[Systems] Alert: Possible compromise of lightwave server

Bernie Innocenti bernie at codewiz.org
Sat Oct 3 08:27:34 EDT 2015

Previous message: [Systems] Alert: Possible compromise of lightwave server
Next message: [Systems] Alert: Possible compromise of lightwave server
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I'm in Haiti and I can't type much, but there should be a wiki page about our bitcoin wallet.

It's no longer needed, but I left bitcoind running because serving blocks to peers helps the network. It is not mining, but it might use a lot of disk space.

On October 2, 2015 1:52:32 AM EDT, Sebastian Silva <sebastian at fuentelibre.org> wrote:
>Turns out I had no password on lightwave, I just wasn't a sudoer.
>Samuel (scg) and I logged in using virsh console and I gave myself full
>access.
>
>It appears like this bitcoin thing is not new, and there isn't an
>attempt to hide it.
>So scg and I agree it looks like a person with authorization set this
>up
>since 2013.
>
>I hope these resources are going into SL, but who would know about
>that,
>no idea.
>
>I've uninstalled both tor and bitcoind, but left the configutation
>files
>for both.
>I've recovered the wallet.dat file and removed it from the server.
>
>If this is your wallet, I have it, claim it.
>
>If this is official business we need to document it in the wiki.
>
>Regards,
>Sebastian
>
>
>
>
>On 01/10/15 23:51, Sebastian Silva wrote:
>> My password isn't working, and there is a bitcoin miner running!
>>
>> icarito at lightwave:~$ passwd
>> Changing password for icarito.
>> (current) UNIX password:
>> passwd: Authentication token manipulation error
>> passwd: password unchanged
>> 10!icarito at lightwave:~$ htop
>> The program 'htop' is currently not installed. To run 'htop' please
>ask
>> your administrator to install the package 'htop'
>> 127!icarito at lightwave:~$ top
>>
>> top - 00:49:41 up 49 min,  1 user,  load average: 3.15, 3.25, 3.14
>> Tasks:  82 total,   2 running,  80 sleeping,   0 stopped,   0 zombie
>> %Cpu(s): 50.7 us,  8.2 sy, 36.6 ni,  0.8 id,  3.3 wa,  0.0 hi,  0.3
>si, 
>> 0.0 st
>> KiB Mem:   1951108 total,  1804676 used,   146432 free,   165836
>buffers
>> KiB Swap:        0 total,        0 used,        0 free.  1048216
>cached Mem
>>
>>   PID USER      PR  NI    VIRT    RES    SHR S  %CPU %MEM     TIME+
>> COMMAND                                          
>>   990 bitcoin   20   0 1380144 373100   9512 S 190.9 19.1  80:38.22
>> bitcoind      
>>
>
>-- 
>I+D SomosAzucar.Org
>"icarito" #somosazucar en Freenode IRC
>"Nadie libera a nadie, nadie se libera solo. Los seres humanos se
>liberan en comunión" - P. Freire
>
>_______________________________________________
>Systems mailing list
>Systems at lists.sugarlabs.org
>http://lists.sugarlabs.org/listinfo/systems

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sugarlabs.org/private/systems/attachments/20151003/d186c535/attachment.html>

Previous message: [Systems] Alert: Possible compromise of lightwave server
Next message: [Systems] Alert: Possible compromise of lightwave server
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Systems mailing list