Vanvalkinburgh.org

Dear ASO Customer,

Last night, several of our hosting servers were compromised and a number of customer accounts were deleted. While not all customers are affected, we feel that all customers should be aware of the incident.

The attack happened through a compromised password/computer used by one of the techs to access/support/maintain servers. We’ve disabled access from that computer and account until we can investigate the matter thoroughly.

The servers affected were server names starting with the letters A through D. We’ve posted a notice on our customer forums and will update it with more information:

http://forums.asmallorange.com/index.php?showtopic=12908

If your server isn’t listed, your site wasn’t affected by this.
If you don’t know the server your site is hosted on, you can use our server lookup tool:

http://www.asmallorange.com/extras/server.php

Based on the log data, it does not appear that customer password files were downloaded or accessed, or that any data was transferred. Instead, the attacker simply deleted the customer accounts, and on some servers, critical system files. If you account is on a server that was attacked, we recommend changing your passwords as soon as you have access to your site again.

Our overnight and morning teams have been restoring data, but this is a slow process. For customers affected, please be patient as we work to get through this problem. We understand that many of you host sites for your clients and many of you run your website as a business. Our support team is working as hard as they can to get the data back online as soon as possible.

Once this is behind us, we will be reviewing many of the security systems currently in place and start building improvements. We certainly don’t want an incident like this to happen again. We sincerely regret that this happened, and apologize to all customers who were affected by this.

Thanks for being our customer, and we appreciate your patience as we work to get this resolved.

Email I got from them.

WARNING: During a short period of time during the attack, your site may have been redirected to a malware page promoting a “Web Accelerator” program. This file contains a virus identified as “Backdoor.Win32.VanBot!IK.” Though the exposure time was very short, (less than 30 minutes) there is a possibility that users may have downloaded it. I would suggest informing your users of this and recommend that they run a virus scan and take measures to ensure their system is clean if they happened to download it.

That is on the forum post page, the server my site is on, wasn’t affected.

Oh yeah and by the forum post it says the tech’s computer had a virus, probably the same one. Stupid tech using windows, use linux or something. To improve the security, they could roll their own minimal linux distro, that could be run using virtual box, or vmware player, or parallels, or any other virtual machine program.

Making a full backup of my site so I can download it, cpanel lets you make full backups. Puts everything in a compressed file, so you don’t have to manually download everything.

Already get weekly mysql database backups using Wordpress Database Backup.

The MSI Nettop 100 has an intel atom 330 processor, searched google for “is intel atom 330 64 bit”, and a forum said that if “cat /proc/cpuinfo” has the Lm flag, then it does 64bit. Now downloading xubuntu 64 bit version to see if it works. Intel’s site says it is 64 bit too.

Output of cat /proc/cpuinfo below.

processor	: 0
vendor_id	: GenuineIntel
cpu family	: 6
model		: 28
model name	: Intel(R) Atom(TM) CPU  330   @ 1.60GHz
stepping	: 2
cpu MHz		: 1595.955
cache size	: 512 KB
physical id	: 0
siblings	: 4
core id		: 0
cpu cores	: 2
apicid		: 0
initial apicid	: 0
fdiv_bug	: no
hlt_bug		: no
f00f_bug	: no
coma_bug	: no
fpu		: yes
fpu_exception	: yes
cpuid level	: 10
wp		: yes
flags		: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe nx lm constant_tsc arch_perfmon pebs bts pni dtes64 monitor ds_cpl tm2 ssse3 cx16 xtpr pdcm lahf_lm
bogomips	: 3191.91
clflush size	: 64
power management:
 
processor	: 1
vendor_id	: GenuineIntel
cpu family	: 6
model		: 28
model name	: Intel(R) Atom(TM) CPU  330   @ 1.60GHz
stepping	: 2
cpu MHz		: 1595.955
cache size	: 512 KB
physical id	: 0
siblings	: 4
core id		: 1
cpu cores	: 2
apicid		: 2
initial apicid	: 2
fdiv_bug	: no
hlt_bug		: no
f00f_bug	: no
coma_bug	: no
fpu		: yes
fpu_exception	: yes
cpuid level	: 10
wp		: yes
flags		: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe nx lm constant_tsc arch_perfmon pebs bts pni dtes64 monitor ds_cpl tm2 ssse3 cx16 xtpr pdcm lahf_lm
bogomips	: 3191.98
clflush size	: 64
power management:
 
processor	: 2
vendor_id	: GenuineIntel
cpu family	: 6
model		: 28
model name	: Intel(R) Atom(TM) CPU  330   @ 1.60GHz
stepping	: 2
cpu MHz		: 1595.955
cache size	: 512 KB
physical id	: 0
siblings	: 4
core id		: 0
cpu cores	: 2
apicid		: 1
initial apicid	: 1
fdiv_bug	: no
hlt_bug		: no
f00f_bug	: no
coma_bug	: no
fpu		: yes
fpu_exception	: yes
cpuid level	: 10
wp		: yes
flags		: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe nx lm constant_tsc arch_perfmon pebs bts pni dtes64 monitor ds_cpl tm2 ssse3 cx16 xtpr pdcm lahf_lm
bogomips	: 3191.87
clflush size	: 64
power management:
 
processor	: 3
vendor_id	: GenuineIntel
cpu family	: 6
model		: 28
model name	: Intel(R) Atom(TM) CPU  330   @ 1.60GHz
stepping	: 2
cpu MHz		: 1595.955
cache size	: 512 KB
physical id	: 0
siblings	: 4
core id		: 1
cpu cores	: 2
apicid		: 3
initial apicid	: 3
fdiv_bug	: no
hlt_bug		: no
f00f_bug	: no
coma_bug	: no
fpu		: yes
fpu_exception	: yes
cpuid level	: 10
wp		: yes
flags		: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe nx lm constant_tsc arch_perfmon pebs bts pni dtes64 monitor ds_cpl tm2 ssse3 cx16 xtpr pdcm lahf_lm
bogomips	: 3191.99
clflush size	: 64
power management:

Update
Live CD works, installing now.

Update
It is installed and working.

Linux xubuntu 2.6.28-11-generic #42-Ubuntu SMP Fri Apr 17 01:58:03 UTC 2009 x86_64 GNU/Linux

Yesterday I got an email saying somebody installed wordpress, and had a url to some spam username on some forum. So one post is missing, did a database restore, which put it back how it was, excluding that one post. Wordpress thinks it needs to be installed if it can’t connect to database, so guessing my host was having problems or something. Simple solution would be to delete /wp-admin/install.php?step=2. And the other most important solution, is to ban the asshole. Not that it’ll do any good, it appears as though their in India. Better off banning everybody inAsia, though I’d think my host would take care of that. What’s really funny, it appears as though their using windows.

164.100.43.41 - - [14/Apr/2009:16:24:48 -0400] "POST /wp-admin/install.php?step=2 HTTP/1.1" 200 360054 "http://vanvalkinburgh.org/2007/03/07/godaddy-cant-login/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"


Must be an outdated zombie computer in India.

From Boxee Setup

From Boxee Setup

Put xubuntu and boxee on my MSI Wind Nettop 100, plays 720p perfectly fine, at least everything I tried, tv doesn’t do 1080p, does 1080i though. There’s a bug in boxee, it crashes sometimes when playing an audio file, really annoying. Oh yeah put the boxee remote app on iPod touch, and changed wireless N router to mixed mode, so I can use iPod touch with boxee. Also bought a D-Link gigabyte switch, so I can have linkstation and MSI Wind Nettop 100 connected by gigabyte speeds. That came yesterday too, and works fine. It has a rebate according to amazon, but to lazy to fill that out, don’t care about rebate.

iTunes 8.1 likes to hang and takes a while to start music. I updated to it when it came out, good thing I have time machine, I restored iTunes, so now I’m running the older faster version of iTunes. All my music is stored on a NAS, mounted as a samba share, perhaps the new iTunes doesn’t like that. Apple should of said in change log, that it is slower for some users, and only recommend you update if you have new shuffle. You also need to restore iTunes Library, iTunes Library Extras.itdb and iTunes Library Genuis.itdb in users/Music/iTunes. Found that from apple’s forum. Guess the only fix is to downgrade.

Downloaded the beta of Safari 4 earlier, pretty nice. I’m liking the Top Sites, also like the speed. Still getting use to the tabs being at the top. 1password works after following instructions on their forum, oh yeah I didn’t have to edit plist file. I should of looked in View Customize toolbar before updating to beta, might not of needed to update to beta… Google gears doesn’t seem to work, maybe I need to reinstall it or something.

I have to buy a damn USB cable for it, if I want to put any unsigned programs on my Nokia 6086 phone. The program is windows only, and bluetooth doesn’t work in parallels or virtual box. The USB cable isn’t very expensive on amazon, don’t buy from nokia, they want $50. The Nokia CA-53 Connectivity Cable is what I need. I need to use two programs, one called MobiMB v3.4 DP3 and the other BeHappy. Both can be found here. The BeHappy thing comes with an english readme, or you can use google translator to translate that link. Oh yeah my moms laptop doesn’t have bluetooth.

Update
Just tried vmware fusion, bluetooth works, but that mobi program doesn’t see the hidden folder. It only shows an inbox folder, I read that you need a usb data cable to see the hidden folder. So it looks like I still have to wait, until I get a data cable.

Reinstalled multiple times, doesn’t matter. Can’t really find anything on their forum either.