Jump to content

Photo

Downtime and 'Shellshock' Vulnerability


  • Please log in to reply
11 replies to this topic

#1 LinktheMaster

LinktheMaster

    Hey Listen, Kid

  • Members
  • Real Name:Matt
  • Location:United States

Posted 25 September 2014 - 11:22 AM

An issue making its rounds around the web recently is a vulnerability called 'Shellshock' which allows anything that executes server commands to potentially take over the system.  I do not believe anything on PureZC was open to any such a vulnerability, but in order to be proactive and stay safe, I updated the server to ensure that we wouldn't be open to this vulnerability either now or some time in the future.  You can read more about the vulnerability here.

 

Unfortunately, some of these updates took a bit longer than anticipated, and there were a couple adverse side effects that took me a bit to figure out.  So, if anyone noticed that we were down for a period earlier, then that is why.  Sorry about the inconvenience.  We should be good now, though. :)


  • nicklegends, The Satellite, Eddy and 4 others like this

#2 Koh

Koh

    Tamer Koh

  • Members
  • Real Name:Dominic
  • Location:Monsbaiya, Virginia

Posted 25 September 2014 - 11:27 AM

This is the first time I've heard of this.  Something always seems to crop up every so often though, continuing the never ending war on security exploits.  You create a shield against one thing, and another one pops up.  As long as we can survive each cycle, then we've won the battle.


Edited by Koh, 25 September 2014 - 11:27 AM.


#3 Eddy

Eddy

    ringle

  • Moderators
  • Real Name:Edward
  • Pronouns:He / Him
  • Location:London, United Kingdom

Posted 25 September 2014 - 11:30 AM

Same, I've never heard of that before.

 

Anyways, I'm glad PZC is back up and running!



#4 Magi_Hero

Magi_Hero

    gubgub

  • Members
  • Real Name:Tim
  • Location:NJ

Posted 25 September 2014 - 11:58 AM

Thanks for the update LTM. Do you know if this is affecting sigtau's server as well?
  • David likes this

#5 Ben

Ben

    a very grumpy

  • Members

Posted 25 September 2014 - 12:17 PM

It was indeed affecting IRC. There has been a DNS change as well so if you are unable to connect to IRC you may need to wait a while before it is refreshed. At that point you should be able to connect again.

 

In the meantime you can still connect via katana.bladerock.net or joyeuse.bladerock.net.



#6 Timelord

Timelord

    The Timelord

  • Banned
  • Location:Prydon Academy

Posted 25 September 2014 - 06:24 PM

You know, I often find that announcing this kind of exploit to the world is pure, plain, stupidity. Aye, server admins want to know, but OTOH, the number of malware-makers that can use the exploit explodes exponentially as soon as someone thick enough decides to writes a bog detailing it.

Patching every system running Bash in the world, isn't very likely to occur; so is it really wise to give tutorials on how to operate this , now, out of the gate, before there's a viable solution? I'd say 'no'.

'Tisn't even possible to fix at present, and there are too many versions/ports of Bash to even ponder across platforms, and OS/Kernel versions.

I can't even fathom a vulnerability this widespread, and I' personally like to see how the patches work, so that I might craft my own fixes for OSX Server--the real versions, 10.9.x--while Apple laughs it off.

http://mac-how-to.wo...h-os-x-0157606/

Goodie. I need to showhown a patch, that may, or may not work into four OSX servers, not counting countless Linux systems, and a FreeBSD server. My week now seems so bright, and cheery: Did I mention I have a cold too? Where's that 10T anvil? Over my head? That just brilliant, as it's clearly the least of my worries.

Edited by ZoriaRPG, 25 September 2014 - 06:56 PM.


#7 LinktheMaster

LinktheMaster

    Hey Listen, Kid

  • Members
  • Real Name:Matt
  • Location:United States

Posted 25 September 2014 - 06:27 PM

Still no news on if this affects OSX, or BSD/FreeBSD...

It affects all bash.  So, OSX is definitely affected.  BSD/FreeBSD might if you have something wrapped into bash, but I don't think it's as big of a concern there because bash isn't the default shell.



#8 Xenix

Xenix

    Well excuse me princess.

  • Members
  • Real Name:Chris
  • Location:Newport News, VA

Posted 25 September 2014 - 07:37 PM

LinktheMaster, you never sleep do you? :P No, but seriously, you are always doing something good for the site. You are the perfect example of how a site admin should be. I just felt I should say that. Hopefully this issue doesn't cause harm to this site, but I know this site is in good hands nonetheless.


  • Evan20000 and coolgamer012345 like this

#9 Mero

Mero

    Touch Fluffy Tail

  • Banned
  • Real Name:Tamamo No Mae
  • Location:Rainbow Factory

Posted 25 September 2014 - 11:02 PM

bladerock was down as well earlier. Is that related to this I assume?



#10 anikom15

anikom15

    Dictator

  • Banned
  • Real Name:Westley
  • Location:California, United States

Posted 25 September 2014 - 11:57 PM

Thank you for your prompt service.



#11 sigtau

sigtau

    *sip*

  • Members
  • Real Name:Will
  • Location:Spending too much time on this damn thing

Posted 30 September 2014 - 05:30 PM

bladerock was down as well earlier. Is that related to this I assume?

 

In the process of performing the exact same update to Bladerock as LtM has done to PureZC, I tweaked the DNS for better load-balancing so we don't have one server at 90% RAM usage and the others at 20%.  Your issue was either trying to connect when one of the servers went down for the update or trying to connect as the DNS changes were propagating.



#12 SkyLizardGirl

SkyLizardGirl

    Unbeknownst to danger we call upon your help

  • Banned
  • Real Name:Arianna Crystal Ritter
  • Location:Earthia

Posted 02 October 2014 - 05:09 PM

-1000 Slaps on the back great job!'

But Shell-shock huhz?
https://www.youtube....h?v=-iurWmSi6Fg  
^Saw this:  Monster turtle

**
The Web is always a replaceable thing but not a person's hand.
    Hybrid - internet / Hybrid web / hybrid codes.
(.. The word Hybrid is foreshadowing. )

ZoriaRPG  sounds like quite a thinker.  

 

These viruses are no accident as the elites in power pay nerds to engineer these for them

to attack people who get a bit too high on the scale to make the competition a bit more diabolical and interesting. - They don't just come into existence by accident.   

***

 

'Online viruses are the equivalent

 of a tornado hitting a small metal mill- town and all the pieces flying around, falling down into place forming an entire jet liner engine plane.

 

-intelligent design goes into shell shock on purpose.


Edited by SkyLizardGirl, 03 October 2014 - 03:36 PM.



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users