dimator | head

It turns out that the error I was having earlier was a sympton of my being 0wned.

After a long day of snooping, I found:

• a user account that I did not make
• missing wtmp records
• weird processes running (’./xfsd’, ‘./90′)
• an IRC client compiled on the machine in a hidden directory somewhere, along with channel logs
• a cron script that seems to mail some information to a yahoo.com email address
• ssh logins from IP’s in Romania and the Philippines in auth.log (determined using geobytes)
• broken (trojaned?) binaries all over, with newer binaries that I was installing being modified as I watched

What a damn mess. I killed every process that wasn’t critical, and my idea of a fix was to apt-get upgrade the whole damn thing. Most of the packages were out of date, so I was hoping the newer versions would overwrite any compromised binaries.

The system still doesn’t feel normal. I get defunct processes all the time, weird hangs when running ps. There’s just too much shit on this system that I need and use daily to nuke it all and start over. It is just too customized, I’ve tweaked everything. (Not to mention the 123 day uptime.)

What’s the procedure for protecting myself now? Checking md5sum regularly? (debsums consistently returns mismatched md5sums, even though I verify by hand that they are correct. If debsums was a person, I would say that he has his head up his ass.) Some kind of port knocking scheme? Disallow all non-LAN connections altogether?

What is scary is that I would never have even realized I was intruded upon had the broken /bin/ls not tipped me off. I want to set something up such that I at least know I’ve been hacked before shit and fan meet.

You know you’re going to have a bad day when you log into your machine and you see this:

[~ ]$ ls
Segmentation fault

The essay Ajax: A New Approach to Web Applications seems quite popular lately, but I’m confused. How can you give a name to a technique already being used all over, and then claim “everyone loves Ajax!”?

“Google is making a huge investment in developing the Ajax approach.” Huh? If I had named this technique first, would I have gotten all the links?

Are these guys just trying to define some nomenclature, or do they really think they invented this stuff?

</random rant>

To anyone going to a computer-related expo or conference, do not put your real street address on the registration materials, or anything else you fill out there. I have gotten a metric ton of completely useless ads delivered to me.

I’m going to stage a huge bonfire in my front yard, while I dance around with nothing but face-paint on.

So the upgrade is complete. It was mostly painless. It did break my stylesheet, though. I think this is because of the new theme system WP is using: there is a theme subdirectory (somewhere) now that makes modifying/adding themes much easier now. This is ultimately good, because I remember how much of a pain it was to modify the style in old WP, by hacking or manually replacing the presentation-related files.

It also seems as though they fixed my small gripe about multi-line <code> posting.