Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Frackin script kiddies!!



As you know, I've been running MythTV on my server for many years.  I
also had quite the backlog of stuff recorded to watch, to the point that
even with SD resolution (2GB/hr) my 1.5TB was often in danger of filling up.

I was away in Germany on a consulting gig for a while, and when I came
back I found that over 800 recordings had disappeared!  I know there's
an AutoExpire feature that deletes stuff when disk space runs low, but I
think it got a little overzealous.  It's not feasible for me to back up
the video files, so I don't even try.  They're gone for good.

Yesterday I went to watch something and ALL my recordings were going.
Not only that, but all of my schedules were gone, too, so it wasn't
recording anything new.

Long story short, the MythTV mailing list folks pointed out that
AutoExpire could not have done this, and it was more likely my MythWeb
interface was left unprotected, and some script kiddie had some fun
deleting it all.  And they were right.  After some update my .htaccess
file disappeared, and I never noticed I didn't need a password anymore.

I found two IP addresses owned by Deutsche Telekom that were hitting my
MythWeb interface,  I found an Abuse page on their WHOIS, but I dont
expect any satisfaction.

Damnit.  I do pretty well as a SysAdmin, given the amazing amount of
stuff running on my server, and that I'm really a Software Engineer and
not IT, but every now and then I get bit by a screwup.  To be fair, this
is the third time in about 15 years that I got attacked, and the last
two were very limited attacks.  Only the first time did my server get
truly pwned, and that was 15 years ago.  So I guess my track record is
better than the White House's.

The upsides:
- My backups worked perfectly.  I have daily snapshots of my databases,
file listings, etc. that I used to restore my schedules (but not my
recordings).  I was also able to find and restore the htdigest file.

- I learned a lot, and very quickly, about the MythTV database schema

- I now have many hours of disk space.

- I know there's extremely low possibility of other damage or traps I
haven't found yet.  This wasn't a security flaw in the software I need
to get someone to fix, this was PEBCAK.






BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org