• TRWTF (unregistered)

    TRWTF: I actually enjoyed this story...

  • (cs)

    "scrubber" in the UK is a word which was popular in the 1970s and 1980s to mean what you Americans usually call a "ho". AKA: "slapper".

  • Warren (unregistered)

    Anyone try clicking "done" in paragraph 3, simply because it was underlined, even though there was no logical reason for such a word to link to anything and the links are blue on TDWTF as illustrated in paragraph 2?

    No? Me neither....

  • (cs)
    haha:
    frist
    I think your SSH connection will time out any moment now, unless your account name is Alex.
  • (cs) in reply to Warren
    Warren:
    Anyone try clicking "done" in paragraph 3, simply because it was underlined, even though there was no logical reason for such a word to link to anything and the links are blue on TDWTF as illustrated in paragraph 2?

    No? Me neither....

    sometimes there is a cornify link hidden in the text...

  • (cs) in reply to Warren
    Warren:
    Anyone try clicking "done" in paragraph 3, simply because it was underlined, even though there was no logical reason for such a word to link to anything and the links are blue on TDWTF as illustrated in paragraph 2?

    No? Me neither....

    I hovered over it, wondering whether.

  • Taco (unregistered) in reply to Warren
    Warren:
    Anyone try clicking "done" in paragraph 3, simply because it was underlined, even though there was no logical reason for such a word to link to anything and the links are blue on TDWTF as illustrated in paragraph 2?

    No? Me neither....

    I did, I regret it now, I wonder if I will recover fully....

  • faoileag (unregistered) in reply to ratchet freak
    ratchet freak:
    Warren:
    Anyone try clicking "done" in paragraph 3, simply because it was underlined, even though there was no logical reason for such a word to link to anything and the links are blue on TDWTF as illustrated in paragraph 2?

    No? Me neither....

    sometimes there is a cornify link hidden in the text...

    The exists a ceratin correlation between cornifying links and "Remy Porter" authorship.

    Of course, that might not mean any causation but could be caused by some mysterious "cornify_article.sh" left by a pair of network guys at one time employed by a comparison shopping site in West L.A....

  • faoileag (unregistered) in reply to Taco
    Taco:
    Warren:
    Anyone try clicking "done" in paragraph 3, simply because it was underlined, even though there was no logical reason for such a word to link to anything and the links are blue on TDWTF as illustrated in paragraph 2? No? Me neither....
    I did, I regret it now, I wonder if I will recover fully....
    And another victim of the world wide web: using the underline as means to emphasize one or more words!
  • AP² (unregistered)
    Wondering what the heck could be wrong with the server, Russell tried again, this time as root.

    TRWTF is having PermitRootLogin enabled.

  • lol (unregistered)

    not malice? Yet they had a script that deliberately kicked other users off the system.

    I would have wiped the entire server and rebuilt it - like a virus infestation, I'd never consider it safe unless it was totally disinfected.

    And I'd also install aide to keep an eye on what else they might do in the future... with a view to getting them sacked with extreme prejudice!

    PS. yes, I enjoyed this one too.

  • A Guy (unregistered) in reply to faoileag
    faoileag:
    Taco:
    Warren:
    Anyone try clicking "done" in paragraph 3, simply because it was underlined, even though there was no logical reason for such a word to link to anything and the links are blue on TDWTF as illustrated in paragraph 2? No? Me neither....
    I did, I regret it now, I wonder if I will recover fully....
    And another victim of the world wide web: using the underline as means to emphasize one or more words!

    Could be worse

  • (cs) in reply to A Guy
    A Guy:
    faoileag:
    Taco:
    Warren:
    Anyone try clicking "done" in paragraph 3, simply because it was underlined, even though there was no logical reason for such a word to link to anything and the links are blue on TDWTF as illustrated in paragraph 2? No? Me neither....
    I did, I regret it now, I wonder if I will recover fully....
    And another victim of the world wide web: using the underline as means to emphasize one or more words!

    Could be worse

    Man, that's just mean!

  • Mark (unregistered)

    Who the hell gave the root password to the (poorly) trained monkeys in the first place?

    For that matter, why do you still even have a root password? I haven't seen one of those in about a decade. Everyone should be logging in under their own ID for audit purposes, and su as needed. (Has Windows implemented^Wimitated this yet?)

    Though that would have made diagnosis more difficult in this case, it might have also confused the monkeys enough to prevent the issue altogether.

  • MonkeyCoder (unregistered) in reply to Warren

    Yeah, I did. I was hoping for Cornify... I was sadly disappointed.

  • Frank (unregistered) in reply to steenbergh
    steenbergh:
    A Guy:
    faoileag:
    Taco:
    Warren:
    Anyone try clicking "done" in paragraph 3, simply because it was underlined, even though there was no logical reason for such a word to link to anything and the links are blue on TDWTF as illustrated in paragraph 2? No? Me neither....
    I did, I regret it now, I wonder if I will recover fully....
    And another victim of the world wide web: using the underline as means to emphasize one or more words!

    Could be worse

    Man, that's just mean!
    If you configure your browser (that's still allowed, you know, for a few more months at least) to give links your own unique style on every site, no one can trick you any more by creating looks-like-a-link text. Nor can they conceal the things that are links but suppress link-look.

    But why would anyone do that?

    Seriously, why do some sites go to all the bother of creating links and then style them into oblivion? Or, similarly, obfuscate them behind a bunch of script nonsense so that they act like links (sometimes) but don't parse like links?

    Oh, yeah... monkeys. Got it.

  • (cs) in reply to Mark
    Mark:
    Has Windows implemented^Wimitated this yet?

    Sudo for Windows? I'm not sure if this is the one I've tried or not... I'm not using anything like this on Windows at the moment.

  • Bottom Problems (unregistered) in reply to Matt Westwood
    Matt Westwood:
    "scrubber" in the UK is a word which was popular in the 1970s and 1980s to mean what you Americans usually call a "ho". AKA: "slapper".

    Little tarts! They love it!

  • Dubstep (unregistered) in reply to Matt Westwood

    Had meself a good scrub by a scubber last eve

  • (cs) in reply to Bottom Problems
    Bottom Problems:
    Matt Westwood:
    "scrubber" in the UK is a word which was popular in the 1970s and 1980s to mean what you Americans usually call a "ho". AKA: "slapper".

    Little tarts! They love it!

    Oho, brilliant film! That cheered me up and no mistake.

  • (cs)

    Interesting story, but again, no WTF to be found.

  • (cs) in reply to Matt Westwood
    Matt Westwood:
    "scrubber" in the UK is a word which was popular in the 1970s and 1980s to mean what you Americans usually call a "ho". AKA: "slapper".

    In India scrubber is something we use to scour vessels. There are two kind of scrubber that are more commonly available. Plastic fibers! [image] Steel Wool! [image]

    Now American company called 3M is also selling some product that does job of scrubber. It is expensive compare to other product. [image]

  • (cs)

    Only meaning of slapper I know is http://dictionary.cambridge.org/dictionary/british/slapper

  • (cs) in reply to ratchet freak

    Use Tapermonkey (or similar) and an easily found/written script to show hidden content and highlight cornified links.

    Hint: There is hidden text in this story, but no corny links.

  • (cs)

    Does the name Puppet not make anybody else think of a bad low budget horror movie?

  • (cs) in reply to Warren
    Warren:
    Anyone try clicking "done" in paragraph 3, simply because it was underlined, even though there was no logical reason for such a word to link to anything and the links are blue on TDWTF as illustrated in paragraph 2?

    No? Me neither....

    If you regularly click random links posted on the internet without at least hovering over them to find out where they go, you're gonna have a bad time.
  • ¯\(°_o)/¯ I DUNNO LOL (unregistered) in reply to MonkeyCoder
    MonkeyCoder:
    Yeah, I did. I was hoping for Cornify... I was sadly disappointed.
    That's only in Remy articles.
  • ¯\(°_o)/¯ I DUNNO LOL (unregistered)
    THIS IS CRAIG AND CARL'S DEVLEPMENT SERVER
    NO GURLZ ALLOWED
  • Jay (unregistered) in reply to Nagesh
    Nagesh:
    Interesting story, but again, no WTF to be found.

    Actually, I believe there's a WTF in using a cron job (I assume) to kill SSH connections from 'unauthorised' users, rather than using sshd_config's AllowedUsers keyword.

    There's also the query of either why Russell was deploying to "Craig and Carl's devlepment server", or why Craig and Carl had attempted to appropriate an in-use server for apparently personal purposes.

  • Valued Service (unregistered) in reply to faoileag
    faoileag:
    Taco:
    Warren:
    Anyone try clicking "done" in paragraph 3, simply because it was underlined, even though there was no logical reason for such a word to link to anything and the links are blue on TDWTF as illustrated in paragraph 2? No? Me neither....
    I did, I regret it now, I wonder if I will recover fully....
    And another victim of the world wide web: using the underline as means to emphasize one or more words!

    Well, if they'd just change all their links to say click here then they wouldn't have any problems. Users will know what are links.

    I mean.... hyperlink be damd.

  • Valued Service (unregistered) in reply to Mark
    Mark:
    (Has Windows implemented^Wimitated this yet?)

    Right click and Run As Administrator.

    It will escalate and give you a warning box.

    Even better, you can set an app to always run as administrator. It doesn't do that silently; it asks for escalation every time it runs...

    Honestly I like it better, because that means you can't hide the escalation in a script.

  • Valued Service (unregistered) in reply to Jay
    Jay:
    Nagesh:
    Interesting story, but again, no WTF to be found.

    Actually, I believe there's a WTF in using a cron job (I assume) to kill SSH connections from 'unauthorised' users, rather than using sshd_config's AllowedUsers keyword.

    There's also the query of either why Russell was deploying to "Craig and Carl's devlepment server", or why Craig and Carl had attempted to appropriate an in-use server for apparently personal purposes.

    Turns out it was beastly for running a Unreal 3 tourney.

  • (cs)
    Through some miracle, Craig and Carl weren't fired
    I would imagine saying the script was put in place for "security reasons" would be enough to get the incompetence pass. They didn't cause asset loss or open a backdoor-- kicking off SSH users only qualifies as a nuisance.
  • C-Derb (unregistered) in reply to PedanticCurmudgeon
    PedanticCurmudgeon:
    If you regularly click random links posted on the internet without at least hovering over them to find out where they go, you're gonna have a bad time.
    Amen. This. +1.
  • Fanboi (unregistered) in reply to PedanticCurmudgeon
    PedanticCurmudgeon:
    If you regularly click random links posted on the internet without at least hovering over them to find out where they go, you're gonna have a bad time.
    Impossible! I use a Mac!
  • (cs) in reply to Nagesh
    Nagesh:
    Only meaning of slapper I know is http://dictionary.cambridge.org/dictionary/british/slapper

    There's also "slosher".

  • drobnox (unregistered) in reply to Matt Westwood
    Matt Westwood:
    "scrubber" in the UK is a word which was popular in the 1970s and 1980s to mean what you Americans usually call a "ho". AKA: "slapper".

    Withnail & I

  • Klimax (unregistered) in reply to Mark
    Mark:
    Who the hell gave the root password to the (poorly) trained monkeys in the first place?

    For that matter, why do you still even have a root password? I haven't seen one of those in about a decade. Everyone should be logging in under their own ID for audit purposes, and su as needed. (Has Windows implemented^Wimitated this yet?)

    Though that would have made diagnosis more difficult in this case, it might have also confused the monkeys enough to prevent the issue altogether.

    At minimum Windows 2000/XP if not NT. (Infrastructure was there) And not just elevation, but you can drop permissions too... (And don't forget Xenix)

  • sigh... (unregistered) in reply to Valued Service
    Valued Service:
    Mark:
    (Has Windows implemented^Wimitated this yet?)

    Right click and Run As Administrator.

    It will escalate and give you a warning box.

    Even better, you can set an app to always run as administrator. It doesn't do that silently; it asks for escalation every time it runs...

    Honestly I like it better, because that means you can't hide the escalation in a script.

    Unless you turn UAC off... (and there's 'runas' for the command line)

  • (cs)

    The two had been roommates in college and took a strange pride in telling Russell how they'd been too busy "hacking" (their word) to pass most of their classes.

    Really Dan? You put the word "hacking" in quotes, to signify that it was a quote, then felt the need to further inform us that someone was being quoted? Really?

  • chreng (unregistered)

    The TRWTF was Russell was not in craigslist

  • Jay (unregistered) in reply to Jay
    Jay:
    There's also the query of either why Russell was deploying to "Craig and Carl's devlepment server", or why Craig and Carl had attempted to appropriate an in-use server for apparently personal purposes.

    Yeah, it seems the story ended rather abruptly without giving any hint WHY they were doing this. Was this a lame attempt to keep out hackers? Or were they deliberately trying to keep other employees off this server? Why? Were they hiding something?

    This is like a new employee joining the company and promptly changing the lock on the door to the file room with no authorization, and keeping the only key for himself. Would the company really just say, "Oh, okay."? I would think SOMEONE would want to know what he was up to and why.

  • (cs)

    Hey! My name is Carl, you insensitive clod!

    (note to self: disallow root logins on the server I "hacked")

  • Anon (unregistered)

    Don't know 'bout the rest of you, I have visions of Craig and Carl waiting for the 'puppet-master' to leave the room, then spouting "Excellent!!!" and playing air guitar.

  • (cs) in reply to Warren
    Warren:
    ...no logical reason for such a word to link to anything...

    Flashbacks to Adequacy.org

  • Tux "Tuxedo" Penguin (unregistered) in reply to Mark
    Mark:
    (Has Windows implemented^Wimitated this yet?)

    Yeah, it's called UAC and it's awful.

  • (cs)

    I wonder why they didn't just set the following in /etc/ssh/sshd_config?

    AllowUsers = root craig carl


    At the very least, they should also have:

    PermitRootLogin without-password PasswordAuthentication no


    And much better would be

    PermitRootLogin no PasswordAuthentication no AllowUsers = craig carl eric76

    Of course, the AllowUsers would also include everyone else who might need to use ssh to access the host.

  • (cs)

    We installed a scrubber at the well to remove hydrogen sulfide from the natural gas used to heat the house.

  • HeeHaw (unregistered) in reply to eric76

    great. thanks, dude. you've impressed us all.

    eric76:
    I wonder why they didn't just set the following in /etc/ssh/sshd_config?

    AllowUsers = root craig carl


    At the very least, they should also have:

    PermitRootLogin without-password PasswordAuthentication no


    And much better would be

    PermitRootLogin no PasswordAuthentication no AllowUsers = craig carl eric76

    Of course, the AllowUsers would also include everyone else who might need to use ssh to access the host.

  • (cs) in reply to HeeHaw
    HeeHaw:
    great. thanks, dude. you've impressed us all.
    eric76:
    I wonder why they didn't just set the following in /etc/ssh/sshd_config?

    AllowUsers = root craig carl


    At the very least, they should also have:

    PermitRootLogin without-password PasswordAuthentication no


    And much better would be

    PermitRootLogin no PasswordAuthentication no AllowUsers = craig carl eric76

    Of course, the AllowUsers would also include everyone else who might need to use ssh to access the host.

    Top posters are easily impressed.

Leave a comment on “Fear the Puppetmaster”

Log In or post as a guest

Replying to comment #:

« Return to Article