:: Re: [DNG] *** DEVUAN.ORG HAS BEEN P…
Forside
Slet denne besked
Besvar denne besked
Skribent: Arnt Karlsen
Dato:  
Til: dng
Emne: Re: [DNG] *** DEVUAN.ORG HAS BEEN PWNED *** , message -- UPDATE
On Mon, 1 Apr 2019 02:24:29 +0200, Arnt wrote in message
<20190401022429.732563d4@sda3>:

> On Mon, 1 Apr 2019 00:21:58 +0200, KatolaZ wrote in message
> <20190331222158.ec7ingiwci4x3v44@???>:
>
> > On Sun, Mar 31, 2019 at 09:12:39PM +0200, KatolaZ wrote:
> >
> > [cut]
> >
> > >
> > > Just an update on the current situation: it looks like the
> > > machines on which pkgmaster (the main package repository server)
> > > and amprolla are run are safe. They are on a separate piece of
> > > infrastructure and there have not been compromised.
> > >
> > > So packages from pkgmaster.devuan.org, packages.devuan,org, and
> > > deb.devuan.org should be safe anyway (and the repos are signed, so
> > > any inconsistency would be immediatedly flagged by apt).
> > >
> > > We are working to restore the other machines.
> > >
> >
> > Just to let you know that Devuan's caretakers got anonymous emails
> > from a group who identified themselves as "Green Hat Hackers". They
> > insisted on the last line of the pwned website. If you have any
> > clue, let us know.
> >
> > Updates will follow.
>
> ..http://devuanzuwu3xoqwp.onion/ is (still?) up now, you guys
> still have control over it & access to it?
>
> ..if you never lost control over it, we might get away with
> checksumming our mirrors, rather than rebuilding overything.
> Do we know when this "joke" started? Or planned?
>


..just done a quick md5sum -c down my devuan/devuan only
lan mirror, I don't have devuan/merged mirrored yet:
arnt@nb6:~$ cd /var/www/devuan/mirror/
arnt@nb6:/var/www/devuan/mirror$ md5sum -c ../var/MD5 >md5sum-c
arnt@nb6:/var/www/devuan/mirror$ grep -v OK md5sum-c

..no output means all lines ended ":OK", if that helps, checks:
arnt@nb6:/var/www/devuan/mirror$ less md5sum-c
arnt@nb6:/var/www/devuan/mirror$ ll ../var/MD5 md5sum-c
-rw-r--r-- 1 arnt arnt 1469035 Mar 31 04:00 ../var/MD5
-rw-r--r-- 1 arnt arnt 1119475 Apr 1 02:38 md5sum-c
arnt@nb6:/var/www/devuan/mirror$ md5sum ../var/MD5 md5sum-c
80e6b5f84d77837a953b8c0fc0a7d439 ../var/MD5
47c7978715d75472080a6edfa59f7f38 md5sum-c
arnt@nb6:/var/www/devuan/mirror$

..note that my last mirror update was done yesterday, Mar 31 04:00,
if this "joke" happened before that, my lan mirror too is tainted.

--
..med vennlig hilsen = with Kind Regards from Arnt Karlsen
...with a number of polar bear hunters in his ancestry...
Scenarios always come in sets of three:
best case, worst case, and just in case.