Thank you very much, sorry for the alarm.
Posts by temp25
-
-
I apologize for copying and pasting issues, my english is not good and I use goolge translator.
I finally solved after formatting all the devices and restored, I can say with certainty that my router was the device originally infected with the virus.
-
Code
The problem has also occurred after a clean installation, inviting users to check their .config folder and report any feedback -
Other devices do not seem infected, can malware be installed through some addons?
-
Code
The device is closed on the internet but some docker services are reachable, i have nextcloud active with nginx reverse proxy. -
Good evening, just in this moment I noticed that the file autostart.sh of my libreelec has been modified with a botnet kaiten command, the binary was in the .config folder, I immediately restored the autostart.sh file and To eliminate the binaries, I would like to have comfort from the developers, from what I read on the network kaiten is a very dangerous malware.
ESET has just identified a new and more powerful version of Kaiten, a maliciously-controlled Internet Relay Chat (IRC) malware used to dispose of DDoS (Distributed Denial of Services) attacks. Remastered malware has been dubbed Linux / Remaiten and targets networking devices such as wireless routers, gateways and access points, and potentially even IoT devices equipped with Linux operating systems. ESET researchers have so far identified three variants of Linux / Remaiten, identified as versions 2.0, 2.1 and 2.2.
Based on the code analysis, the main novelty of this release is its sophisticated spreading mechanism: using Linux / Gafgyt telnet scanning system, Linux / Remaiten improves its spreading mechanism by sending its own code Binary executable on networked devices such as routers and other connected devices, trying to hit especially those protected by weak credentials.
The work of the Downloader component, embedded in the binary of the bot itself, is to request the binary code of the Linux / Remaiten bot to its command and control server. When this is done, it creates another bot that can then be used by criminals. ESET researchers noted that this technique had already been used by Linux / Moose to spread infections.
It is curious that this variant of malware includes a message intended for anyone trying to neutralize this threat: inside the welcome message, version 2.0 directly cites malwaremustdie.org which has published detailed information about Gafgyt, Tsunami and other members of this family Of malware.
-
Done, everything works perfectly, Nextcloud - Mariadb - Letsencryp with reverse SSL proxy - Portainer, great server.
-
I installed Nextcloud + MariaDB docker, configuration works very well.
I also installed Letsencrypt Docker, which created the Certified Keys, can I not run the reverse SSL proxy connected to Nextcloud, if anyone has managed to configure it, can post configurations, or specify changes to be made in configuration files?.
thank you.
-
it does not work
Always the same problem
[hr]
Hope a new version solves the problems. Thanks anyway. -
-
OpenELEC:~ # systemctl start mysqld
OpenELEC:~ # systemctl stop httpd
OpenELEC:~ # systemctl stop mysqld
OpenELEC:~ # rm -fr /storage/.kodi/userdata/addon_data/service.web.lamp
OpenELEC:~ # systemctl start httpd
OpenELEC:~ # systemctl start mysqld
Job for mysqld.service failed because a timeout was exceeded.
See "systemctl status mysqld.service" and "journalctl -xe" for details. -
LibreELEC (official) Version: 8.0.1
OpenELEC:~ # ps | pastebinit
RebKLAMP testsHTTPphpinfo.php
exif_test.php
db_test.php
mail_test.php fix msmtprc config file (restart httpd) and mail_test.php
phpMyAdmin/index.phpuser/pass: root/123
HTTPSphpinfo.php
exif_test.php
db_test.php
mail_test.php fix msmtprc config file and mail_test.php
phpMyAdmin/index.php user/pass: root/123Not FoundThe requested URL /phpinfo.php was not found on this server.
[hr]
Apache/2.4.25 (Unix) LibreSSL/2.4.4 PHP/5.6.30 Server at 192.168.0.7 Port 4080
[hr]
db_test.phpWarning: mysql_connect(): Access denied for user 'root' localhost (using password: YES) in /storage/.kodi/userdata/addon_data/http://service.web.lamp/www/htdocs/php-tests/db_test.php on line 3
Could not connect: Access denied for user 'root' localhost (using password: YES)Error. Please check error log.
-
##############################################
# LibreELEC #
# LibreELEC – Just enough OS for KODI #
##############################################LibreELEC (official) Version: 8.0.1
OpenELEC:~ # systemctl status httpd | pastebinit
FYdJ
OpenELEC:~ # systemctl status mysqld | pastebinit
XVNW
OpenELEC:~ # -
I have installed version 8.1.102 for raspberry pi 2, mySQL does not work either by accessing phpMyAdmin root / 123. I deleted the entire userdata folder, but it does not work.
I would like to install owncloud server, thank you in advance for help.