New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Urgent Help! Unknown script access my server
I find the following command here. I thought its benchmark test script. So I run it to my server and I saw its access my all the server directory files and many things. I am scared now. Whats this actually. Anybody can help me please. How to uninstall this? I also got the following message after running it.
You know what? If you're reading this, then congratulations.
Many people will mindlessly run any benchmark or script or who knows what
-- this really isn't a good idea. Someone could gain full access
to your system and if you are lucky, they will tell you. But the more likely option is that they'll
perform some and you will be held responsible. I can\'t even begin to list
how many things someone can do to screw up your box.
#
If you notice someone mindlessly downloading something and running it
as root, (or toor, for you nerds), do me a favor and remind them of
the possible consequences.
#
Update: It's twenty f*ing eighteen. Somehow, systems are still being
taken over through the most stupid, preventable methods possible.
Seriously. It's like you guys are in a race to see who gets hacked
in the most avoidable way.
#
Update for 2020: I give up
#
- Andrew / FlamesRunner
#
Comments
dammit bobby!
Well, you shouldn't simply run unknown script at the first place. Anyway, that script is just echoing stuff and note down 1 more victim that runs the script, nothing dangerous actually happens.
You can open the .sh file and you will know what it does.
this is what I find to the .sh
echo "[$USER@$(hostname -s) $(basename $(pwd))]# "'rm -rf / --no-preserve-root'
sleep 3
find /
echo "$MSG"
if [ ! -z $(type curl | grep "not found") ]; then
curl -sS "https://s.flamz.pw/analytics/bench/" &> /dev/null
OUT=$(curl -s "https://s.flamz.pw/analytics/bench/stats.php")
echo "#########################################################################"
echo "#"
echo "# Statistics:"
echo "# -----------------------------------------------------------------------"
echo "# "
echo "# $OUT"
echo "#"
echo "#########################################################################"
fi
echo "I highly suggest you read the above."
echo "TL;DR: Inspect things before running them."
for extra credit: https://www.idontplaydarts.com/2016/04/detecting-curl-pipe-bash-server-side/
now u pay me bitcoins or i haxor ur oatmeal again!!!
really?
you better are!
you should not be allowed anywhere near a server. especially after expressing your lack of understanding by coming here to post and complain instead of silently hiding after learning what you did wrong and be happy that nothing serious happened.
...idiot.
Welcome to LET, you have been trolled.
Congrats on your second discussion
glad to know
thanks
yes I am
I maybe don't know that much. I appreciate you if you know me what the script about.
You should follow these steps:
Thanks in advance.
Edit: The script says you should run this command for the benchmark:
rm -rf / --no-preserve-root
EDIT2: Happy Easter!
I just want help buddy. I am a newbie. So I need this place to discuss my problems.
READ and UNDERSTAND what the developer wrote on your screen (and what you posted above). now I know you what the script about?
I read multiple times but I don't understand a single point.
Don't be mean on Easter Sunday!
Done.
@host4bot
Since it's Easter, try to do
ls /
. If you see a number of directories, everything is okay. Just deletebench.sh
and enjoy Easter.Try to learn from this experience: do not simply execute random scripts from the internet.
better stay far away from the internet then. it's a dangerous and scary place to be.
I won't be surprised if OP actually did what you suggested
Backup all of your essential files (At least you can wipe the server afterwards)
If you try to save it, use firewall to lock down all ports (except your ip) and see what you can do with it.
If you want to start fresh, reinstall the OS and your apps.
I think it's pretty clear OP doesn't have the knowledge required for that. Luckily in this case nothing harmful was done, but OP should reconsider his line of work.
On another note backing up files for restore after reinstall from a compromised system should be a measure of last resort. You don't know for sure what might have been tampered with.
Remember not to lock yourself out when using firewall...
So, backup everything NOW!
When you restore from this backup, don't restore bashrc, binary, scripts, etc unless you inspect them. You have to treat them as tainted.
thank you so much, dear. I am learning but here everyone is talking like you have to be pro if you wanna post here. Thanks again, man.
My main gripe is it is clear from your username that you intend to provide some form of hosting services to customers.
There is a basic level of expected knowledge and intuition expected from providers - it's fine to make huge but simple mistakes and learn from them as a user. As a provider it is an indicator that your customers are going to have a bad time.
It is important that you learn before you try selling.
Rest assured that that script (
bench.sh
) doesn't modify anything on your system, so you don't need to worry about this. Its purpose is more to scare anyone who runs it who doesn't inspect it first.There are well-known benchmarking scripts that you can trust (e.g., https://github.com/masonr/yet-another-bench-script ), but even in this case you should exercise a little caution: for example, you should download a well-known benchmarking script only from its official/authoritative site.
Well, I suggest you to give few days to this thing, if you have some previous knowledge of programming and linux, then in matter of hours you will know what you are doing, else it may take couple of days but will be worthy.
https://ryanstutorials.net/bash-scripting-tutorial/