speculation. Were you here a few hours ago? If not, read the channel logs
07:44 < k00pa> HedgeMage: well the point is I dont want to be sitting on the dark
07:44 < HedgeMage> AlexC_: I was idle...approximate time?
07:44 < k00pa> worst case scenario is that data gets leaked and stolen and nobody knows about it
07:45 < AlexC_> HedgeMage: https://twitter.com/_chesty/status/323751860378951682
07:45 < shmoon> HedgeMage: around 3H ago exactly
07:45 < k00pa> I understand that leaks happen and shit, but how you manage them is really important
07:46 -!- epiloque [~epiloque@00019c03.user.oftc.net] has joined #linode
07:46 -!- Entomo [~Entomo@pool-96-241-233-231.washdc.fios.verizon.net] has quit [Quit: Doing it the hard way is always easier.]
07:47 < TeddyR> thing is... they (linode) may not know if there WAS a leak... it may be that there were no other indications of where the breach happened with the client... and since one possible way out of MANY might have been a leaked manager/lish password weather it was leaked through linode or through the user... This way at least they are covering that scenario "out of an abundace of caution"... This is
07:47 < TeddyR> where the "if you cannot find the culprit or the source of the activity, suspect everything" security mentality comes in.
07:47 < CornishPasty> Is the linode manager really made in coldfusion?
07:47 < marcqualie> has anoyone tried opening a support ticket regarding the breach?
07:47 < TeddyR> I for one am glad that they at least let us know there was a remote possibility of an issue....
07:48 < AlexC_> CornishPasty: Yes, as is the rest of the Linode site
07:48 < CornishPasty> Oh. :(
07:48 < shmoon> :o
07:48 < shmoon> they need to switch to PHP asap
07:48 < k00pa> ugh
07:48 < k00pa> no
07:48 < CornishPasty> They should switch to perl, it's more up-to-date and secure than coldfusion
07:48 < AlexC_> TeddyR: That's all great. But we need details. Saying "we had a breach" is crap
07:49 < AlexC_> (and no that is not a verbatim quote)
07:51 -!- rpo [rpo@jolt.ircd.biz] has quit [Quit: leaving]
07:51 < avenj> it would be pretty nice to know some _actual fucking facts_ for a change, but my expectations are severely low
07:52 < shmoon> ok man just call the owner of linode
07:52 < avenj> he's here
07:52 < shmoon> yeah? nick ?
07:52 < avenj> caker
07:52 < shmoon> dear caker, we miss you
07:52 < AlexC_> avenj: Unfortunately my expectations of getting deatils out of this are also low
07:53 < CornishPasty> Hmm
07:53 -!- sandeep [~sandeep@117.198.113.37] has joined #linode
07:54 < avenj> frankly I've had to stop recommending linode to people, the lack of transparency is a Real Problem and I don't like later having to explain to people why I suggested a service with a Mushroom Policy
07:54 < avenj> I realize no one cares, obviously linode is profitable ... but I can't be the only one
07:55 < AlexC_> avenj: You're 100% right
07:55 * HedgeMage peeks back in having caught up on backscroll
07:57 < gerryvdm_mbp> i recommended linode up till now, if they store my password in plaintext i never will again :)
07:58 < AlexC_> gerryvdm_mbp: Yep, and I'll be switching. This is why they 100% need to provide full details on what happened
07:58 < HedgeMage> As TeddyR pointed out, there are many situations in which what got leaked is murky at best. I want/expect more info, but I am not yet at the end of my patience. I've done postmortems on this sort of thing before, and doing it right isn't a ten minute affair.
07:58 < HedgeMage> That said...
07:59 < HedgeMage> There's a point where my patience runs out, and there's a level of stupidity that would cause me to switch to another provider.
07:59 < gerryvdm_mbp> they know how they store the passwords
07:59 < avenj> quite frankly I have no reason to disbelieve the fellow in possession of staff password hashes who claims to also have CCs and *every reason* to believe linode staff will be directed to reveal no details
07:59 < TeddyR> which is the correct channel for discussing longview?
07:59 < gerryvdm_mbp> hashes or passwords?
07:59 < chesty> if you believe ryan, they also know the extent of the breach
07:59 < AlexC_> TeddyR: #linode-beta
08:00 -!- ojh [~smuxi@58-6-236-88.dyn.iinet.net.au] has quit [Ping timeout: 480 seconds]
08:00 < akerl> TeddyR: #linode-beta
08:00 < HedgeMage> avenj: 1) hashes 2) how do we know they are legit, trolls are many.
08:00 < akerl> Sorry :)
08:00 < avenj> HedgeMage: point (2) is what I just addressed
08:00 < TeddyR> oh ok.. just got kicked out of linode-longview, and linode-beta subject was the managed services....
08:00 < avenj> HedgeMage: I've been given lots of reasons to think linode will keep me in the dark and no real reason to think this fellow was motivated enough to bang out random hashes here
08:01 < avenj> since I have no clue if there's any actual security in-place here, I'm also left with an interesting dilemma: if CCs are compromised, I'd like to kill that card, but if security is as-suggested, entering a new card number seems unwise also
08:02 < avenj> Oh Well.
08:03 < chesty> if linode were storing cc numbers, they muct be pci dss compliant, otherwise they might be in trouble with their bank
08:03 < HedgeMage> avenj: If security on CC numbers is as-suggested, they are open to legal action.
08:03 < gerryvdm_mbp> if cc are compromised, surely the cc provider is contacted and they will cancel the compromised cards
08:04 < avenj> I guess I'll probably never know
08:05 < chesty> didn't linode already say they hadn't been compromised? and if ryan is right, that's a bald face lie
08:06 < avenj> unfortunately the closed-mouth policy leaves me to assume the worst
08:06 < chesty> "In addition, we have found no evidence that payment information of any customer was accessed."
08:06 -!- brennannovak [~brennanno@67-5-163-45.ptld.qwest.net] has joined #linode
08:07 < Kim> Hm. None of those hashes look like SHA256crypt
08:07 < HedgeMage> Sorry, I'm an adult, I don't believe random shit from IRC trolls.
08:07 < workbeanEC2> Okay
08:08 < chesty> HedgeMage: did you see the ls pastebin?
08:08 -!- ircuser-1 [~ircuser-1@35.222-62-69.ftth.swbr.surewest.net] has joined #linode
08:09 < avenj> HedgeMage: then someone from linode (and I'm sure someone's watching) needs to say "that's an IRC troll and here's the deal"
08:09 -!- rideh [~rideh@rrcs-97-78-213-114.se.biz.rr.com] has joined #linode
08:09 < workbeanEC2> Well we all have our concerns
08:09 < chesty> i doubt they could if they wanted to now the police and i guess laywers are involved
08:10 < HedgeMage> chesty: I did, and we all know what the output of `ls` looks like, and any part of that we could confirm could have been put in there for the same reason we can confirm it.
08:10 < HedgeMage> geeze, am I the only one here who's ever social-engineered somebody before?
08:11 < chesty> HedgeMage: did you try some of the weird files, like readme.txt etc?
08:12 -!- sracer11 [~sracer13@173.45.222.89] has joined #linode
08:12 < HedgeMage> avenj: Because with lawyers breathing down their necks, idiots on IRC speculating, and likely LEO involvement (*especially* if they got stuck dealing with FBI cybercrime, only a couple subsets of with have even a modicum of clue) what they want to do right now is say something off the cuff that causes someone to go apeshit before all the facts are in.
08:13 < HedgeMage> I'm not saying Linode did everything (or even anything) right, or wrong...I'm saying the jury is still out as far as I'm concerned.
08:14 -!- brennannovak [~brennanno@67-5-163-45.ptld.qwest.net] has quit [Ping timeout: 480 seconds]
08:14 < TeddyR> plus since they operate in California, the disclosure laws are pretty explicit of what they can or cannot divelge.. The existing announcement meets the California laws...
08:15 -!- A-KO [as@2601:a:f00:1f:50e6:eee9:ddc7:8fa4] has quit [Remote host closed the connection]
08:17 < Kim> ...
08:17 -!- workbeanEC2 [~androirc@49.124.176.184] has quit [Remote host closed the connection]
08:18 * TeddyR waiting anxiously for the fremont upgrade... :-)
08:19 < Kim> So much of that 'ls' output 404's O.o
08:19 < linbot> New news from forum: Can anyone recommend a easy CLI script to manage VHOSTS? in Linux Tips, Tricks, Tutorials
08:23 < EugeneKay> What's this about Linode and CCs?
08:23 < avenj> HedgeMage: that's what I said last go-around, and when no information was ever forthcoming down the road, I learned that customers will be under-informed seemingly as a matter of policy
08:23 < bob2> EugeneKay, scroll up then wildly speculate
08:24 < EugeneKay> Ah, I'll have to dig through logs. Client only loaded a coupla dozen lines
08:24 < avenj> HedgeMage: but OK, I hear you
08:26 -!- kleinishere [~kleinishe@s229-199.resnet.ucla.edu] has joined #linode
08:27 < Plinker> HedgeMage: Can you seriously believe anything is completely secure today?
08:27 < avenj> I don't think anyone said that
08:27 < HedgeMage> Plinker: I didn't believe anything was completely secure to begin with.
08:27 < bob2> Let's make wild assertions
08:27 -!- [1]phrozen [~phrozen@101.98.134.116] has joined #linode
08:27 < purrdeta> People need to just calm down.
08:28 < HedgeMage> purrdeta: Agreed.
08:28 < Plinker> That I agree with
08:28 * HedgeMage drinks some tea and considers writing a protocol for headslap-over-TCP/IP
08:28 < avenj> I'm calm, I assure you ... but if no one ever voices their dispeasure with the traditional 'culture of secrecy' approach, there is zero pressure to ever be more transparent
08:29 < purrdeta> :D
08:29 < HoopyCat> you know what really sucks about this whole thing?
08:29 < purrdeta> I work in customer service and sometimes I'm just like "dude. You aren't losing millions of dollars. Chill."
08:29 < purrdeta> Ok so I just wish I could say that
08:29 < HoopyCat> the light above my desk was fixed over the weekend
08:29 < HedgeMage> avenj: I'm all for pointing out what's been done wrong, I just want all the facts before I do so.
08:29 < avenj> HedgeMage: me too
08:30 < purrdeta> They moved us 3rd shifters into a place where we can't lower the lights. It is horrible :P
08:30 -!- jspiros [jspiros@hylia.us] has joined #linode
08:30 < purrdeta> Stuff goes wrong all the time so as long as they took steps to fix it, I won't be too upset. :)
08:30 < qmr> purrdeta: don't like the fluorescents?
08:30 < purrdeta> qmr: it is leh sad.
08:30 < HedgeMage> avenj: oh, and less shrill screaming from people with no info, because it's annoying
08:30 < purrdeta> We used to sit in a cave and it was great :P
08:30 < qmr> I hate them :<
08:30 < avenj> purrdeta: pellet-gun works for that
08:30 < HoopyCat> avenj: can't carry in this building
08:30 < purrdeta> I think we are going to build a tent over our section actually.
08:31 < avenj> HedgeMage: how do I get info? traditionally, linode has not been interested in divulging any. that's what's irritation.
08:31 < Plinker> Elastic bands work well! lol
08:31 < mikegrb> lulz
08:31 < avenj> HedgeMage: but feel free to keep getting those little digs in, it's bringing me around to your point of view
08:32 < avenj> irritating*
08:32 < purrdeta> heh
08:32 < purrdeta> I think our boss needs to get on the whole tent thing actually
08:34 -!- phrozen [~phrozen@101.98.134.116] has quit [Ping timeout: 480 seconds]
08:34 -!- [1]phrozen is now known as phrozen
08:35 < purrdeta> Also related to those flourescents, Flux is great
08:36 < qmr> I've heard that, I couldn't get into it myself
08:36 < purrdeta> I used to not like it but I've grown to like it more.
08:36 < HoopyCat> i use the linux clone of it, and indeed, it is great. the "why is your screen so... pink?!" question wrt my laptop does get amusing
08:36 < purrdeta> Unsure if it actually really affects anything
08:38 -!- Ruchira [~ruchira@124.43.1.126] has joined #linode
08:38 -!- squidly [~squidly@mail.codestorm.org] has joined #linode
08:38 < ponas> My eyes get fried when I turn Flux off, I consider myself addicted.
08:38 -!- kleinishere [~kleinishe@s229-199.resnet.ucla.edu] has quit [Ping timeout: 480 seconds]
08:39 < k00pa> flux is nice expect that it breaks the performance on games
08:39 < purrdeta> Interesting. I've been using it for about 2 weeks at work because of the whole night thing. I don't use it at home. I tried but it annoyed me since I was awake during the day anyway
08:43 < Ruchira> *yawn*
08:46 -!- fusoyaaaa [~fusoyaaaa@a.clients.kiwiirc.com] has quit [Quit: http://www.kiwiirc.com/ - A hand crafted IRC client]
08:47 -!- DarkAce-Z is now known as DarkAceZ
08:48 -!- sracer11 [~sracer13@173.45.222.89] has quit [Ping timeout: 480 seconds]
08:49 -!- Inspiral [~Inspiral@host-80-47-19-174.as13285.net] has joined #linode
08:49 < Inspiral> hey guys, can someone recommend a service or third party for server monitoring/management ?
08:50 < squidly> Inspiral: Depends on what you are looking for and what your host os is.
08:50 < squidly> pingdom is ok
08:51 < Inspiral> basically one of my clients vps suffered a dos attack and the server was refusing all requests until it was rebooted, he wants something to monitor and tell him if its up or not and then have it rectified asap - i would do this myself but i cannot guarantee availability
08:51 < Inspiral> so im looking to refer someone
08:51 -!- epiloque [~epiloque@00019c03.user.oftc.net] has quit [Ping timeout: 480 seconds]
08:53 -!- epiloque [~epiloque@00019c03.user.oftc.net] has joined #linode
08:54 < squidly> Inspiral: ubuntu? Windows someother distro?
08:54 < Inspiral> centos
08:55 < squidly> Ahh. There are several options. Pingdom will let you know if the server is down
08:55 < HoopyCat> Inspiral: if rebooting fixed it, it probably wasn't a DoS attack. i'll go out on a limb and say apache + php + default MaxClients setting
08:56 < HoopyCat> i second the pingdom recommendation
08:56 < Inspiral> ya think? there was loads of dns stuff in /var/log/messages around the time it stopped serving
08:56 < squidly> Inspiral: I have seen issues with broken webspiders.. and even broken clients
08:56 < squidly> I had a similar issue with one of my server last week
08:56 < Inspiral> named[19940]: client 108.59.9.97#25345: view e
08:57 < Inspiral> xternal: query (cache) 'isc.org/ANY/IN' denied
08:57 < Inspiral> this stuff spamming around 15 per second for an hour before it stopped serving
08:57 < Inspiral> there was nothing else in other logs that looked off
08:57 < HoopyCat> disk filled up? :-)
08:57 < Inspiral> 36GB available
08:58 < squidly> sounds like your DNS server decided to go sideways
08:58 < HoopyCat> does sound a lot like the good ol' DNS amplification attack tho
08:58 < squidly> HoopyCat: 15 a sec is not that hard on a dns server
08:59 < HoopyCat> squidly: exactly... you don't want to kill the amplifiers, you want to kill the target
08:59 < squidly> When my DNS servers hit that it's a break for them...
08:59 < Inspiral> so that shouldnt have caused it ?
08:59 < Inspiral> ive setup fail2ban for bind - that should be enough right ?
08:59 < squidly> It could have
09:00 < squidly> Inspiral: fail2ban will stop them at the IPTABLES layer, it will still hit the internal side
09:00 < squidly> There are several really good resources for securing DNS and BIND
09:00 < Inspiral> can you recommend something?
09:00 < squidly> Also what I do to save my VPS's DNS server is this.
09:01 < squidly> I use a hidden master
09:01 < HoopyCat> Inspiral: do you need to run a DNS server?
09:01 < Inspiral> probably not, but he has a number of sites on it setup to use the servers dns
09:01 < Inspiral> would have to change all those i guess - i dont have access to atm
09:01 < ZeiP> I use a hidden master too
09:02 < HoopyCat> Inspiral: so he has multiple nameservers on different machines? :-)
09:02 < squidly> Inspiral: then change that and move to a hidden master or hosted DNS setup
09:03 * HoopyCat twists knife
09:03 * squidly glares at HoopyCat ;)
09:03 < TeddyR> make sure that you limit recursive querys to the localhost and your client ip addresses...
09:03 < HoopyCat> Inspiral: in any case, i don't think the server was the *target* of the attack necessarily, but why it went down is still a mystery i suppose
09:04 < squidly> I've not seen a DNS server broke the server to the point where you had to reboot it. I've always been able to reset the DNS server somehow
09:05 < squidly> I would look at the overall configuration of the server and see if there is anything you can do to clean it up
09:05 < Inspiral> HoopyCat: what do ya mean? its a single nameserver on the machine with his domains pointing to it
09:05 < Inspiral> right, hidden master + limit recursions.
09:06 -!- Nikk [~Nikk@CPEbc140129db53-CMbc140129db50.cpe.net.cable.rogers.com] has quit [Ping timeout: 480 seconds]
09:07 -!- brennannovak [~brennanno@67-5-163-45.ptld.qwest.net] has joined #linode
09:07 < TeddyR> I had an issue with one of my servers a couple of weeks ago that had recusion still on (doh!), was getting close to 9k requests/second.looking up doc.gov and isc.org. not good for a 512...
09:07 < HoopyCat> Inspiral: is there a second nameserver somewhere else, slaved to that one, to ensure DNS keeps working when the master goes down? (this is a DNS operational requirement) (this is also mostly irrelevant to the task at hand)
09:08 -!- sracer11 [~sracer13@c-76-30-149-251.hsd1.tx.comcast.net] has joined #linode
09:08 < HoopyCat> TeddyR: not good for the target of the DoS attack either :-) thanks for fixing it. sincerely, the internet
09:08 < squidly> HoopyCat: Inspiral if it's on lindoe then use linodes DNS servers
09:10 < Inspiral> its with godaddy.... HoopyCat: no there is just this nameserver
09:12 < TeddyR> hoopycat: was caught fairly quickly... (though used up ~200gb of bandwidth)
09:12 < HoopyCat> Inspiral: http://tools.ietf.org/html/rfc2182
09:15 -!- jaybe [~Username@98.156.104.48] has joined #linode
09:15 < Inspiral> thanks for that HoopyCat i will brush up on DNS at some point relatively soon - If i actually get 10 minutes to myself
09:15 -!- brennannovak [~brennanno@67-5-163-45.ptld.qwest.net] has quit [Ping timeout: 480 seconds]
09:15 < Inspiral> i've stopped named and nothing everything seems to be working ok
09:15 < Inspiral> shall i just leave it stopped ?
09:15 -!- lakridserne [~lakridser@195.254.169.77] has quit [Remote host closed the connection]
09:16 < Inspiral> 'nothing' shouldnt be in the above
09:17 < HoopyCat> Inspiral: hrm. are you sure the zone(s) are pointing at *that* nameserver?
09:18 < Inspiral> apparently not, origin = ns.123-reg.co.uk
09:18 < HoopyCat> phew
09:19 < HoopyCat> Inspiral: disabling it would, in general, be more effective than fail2ban any day of the week :-)
09:19 < TeddyR> depending on the distro, there is a tool called dnstop that would help in determining what is happening... [can show the top query names and clients for dns]...
09:19 < Inspiral> yeh i'll just make sure the other domains are all singing the same song and then leave it disabled
09:20 < Plinker> Everywhere I look today I see something about being hacked http://techcrunch.com/2013/04/12/hackers-point-large-botnet-at-wordpress-sites-to-steal-admin-passwords-and-gain-server-access/
09:21 -!- kleinishere [~kleinishe@s229-199.resnet.ucla.edu] has joined #linode
09:21 -!- fortmacc [~kevin@c-68-81-3-146.hsd1.nj.comcast.net] has quit [Ping timeout: 480 seconds]
09:22 < HoopyCat> Plinker: soft targets are soft, film at 11. :-)
09:23 -!- tubaguy50035 [~tubaguy50@rrcs-24-123-106-250.central.biz.rr.com] has joined #linode
09:23 < Plinker> True HoopyCat
09:23 < HoopyCat> Plinker: very strong password is good idea. also, don't let your web applications write to places where the web server will execute things (i.e. if wordpress can update itself, you've lost the game)
09:24 < Plinker> I have several that need work
09:25 < Plinker> If I remember the passwords myself!
09:26 < Plinker> I agree
09:27 -!- usser [usser@irc.blinkenshell.org] has quit [Remote host closed the connection]
09:28 -!- smed7 [~smed@173-12-5-58-Philadelphia.hfc.comcastbusiness.net] has joined #linode
09:29 < Plinker> Has anyone heard if Yahoo has fixed its security issues?
09:29 < pronto> nope
09:32 < Plinker> That hack was initially through Worrdpress site
09:32 -!- sandeep [~sandeep@117.198.113.37] has quit [Quit: sandeep]
09:32 < Plinker> That Yahoo used
09:33 -!- kleinishere [~kleinishe@s229-199.resnet.ucla.edu] has quit [Ping timeout: 480 seconds]
09:34 < Plinker> There was no indication in my account of this at all other than the IP address accessing my email account, this happened to be Malaysian
09:35 < ella> Plinker create a mental password algorithm that you can apply to an account. I use complex combiations of ip address, year of creation, server hostname, my username ... create a "result"
09:35 < ella> which is your key and then apply it to the server
09:36 < Plinker> Is there Thanks ella
09:37 < Plinker> mixed thought!
09:37 < ella> Quick question: to add all that bonus disk space I've not added in 3 years due to a really high uptime cause Linode never fails and is typically more secure than fort knox ... do I just go to Edit Disk Image and type in the "total" size value?
09:39 < qmr> Right. You need to shut down the Linode first
09:39 < qmr> HoopyCat: but convenience
09:39 < TeddyR> and of course... if you have backups enabled... take a snapshot first.... JIC..
09:41 -!- xinming_ [~xinming@125.82.193.206] has joined #linode
09:43 -!- xinming [~xinming@113.248.68.127] has quit [Ping timeout: 480 seconds]
09:45 < Plinker> ella: Do you use the same password for everything?
09:46 < Plinker> Or change part of the string for each place?
09:57 < Kami> So hypothetical question - (I have no plans to do this, just curious).. If I were to stop paying for my Linodes. How long until my data is permanently deleted / no longer recoverable?
09:58 < marius> If your cc expires, billing fails etc, linode graciously gives a 10 day redemption period in which to sovle the issue
09:58 < fullstop> Since I had a coupon, I decided to take digital ocean for a quick spin. This was their 55 second droplet creation: http://i.imgur.com/sNa9UwG.png
09:59 < XReaper> fullstop: lol
09:59 < mikegrb> lulz
09:59 < fullstop> maybe it was a fluke.
09:59 < EugeneKay> Kami - IIRC, 10 days to shutdown, another 10 days to deletion. caker gave info on the forums.
09:59 < HoopyCat> fullstop: that was a discount coupon, tho. if you paid full price, you'd get the promised performance :-)
09:59 < Kami> mhm okay - context wise we had a customer who we couldn't contact through mail/phone/oldschool mail and we disabled their services for a few months then deleted it after like 6 months. Now they contact us and find it unreasonable and want us to save their data for 5 years even without being able to contact them >.<
09:59 < Kami> thanks :)
10:00 < Ruchira> fullstop: even though we use a coupon we still need to verify the account by adding a card right?
10:00 < fullstop> HoopyCat: riiiight. ;-)
10:00 < Kami> was wondering how linode handles similar issues
10:00 < fullstop> Ruchira: Yes, I did.
10:00 < HoopyCat> Kami: i believe it is covered in the TOS
10:01 < fullstop> I'll be sticking with Linode, but I was considering running a small instance to run znc and keep it isolated from linode stuff.
10:01 < Ruchira> fullstop: what kind of disk io that you get?
10:01 < fullstop> Ruchira: I have not taken the time to test, other than fetching updates.
10:01 < Ruchira> fullstop: serverbear :)
10:01 < marius> Kami, depending on what country you are in, three may be laws that demand yo usave it for that long xD
10:02 < marius> like the stupid DLD in Norway these days, which requires all providers store data for 3 years
10:02 < marius> (and unless the specifications were changed, it all had to be accessible in plaintext)
10:02 < XReaper> :o
10:02 < XReaper> oh right
10:02 < XReaper> EU is... yeah
10:03 < Kami> Netherlands it is
10:03 < marius> The best part is who gets access t oit
10:03 -!- mib_j3w0dq [d4af59a2@ircip2.mibbit.com] has joined #linode
10:03 < marius> law enforcement without a warrant, and a special political department who can access it at will
10:04 < marius> the requirements? (He might have had contact with someone we suspect might have had criminal intentions some time in his life"
10:04 < mib_j3w0dq> http://listoffreebitcoinwebsites.blogspot.com/
10:05 < mib_j3w0dq> http://listoffreebitcoinwebsites.blogspot.com/
10:05 < mib_j3w0dq> http://listoffreebitcoinwebsites.blogspot.com/
10:05 < mib_j3w0dq> http://listoffreebitcoinwebsites.blogspot.com/
10:05 < mib_j3w0dq> http://listoffreebitcoinwebsites.blogspot.com/
10:05 -!- mode/#linode [+q *!*@ircip2.mibbit.com] by FloodServ
10:05 < Kami> spaaam
10:05 -!- mib_j3w0dq [d4af59a2@ircip2.mibbit.com] has left #linode []
10:05 < marius> lolbitcoins
10:05 < HoopyCat> i prefer to get my free bitcoins from https://manager.linode.com/
10:05 < fullstop> That fullstop_ character is connected to digitalocean right now.
10:05 < HoopyCat> HEEEEYYYYYYYYYYOOOOOOOOOOOOO
10:05 < marius> OH NO HE DI'INT!
10:07 -!- brennannovak [~brennanno@67-5-163-45.ptld.qwest.net] has joined #linode
10:11 -!- jspiros [jspiros@hylia.us] has quit [Quit: rebooting]
10:13 < scottymeuk> fullstop: ive had droplet creations of less than 40 seconds before. But they seem to be getting slower and slower
10:14 < fullstop> scottymeuk: I've only made the one, and I'll likely shut it down for good soon.
10:15 -!- adnc [~akif@p20030056CD176801021CBFFFFEBDCA2C.dip.t-dialin.net] has joined #linode
10:15 < scottymeuk> fullstop: yeah :P i cannot complain for $5/month though
10:15 -!- kleinishere [~kleinishe@s229-199.resnet.ucla.edu] has joined #linode
10:15 -!- brennannovak [~brennanno@67-5-163-45.ptld.qwest.net] has quit [Ping timeout: 480 seconds]
10:16 < fullstop> Yes, and I had a $10 credit so I can go for a few months without paying.
10:17 < scottymeuk> fullstop: Yeah it is pretty good for that too.
10:20 -!- jspiros [jspiros@hylia.us] has joined #linode
10:20 -!- mattia [~63e83eb7@chat.linode.com] has joined #linode
10:22 < mattia> so I just upgraded my 512MB linode to 1GB and can no longer boot it, is anyone around that might have an idea?
10:22 -!- Ruchira [~ruchira@124.43.1.126] has quit [Ping timeout: 480 seconds]
10:22 < tubaguy50035> mattia: open a ticket
10:24 * Alan guesses mattia doesn't reboot often enough
10:24 < fullstop> To be fair, this isn't exactly windows.
10:24 < Alan> that's pretty much not the issue
10:24 < fullstop> Even so, I reboot on occasion just to get new kernels.
10:25 < Alan> unless you're meticulous you get out of sync on security patches
10:25 < Alan> (and even then you'll miss kernel ones)
10:25 < Alan> and also, if you never reboot, you never know that your machine will come back from an unexpected reboot
10:25 < tubaguy50035> Alan: there's an issue with xen or something on newer hosts that requires Linode intervention.
10:25 < Alan> tubaguy50035: eh, fair enough, mine went without issue...
10:25 < tubaguy50035> so did mine.
10:25 < Alan> maybe this is a problem if people are running custom kernels or something?
10:26 < fullstop> Someone else was here who couldn't boot with the stock kernel.
10:26 < tubaguy50035> yeah, I don't think it has anything to do with that
10:26 < tubaguy50035> it's been happening to several people
10:26 < fullstop> They all had their issues resolved by opening a ticket.
10:26 < trippeh> The 32bitness and xen memory region thing?
10:27 -!- niemeyer [~niemeyer@177.194.199.196] has joined #linode
10:27 -!- kleinishere [~kleinishe@s229-199.resnet.ucla.edu] has quit [Ping timeout: 480 seconds]
10:28 < mattia> thanks tubaguy50035. I opened a ticket.
10:28 -!- mattia [~63e83eb7@chat.linode.com] has quit [Quit: CGI:IRC]
10:29 < Alan> ok
10:29 < Alan> I'll keep my mouth shut then :P
10:31 < fullstop> Alan: completely off-topic, but my kids love this BBC video of talking animals. Your handle / mouth shut thing reminded me of it. http://www.youtube.com/watch?v=xaPepCVepCg
10:32 < Alan> Because I totally haven't had that before.
10:32 < Alan> ¬_¬
10:36 < fullstop> So people have actually done that to you?
10:37 < Alan> only a hundred or so times
10:37 < fullstop> In that case, I'm sorry.
10:37 < Alan> heh
10:38 -!- gerryvdm_mb [~gerryvdm@d5152D01C.static.telenet.be] has joined #linode