On 7/10/25 16:37, rickm...@shaw.ca wrote:
On 2025-07-10 04:57, Greg Wooledge wrote:
On 7/9/25 22:14, Rick Macdonald wrote:
In 30 years I've never seen an isolated network. May I ask how this
might be done?
An alternative example (with no Wi-Fi):
* One switch or hub. Connect to power.
On 2025-07-10 04:57, Greg Wooledge wrote:
> On Wed, Jul 09, 2025 at 23:23:29 -0700, David Christensen wrote:
>> On 7/9/25 22:14, Rick Macdonald wrote:
>>> In 30 years I've never seen an isolated network. May I ask how this
>>> might be done?
>> Assuming an Internet gateway with 4 LAN ports and Wi-
On Thu, 10 Jul 2025 06:57:10 -0400
Greg Wooledge wrote:
> On Wed, Jul 09, 2025 at 23:23:29 -0700, David Christensen wrote:
> > On 7/9/25 22:14, Rick Macdonald wrote:
> > > In 30 years I've never seen an isolated network. May I ask how
> > > this might be done?
> >
> > Assuming an Internet ga
On Wed, Jul 09, 2025 at 23:23:29 -0700, David Christensen wrote:
> On 7/9/25 22:14, Rick Macdonald wrote:
> > In 30 years I've never seen an isolated network. May I ask how this
> > might be done?
>
> Assuming an Internet gateway with 4 LAN ports and Wi-Fi, and a server with 1
> LAN port, turn off
On 7/9/25 22:14, Rick Macdonald wrote:
On 2025-07-09 18:43, David Christensen wrote:
On 7/9/25 10:39, Rick Macdonald wrote:
I had a question that I forgot to add to my initial long post. This
was since "top" didn't show any great CPU usage, could the encryption
have been performed on another
On 2025-07-09 18:43, David Christensen wrote:
On 7/9/25 10:39, Rick Macdonald wrote:
I had a question that I forgot to add to my initial long post. This
was since "top" didn't show any great CPU usage, could the encryption
have been performed on another machine (Windows or one of my 3
Androi
On 7/9/25 10:39, Rick Macdonald wrote:
I had a question that I forgot to add to my initial long post. This was
since "top" didn't show any great CPU usage, could the encryption have
been performed on another machine (Windows or one of my 3 Android Kodi
boxes)? A number of you suggested exactly
Hi,
On Wed, Jul 09, 2025 at 02:00:15PM -0600, Rick Macdonald wrote:
> I t seems something is opening every file in my Media share:
The thing is that something like Kodi will be scanning through all the
files it has access to in order to update its media library, for
example, as an intended part o
On 2025-07-09 12:26, Šarūnas Burdulis wrote:
On 7/9/25 1:39 PM, Rick Macdonald wrote:
...
I checked, and sure enough, smb.conf had world-writeable permissions.
I've seen where some Kodi web pages suggest this. I've had it this
way for many years, but now I have made it read-only.
In samba
On 7/9/25 1:39 PM, Rick Macdonald wrote:
...
I checked, and sure enough, smb.conf had world-writeable permissions.
I've seen where some Kodi web pages suggest this. I've had it this way
for many years, but now I have made it read-only.
In samba logs you might be able to see which hosts did wh
On 2025-07-07 23:02, to...@tuxteam.de wrote:
On Mon, Jul 07, 2025 at 09:44:11PM +0200, Detlef Vollmann wrote:
[...]
The main point is to find out which system was hit.
According to the description it looks like the Linux server itself
wasn't hit, but a different system that can access files
Hi,
On Wed, Jul 09, 2025 at 07:17:25AM -0400, Michael Stone wrote:
> On Mon, Jul 07, 2025 at 07:17:36AM +0200, john doe wrote:
> > In this case, a perimeter firewall will not help.
> >
> > You likely got compromised by downloading something from the internet or
> > via e-mail.
>
> That is unlike
On Mon, Jul 07, 2025 at 07:17:36AM +0200, john doe wrote:
In this case, a perimeter firewall will not help.
You likely got compromised by downloading something from the internet
or via e-mail.
That is unlikely if the generated files were owned by nobody rather than
the user.
On 7/6/25 19:47, Rick Macdonald wrote:
After running Debian for nearly 30 years (and other distros prior to
that), my Linux server has been hit by a ransomware attack about 11
days ago.
On 7/7/25 17:18, David Christensen wrote:
Please boot live media in the server, open a root terminal, mount
On 07.07.2025 07:47, Rick Macdonald wrote:
I apologize for the length of this question.
...
Some thoughts:
I read that files created by NFS or smb can be owned by
nobody/nogroup. The 2 running process owned by nobody are
/usr/bin/memcached and /usr/sbin/smbd. The remote kodi boxes access
the
On Mon, Jul 07, 2025 at 09:44:11PM +0200, Detlef Vollmann wrote:
[...]
> The main point is to find out which system was hit.
> According to the description it looks like the Linux server itself
> wasn't hit, but a different system that can access files on the server
> via network...
Yes. The gue
On 7/6/25 19:47, Rick Macdonald wrote:
I apologize for the length of this question.
After running Debian for nearly 30 years (and other distros prior to
that), my Linux server has been hit by a ransomware attack about 11 days
ago.
I would power off all computers on your network. Only boot
On 7/7/25 05:28, Karl Vogel wrote:
On Sun 06 Jul 2025 at 22:55:22 (-0400), Rick Macdonald wrote:
After running Debian for nearly 30 years (and other distros prior to that),
my Linux server has been hit by a ransomware attack about 11 days ago.
I have backups, so nothing important has been lost
On Mon, 2025-07-07 at 00:24 -0400, Felix Miata wrote:
> I stopped running samba a year or more ago. If I have something to
> get onto
> Windows, or something to get off of it, I boot Linux. That need is
> rare. It was
> probably last year when I last had any reason to boot Windows. When I
> do, I
>
On 2025-07-07, Karl Vogel wrote:
>>> On Sun 06 Jul 2025 at 22:55:22 (-0400), Rick Macdonald wrote:
>
>> After running Debian for nearly 30 years (and other distros prior to that),
>> my Linux server has been hit by a ransomware attack about 11 days ago.
>> I have backups, so nothing important has
Rick Macdonald writes:
> I apologize for the length of this question.
>
> After running Debian for nearly 30 years (and other distros prior to
> that), my Linux server has been hit by a ransomware attack about 11
> days ago. I have backups, so nothing important has been lost at this
> point. Howe
On 7/7/25 06:02, Russell L. Harris wrote:
On Sun, Jul 06, 2025 at 08:47:22PM -0600, Rick Macdonald wrote:
After running Debian for nearly 30 years (and other distros prior to
that), my Linux server has been hit by a ransomware attack about 11
days ago.
Another machine running firewall sofware
On Sun, 2025-07-06 at 20:47 -0600, Rick Macdonald wrote:
> I apologize for the length of this question.
>
> After running Debian for nearly 30 years (and other distros prior to
> that), my Linux server has been hit by a ransomware attack about 11
> days
> ago. I have backups, so nothing importan
Karl Vogel composed on 2025-07-06 23:28 (UTC-0400):
> I don't know the attack method, but I'd suspect smb first
I stopped running samba a year or more ago. If I have something to get onto
Windows, or something to get off of it, I boot Linux. That need is rare. It was
probably last year when I las
On Mon, Jul 07, 2025 at 04:02:26AM +, Russell L. Harris wrote:
> On Sun, Jul 06, 2025 at 08:47:22PM -0600, Rick Macdonald wrote:
> > After running Debian for nearly 30 years (and other distros prior to
> > that), my Linux server has been hit by a ransomware attack about 11 days
> > ago.
>
> An
On Sun, Jul 06, 2025 at 08:47:22PM -0600, Rick Macdonald wrote:
After running Debian for nearly 30 years (and other distros prior to
that), my Linux server has been hit by a ransomware attack about 11
days ago.
Another machine running firewall sofware is cheap (in terms of
electricity, noise,
>> On Sun 06 Jul 2025 at 22:55:22 (-0400), Rick Macdonald wrote:
> After running Debian for nearly 30 years (and other distros prior to that),
> my Linux server has been hit by a ransomware attack about 11 days ago.
> I have backups, so nothing important has been lost at this point.
That's the
27 matches
Mail list logo
