fsebugoutzone.org:9999

       Post APhAzC6aWGL8TGG1ZY by lukedashjr@bitcoinhackers.org
 (DIR) More posts by lukedashjr@bitcoinhackers.org
 (DIR) Post #APhAzC6aWGL8TGG1ZY by lukedashjr@bitcoinhackers.org
       2022-11-17T13:00:55Z
       
       2 likes, 4 repeats
       
       PSA: My server was accessed this morning by an unknown person. Full analysis in progress, but take extra care that you PGP-verified any downloads. #Bitcoin
       
 (DIR) Post #APhO0BvvwV91dE50QS by lukedashjr@bitcoinhackers.org
       2022-11-17T15:26:48Z
       
       0 likes, 0 repeats
       
       Confirmed presence of new malware/backdoors on the system, no evidence yet that it was used for anything, but be extra extra careful.
       
 (DIR) Post #APhTCF2MjDKcVHea48 by pox@bitcoinhackers.org
       2022-11-17T16:25:00Z
       
       0 likes, 0 repeats
       
       @lukedashjr /var/boating/accident $ du0.
       
 (DIR) Post #APhYxWoovypN27gYQC by lukedashjr@bitcoinhackers.org
       2022-11-17T17:29:35Z
       
       0 likes, 0 repeats
       
       Further investigation is suggesting this is not a bog standard trojan, but something created specifically for compromising my server.😓
       
 (DIR) Post #APhz4K3FOmUiGtKkYy by lukedashjr@bitcoinhackers.org
       2022-11-17T22:22:09Z
       
       0 likes, 0 repeats
       
       Completed first round of analysis.Evidence suggests the attacker installed 2-3 remote shell backdoors, but didn&#39;t touch anything else.Moving forward with an even more extreme check, but given what I&#39;ve seen so far, I don&#39;t expect it to turn up anything more.Purged the backdoors as soon as they were found of course.Identity of attacker is still uncertain, but making progress.(A confession to save me time might get him some mercy hint hint)
       
 (DIR) Post #APicqGTPtunlHrQSWm by midnightmagic@x0f.org
       2022-11-18T05:47:38Z
       
       0 likes, 0 repeats
       
       @lukedashjr Did you happen to work out what they exploited so I can shut mine off in the event I&#39;m running it too?
       
 (DIR) Post #APinEFSuIfJoeTGKUS by lukedashjr@bitcoinhackers.org
       2022-11-18T07:44:11Z
       
       0 likes, 0 repeats
       
       @midnightmagic Boot from external media
       
 (DIR) Post #APjTTGZkeMYOVwJ7Vw by midnightmagic@x0f.org
       2022-11-18T15:37:29Z
       
       0 likes, 0 repeats
       
       @lukedashjr Like, you booted from external media? So someone knew what you were going to do and supplied you with backdoored media? In other words, I&#39;m likely fine?
       
 (DIR) Post #APocflL9xqLWmXJc5w by lukedashjr@bitcoinhackers.org
       2022-11-21T03:14:10Z
       
       0 likes, 0 repeats
       
       @midnightmagic They inserted the external media and caused the reboot.
       
 (DIR) Post #APy9s80gVxyIOqi9hI by midnightmagic@x0f.org
       2022-11-25T17:38:31Z
       
       0 likes, 0 repeats
       
       @lukedashjr Thanks, Luke. Appreciate the update. &lt;3 Depending on what it was doing, your description of that once you&#39;re done is appreciated!
       
 (DIR) Post #AQxc7frtYujX70MBJA by Indus3@bitcoinhackers.org
       2022-12-25T09:12:30Z
       
       0 likes, 0 repeats
       
       @lukedashjr @midnightmagic so you rent a dedicated server and someone from that company violated the integrity of your rental server?
       
 (DIR) Post #AQxdOYzoSyDIfug4Bs by lukedashjr@bitcoinhackers.org
       2022-12-25T09:26:47Z
       
       0 likes, 0 repeats
       
       @Indus3 @midnightmagic I don&#39;t know who did still, but this is the second time
       
 (DIR) Post #AQxfGPB9HYhRorDWyG by Indus3@bitcoinhackers.org
       2022-12-25T09:47:42Z
       
       0 likes, 0 repeats
       
       @lukedashjr horrifying thought to an infrastructure guy like myself...Surely that company has some sort of a privacy policy to uphold, no?I would definitely drag my business away from them if I were in your position, though I would probably opt for self-hosted hardware at home and a rented reverse proxy in a hosted shielded VM...
       
 (DIR) Post #AR1To6JRVkRIKpEm8G by lukedashjr@bitcoinhackers.org
       2022-12-27T05:58:10Z
       
       0 likes, 0 repeats
       
       @Indus3 That limits its bandwidth to what I can handle at home.
       
 (DIR) Post #ARD2SKKcLLNkwF7jii by troed@ioc.exchange
       2023-01-01T19:48:13Z
       
       0 likes, 0 repeats
       
       @lukedashjr According to your twitter just now this hack likely ended up with your PGP keys compromised and loss of bitcoin?Ouch - but if that was the goal than it definitely explains the use of a trojan specifically targeted at you.
       
 (DIR) Post #ARIpKR796mWdCbUOnY by ademan@thebag.social
       2023-01-04T14:49:26.230016Z
       
       0 likes, 0 repeats
       
       So uh, do you think this was involved at all in the coin theft?I suppose the details may not be particularly useful to you, but there’s a lot of us anxious to learn from this…