174 new of 251 responses total.
The 'cannot deliver' was for a mail sent to keesan@grex.org Friday - I seem to have deleted that info. Are other people not receiving mail sent to them at grex on Friday?
(Kerberised telnet *does* fix the "password is sent in plaintext" problem: the telnet connection is encrypted end to end, before the "login" prompt is sent, usually. The password _may_ have to be decrypted at the other end, just as it is in ssh, but that's a local configuration issue: with ticket forwarding, the password isn't needed at the far end.)
Before we could turn off telnet we'd have to fix the password expiry problem (doesn't work with ssh -- you simply can't log in) and either eliminate the queue or make it work with ssh. Making ssh set the MAIL variable correctly would be nice, too.
When is an upgrade of SSH from the insecure protocol of version 1 to version 2 planned? Also, I get this from my OpenSSH: caladan$ ssh -1 grex.cyberspace.org Warning: Server lies about size of server public key: actual size is 767 bits vs. announced 768. Warning: This may be due to an old implementation of ssh.
Is this a problem? My session on the agora ended with this message. The interrupt command didn't work. ________________________________________ #3 of 14: by The Accidental Purist (other) on Thu, Jan 9, 2003 (18:46): He's translating for his friends, the literacy-impaired. #4 of 14: by S M (mynxcat) on Thu, Jan 9, 2003 (18:59): aaah. That makes sense Press Spacebar for more, q to quitshTerminated : 2726 Terminated > >
RE:76 You can use SSHDOS for DOS, of sourceforge.net
Pine bombed out on me earlier with this message: ld.so: call to undefined procedure _sigpause from 0xef785528
I get that as many as three times a day when I try to send with Pine.
Today someone phoned and asked if I had received email sent yesterday (way under 70K) and I had not, nor have I ever received two test emails sent from myself at a free webmail account to keesan@grex.org and keesan@cyberspace.org two days ago. I asked them both to change their settings to wait longer before timing out - what is the proper terminology for this?
Dialin doesn't seem to be working - I get fast, funny-sounding busy signals. Dialing 5041, for what it's worth.
I'm dialed in now, and it seems OK.
is someone going to answer the question about SSH Protocol Version 2? I too am wondering why grex is still using version 1 only.
Sometimes when logging in and typing ahead, login tells me "You cannot change L$0" and gets my loginid wrong.
I think this happens to me if I backspace one too many times at the login prompt.
and to me if i accidentally pinky the tabkey
Polytarp, and other ids originating from the same address as polytarp, is flooding crap into party and rendering it unusable. Other ids include "tabs" and "jimt".
"Rendering it unusable"? Assuming it doesn't crash party (which I doubt it would) haven't you heard of the :ignore command?
This response has been erased.
The fact that there are defenses against rudeness is no excuse for rudeness.
Good line, John. It should be on a bumper sticker or coffee cup.
This response has been erased.
Wow. You are a major asshole! Happy?
If polytarp is causing problems, why not drop packets from his ISP's netblock and/or complain to his ISP?
other, if that bored you, remember that the only ones who get bored are those who are boring.
Re #98: That was pointless. Re #100: Blocking anyone's netblock should be a last resort, since it can affect innocent parties who happen to use the same ISP.
If the problems do not cease, I suggest we pursue civil or criminal penalties against polytarp. See this: http://www.cleveland.com/tech/plaindealer/index.ssf?%2Fbase%2Fbusiness%2F10 4288693631280.xml
Polytarp is in Canada. Even if he was in Washtenaw County, Grex doesn't have the resources to sue him. Ignore him.
why does nooone do anything to prevent people from being affected by polytarps shit? Block his IP! You don't need to block his netblock. scribble that stupid response above with the contents of the /etc/passwd file. Why waste the bandwidth to download all that shit when you're using backtalk or picospan? I really don't understand why grex staff lets it continue. Grex is slow enough as it is.
fag.
Re #102: It would only be necessary to block the netblock until the ISP or criminal authorities had taken action against the abuser.
re #105: Staff could block his IP but if he's determined to be an obnoxious twit (and all evidence indicates that he is..) he'd just come in from another IP. And they could scribble his response, but that will just encourage him to post it again, and again..
fag.
resp:108: Then scribble it again. after a few hours, he'll stop. he'll also quickly run out of IP's to access grex from.
If you ignore him (which you are not, thus he gets the attention he so desires) he may eventually stop and/ or go away. Think of him as a misbehaving 2 year old.
hehe. look at yourself, jiffer.
Frankly, I think of a misbehaving 2 year old as having more intelligence.
Lynx won't access sites - just keeps waiting for something to happen.
I was dialed in a while ago, and it looked like Grex's internet connection died when most of the users simultaneously ceased to be logged in.
I am unable to telnet in from work, which I have done in the past. Right now, I'm telnetting to m-nut, then here from there. I have been able to telnet here directly in the past, but this is the first time I have tried in probably a month or more.
Lynx works again now.
This response has been erased.
I think it's still a network problem. Although there is a bit of a load right now: } Respond, pass, forget, quit, or ? for more options? !uptime } 5:33pm up 28 days, 7:32, 37 users, load average: 12.98, 11.40, 11.11
Possible DNS problem: a correspondent reports that he cannot reach grex.org. I have no difficulty, but maybe parts of the network discriminate against Dotster-registered domains.
Could also be that the .org registry is moving from Networking Solutions to Public Interest Registry (PIR). Things were supposed to be up and stable by last night, but who knows?
I tried telnetting from work, directly to the IP. that didn't work.
In that case, use traceroute to find out where the packets are dropping. We've been seeing network problems off and on for a while.
More info I was sent by my correspondent (though he does say that he can *ping* grex.org): whois grex.org @whois.crsnic.net [whois.crsnic.net] Whois Server Version 1.3 Domain names in the .com and .net domains can now be registered with many different competing registrars. Go to http://www.internic.net for detailed information. No match for "GREX.ORG". >>> Last update of whois database: Wed, 29 Jan 2003 17:32:40 EST <<<
Well, "whois -h whois.networksolutions.com grex.org" returns the right information.
Well, I tried a whois against whois.crsnic.net and discovered that your correspondent missed some vital information. Here is what I got: } coll% \whois -h whois.crsnic.net grex.org } } Whois Server Version 1.3 } } Domain names in the .com and .net domains can now be registered } with many different competing registrars. Go to http://www.internic.net } for detailed information. } } No match for "GREX.ORG". } } >>> Last update of whois database: Wed, 29 Jan 2003 17:32:40 EST <<< } } The Registry database contains ONLY .COM, .NET, .EDU domains and } Registrars. } } coll% That last little bit explains a lot.
no .orgs
Heh.
If someone has trouble accessing grex.org, have them try cyberspace.org instead and report if that works. Since they're on different registrars, that will tell us if it's a registrar problem or something else.
control of all .orgs has moved to a central source... no?
The database was always maintained by a central source, but that central source just changed. This doesn't affect the fact that there are multiple *registrars* you can buy .org domains from.
(one of the ttys appears to be stuck.) 4:49pm up 30 days, 6:48, 57 users, load average: 5.51, 6.03, 7.08 User tty login@ idle JCPU PCPU what dimitar ttyp0 3:14pm 1:30 15 2 -bash jackv20 ttyp0 1:02am 1:30 15 2 -bash
I mentioned this in the 'bummed' item, but maybe it belongs here, too: ssh doesn't get the 'birthday' part of the motd.
JUST USE TELNET!
I have used the Change program (a few months ago) to put polytarp on my do not write/tel/chat/talk list but I still get tels. Why?
It was a talk request, keesan.
The change program said it was changing my .login file. I don't see polytarp anywhere in the file.
Then the change program misspoke. What it changes is your .cfonce file.
"whois" doesn't know about "cyberspace.org" either; the message at the
end does not mention .ORG (as noted in #126). DNS does know about grex.org.
This also works:
whois -h whois.pir.org grex.org
(but it's amazingly slow. Too many spammers harvesting contact info?)
Re: 133 I think if you put "cat /usr/local/lib/motd.birthday" into your .login file (assuming csh) then you will see the motd.birthday file even when sshing in. However, you'll then probably see it twice when telnetting in.
Is there a way I can see the "You have New Mail" message when using ssh?
"whois.geektools.com" works as a whois host for almost all registrars and TLDs. (Not *quite* all -- there are a few that they can't support for one reason or another.)
After reading mail with Pine (today and yesterday) I was told No conf. when I typed bbs or even bbs agora. I then typed q, bbs (same message) and then j agora. Is this a new feature or did I do something odd?
Also before getting into bbs 'I don't understand mart. Type HELP for help.' (This was before the (no conf) appeared onscreen. Confusing and possibly other people are completely lost.
My twit filter is no longer working now. I checked .cfonce and polytarp is still listed there. I would suspect my own fault except for the no conf problem at the same time. Or is some other file of mine messed up too?
Might I have messed up .cfonce when I was removing all the redundant copies of a twit filter? Anyone want to look at it for me, please?
HAHA! I can talk to you keesan!
Re #146: Yes, you need to fix your .cfonce, where you apparently got some inappropriate line-wrapping when you edited it. The following two lines should be just one: # responses entered by users: jp2 polytarp realpoly gizmo sarkhel loperbd mart The fact that "mart" is by itself on a line explains the message about it. The following two lines should also be one: define pager "twit jp2 polytarp realpoly gizmo sarkhel loperbd mart | less -dE -P 'Press Spacebar for more, or q to quit'
(The first of those pairs is just a comment, but for the second you need (in joining them) a blank between "less" and "-dE".)
Thanks, this explains the 'I don't understand mart'. It still does not explain why my twit filter is not eliminating tels from people on the twit list.
I tried to edit .cfonce with pico. I put things on one line but pico wraps them onto two. Can I disable line wrap with pico? Do I need to learn vi to fix .cfonce? I could put a # in front of mart but that does not fix the problem o f the line starting with -dE.
I'm not a pico user, so I don't know if linewrap can be disabled. Re #150: Twit lists in .cfonce control only what Picospan shows you. They have nothing to do with tels. For that, you need to enable a .nowrite file. See !man write.
To disable word-wrap in pico, use "pico -w -t". Well, probably you just need the w, but I use both and it works.
-t is nice because it puts pico in 'tool' mode which is better for novice users.
The change program which modified .cfonce (but said it was modifying .login) also said it was changing write permissions for tel talk etc. Someone might want to modify the change program. I will check out pico -w -t.
My .cfonce has been fixed with pico -w -t. What did the -t do? I was able to remove the CR/LF or whatever it was that was breaking up one line into two.
I wonder if a quotation mark is also missing from that last line.
If so where should I restore it to? Everything seems to work anyway.
Probably at the very end of the line, as in the lines just before it. In general, quotation marks come in pairs.
(ttyp0 appears to still be stuck in wtmp.) 7:04am up 33 days, 21:03, 44 users, load average: 11.46, 12.04, 12.16 User tty login@ idle JCPU PCPU what carson ttyp0 7:04am 9 3 w mullen ttyp0 1:51am 9 3 w
Re #159: Picospan is forgiving about a missing close-quote at the end of a line.
I will refrain from fixing what works even if it is not perfect. I am afraid of causing more problems by adding back the quotation mark.
I believe -t makes pico exit and save when you hit ^X, whereas without it you get those two annoying prompts asking if you *really* want to save and if you *really* want to exit.
That's right. Except s/annoying/outrageously annoying & confusing/
When connecting with ssh, the screen clears itself after motd, doesn't display the Last login or mail status, and starts the cleared screen with the Erase info.
This response has been erased.
It still happens when I use PuTTY.
That happens to me with TeraTerm, regardless of how I connect. I think Grex sends a terminal reset command right before doing the Erase stuff. I have .hushlogin set anyway, because I prefer to diff the motd so I only have to read the changes, not the whole thing every time.
I'm using putty for my ssh sessions, and NetTerm for telnet sessions. I have no prolbems when using NetTerm. I guess I'll have to see how I can get Grex to stop sending a reset, if that's what it's doing.
The whole systems seems to be having issues, or is at least losing most/all connections.
My ssh connection has been dropped several times today, ditto for telnet. Generally within a few minutes of my connecting, the session will seem to freeze, with characters I type evidently not reaching whatever program I'm in at the time. About a minute or so later my ssh client (putty) gives up the ghost and declares the connection terminated. If I ping grex from a command prompt window while my putty session is frozen, packets seem to be getting through at least as far as grex.org. Is anyone else experiencing this or should I be looking for explanations on my end first?
ssh and web access has been very erratic for me today. I'm dialed in right now, but earlier that wasn't working, either.
I've had problems with telnet and ssh in the past couple hours.
I could not dial or telnet in just now. Using backtalk (6 pm).
I'm in via SSH right now.
Now I was able to telnet (17 min after my first five attempts).
I got dumped earlier today too.
Generally, I use traceroute when I notice problems like those described above, and, generally, I see that packets are being dropped between voyager and grex. Here is an excerpt from the results of a such test from right now: } 10 rback0.flnt.mi.voyager.net (216.93.15.210) 56 ms 51 ms 51 ms } 11 cyberspacecomm.flnt.mi.voyager.net (216.93.107.238) 113 ms 63 ms 65 ms } 12 grex.cyberspace.org (216.93.104.34) 65 ms 59 ms 67 ms It's right after hop 10 I see trouble. Earlier today, I noticed such things, when I was logged in (via ssh) between 14:56 and 15:38. I guess my ssh client was more tolerant, because I did not lose my connection.
Earlier, I was dialed in & telnetted out (Grex is the only ISP I've got), and kept getting hung up (um, frozen, not disconnected - if I pressed ^] I got immediate response from telnet). A bit later, Jon was on (dialed in) and kept getting disconnected. The fact that dialins were disconnected at that point suggests something local to Grex, but possibly in the network connection to the termserver.
I'm getting something similar now. Telnet connections need 1 minute to login prompt. Backtalk slogs rather badly too. Normal (non-cgi) HTTP is fine.
Pine keeps dumping me when I try to send a mail (several times a week): ld.so call to undefined procedure _sigpause from 0xef785528
Grex took over 140 seconds to give a login prompt.
DNS for grex.org isn't working. Both dns.gibbard and grex.cyberspace
fail:
res_send to server dns.gibbard.org 209.142.209.52: Connection
refused
and
res_send to server grex.cyberspace.org 216.93.104.34: Connection
timed out
I gave up dialing in but could telnet. Took a bit of a wait.
This time I waited a couple of minutes and could dial in.
This response has been erased.
It took over 2 minutes to get a login prompt. Again. I've finally got the lowdown on the mail errors cited above: > 250 grex.cyberspace.org Hello [209.142.229.137], pleased to meet you > mail from: nobody@nowhere.net > 250 nobody@nowhere.net... Sender ok > rcpt to: russ@cyberspace.org > 553 russ@cyberspace.org... One generation passeth away, and another > generation c > ometh: but the earth abideth for ever. > data > 503 Need RCPT (recipient) > rcpt to: russ > 553 russ... One generation passeth away, and another generation cometh: but > the > earth abideth for ever. WTF does THAT mean?
You've somehow fallen afoul of mdw's bible-quoting trouble filter.
I don't know which filter that is. I know replies I send to a mailing list I'm on sometimes run afoul of the 'my skin is black upon me' filter if I don't remove excess spaces from the subject line.
a bible filter is rather refreshing! able to get through with cyberspace.org bt not with grex.org.
The Bible quotes mean that Marcus's filtering thinks it's spam. You may be able to get more specific info on what triggered this from him.
... though (whatever it is) I doubt you'll have any luck getting him to change
it to let your mail through; it's probably keeping lots of real spam from
people.
Hmm. The headers you cite would suggest that there's a problem with the russ
account itself, not with other contents of the message. ("would suggest"
meaning "suggest to me", & I'm not particularly up on this stuff.)
Re #192: My correspondent got that last error from a telnet session to the smtp port; that may have triggered the spam-trap. However, it wouldn't account for spurious mailbox-full indications (which may actually be mail-filesystem full - I don't know).
"One generation passeth away"... indicates a failure to follow certain
basic parts of RFC 822. I wasn't patient enough to find Russ's
attempts, but I found a spammer using
ntsaga007231.saga.nt.adsl.ppp.infoweb.ne.jp and
adsl-65-71-169-27.dsl.tpkaks.swbell.net who ran afoul of this trying to
send spam to russ.
Most of the spam checks (including this one) don't care which grex
mailbox is named. There is one check for "generic" mailboxes -- ie,
outside machines supplying a RFC 823 To: field of "you@grex.org" and so
forth. Note even this check isn't looking at the forward path where the
mail will actually be sent, it's looking to see if spammers have used a
generic "somewhere at the realm in question" -- and this is no longer so
common since most people have caught on to this.
The "mailbox is full" message is separate logic (well, as separate as it
can be given it's one big monolithic program). It will be generated if
and only if your loginid is named in /var/adm/badmail . A better way to
check to see if your mailbox is full is to say
!umailck
In addition to seeing if you're on the list, this can actually take you
off the list if you were on it, but have managed to free up enough
mailbox space to receive more mail. If your mailbox is full when you
log in, login will spit out a message that includes information on how
to run umailck. There is also an automatic process that will remove you
from /var/adm/badmail if you free up space, but forget how to run
umailck .
Grex was down for several hours - apparently a power blip last night tripped up our UPS (plans to replace the batteries are in the works).
Do you mean the UPS failed to work, Scott?
Several of our clocks were blinking '4:45' this morning around 7:00.
I don't know exactly what the UPS does, but the last few reboots have required power-cycling the UPS because it was stuck in some kind of fault mode. There was some kind of power blip last night; I heard both my UPSs go off but none of my clocks were affected.
Currently entering:
lynx, g http://www.cyberspace.org
yields:
Alert!: Unable to connect to remote host.
Can't connect to any remote host. The proxy server might not be running. If I knew how to start it, I would.
RK, if you use Lynx frequently and want a backup for it, contact me. This sort of proxy server problem has occurred before at grex.
Re. #201: Thank you. I'll keep your offer in mind.
This response has been erased.
Seems like apply a patch would be somewhat easier.
This response has been erased.
All versions since 5.79 are affected. What version are we running?
X-Force has demonstrated that this vulnerability is exploitable in
real-world conditions on production Sendmail installations. This
vulnerability is readily exploitable on x86 architecture systems, and may
be exploitable on others as well.
Protection mechanisms such as implementation of a non-executable
stack do not offer any protection from exploitation of this
vulnerability. Successful exploitation of this vulnerability does not
generate any log entries.
http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21950
Re #206: Unless they've set sendmail up to lie about its version in its connection banner (a good idea, IMHO), you can find that out yourself pretty easily.
This response has been erased.
Incidentally, it appears this isn't exploitable on some systems. It depends on how the binary is structured, so it may vary from build to build.
I've always wondered a little if postfix is really more secure, or just less common (and hence under less scrutiny.) I'm always a little suspicious of claims of (in)security based on the number of *discovered* bugs.
This response has been erased.
I'm going to get a good laugh when somebody tries to exploit that bug against us! I don't think very many hackers can write SunOS shellcode.
This response has been erased.
script-kiddies suck.
So is it correct to assume that the widely-reported bug in sendmail doesn't affect us?
This response has been erased.
i am trying to work with centering but it seems i need the glib library 1.2 or more new... Some body could renove it? it's very important for me. Saizen
Dan, I drew my conclusion because no staff has said otherwise, and because staff has already hacked sendmail. Plus, no outside crazies have seized root. I hope. 8-)
This response has been erased.
It hasn't been patched with the 'official' patch yet, at very least. So it's probably vulnerable. AFAIK there's no working exploit for this on SunOS (or any other OS) yet, not that anyone should be reassured much by that.
Backtalk isn't responding but telnet is working fine.
This response has been erased.
Web server was probably down for some reason.
Incidentally, if you haven't already, you might want to email staff about the sendmail thing. They tend to read email a lot more often than they read this item.
I tried the Backtalk interface today, and could not get the Abelone(sp?) one to work, it just sat there.
They all just sit there for a while. Be patient. This screen took 2min to come up.
This response has been erased.
Re #228: That may not be Grex, it might be your browser (or web proxy server) timing out more quickly than Grex responds.
This response has been erased.
Almost no mail has been delivered today. Something's wrong.
I've gotten a fair amount of mail. About as much as I normally expect, anyway.
Same here.
The putty screen is still clearing, right after motd. Hence, I can't ready motd, nor the new mail alert.
No mail here today either.
krokus, take a look at your termtype. I've seen something like that with vs100, I think it is. I have to set my xterm's termtype to vt100 when connecting to grex.
My screen has always cleared after login.
One could make 'motd' the last line of one's .login or .profile.
re 236 I can't change the emulation, as such. PuTTY only allows you to change certain aspects of the intereaction. re 238 That was something I tried, but motd is displayed by the system, along with the new mail status, prior to the .login or .profile. (I know, it can be displayed again.)
Re #234: I believe that some tset or other commands clear the screen; check your .login file for things you don't need.
I have .hushlogin set to prevent the motd from being displayed during login. The reason is I have a script in my .profile that diffs the motd against what it was last time I logged in and displays just the changes.
By the way, are you aware that the motd displayed by the system on login, and by the motd command, displays more than just the contents of the file /etc/motd?
I wasn't. Why is that?
(are you aware that, if using a ssh client, the system does *not* display more than the contents of /etc/motd?) ;)
(Yeah, I recently became aware of that. I'm hoping that's a problem that magically goes away when Grex moves to new hardware and a modern, well-supported OS.) Re #243: I imagine it's so that parts of the login message can be generated automatically without collisions. For example, the birthday part of the motd is in /usr/local/lib/motd.birthday. This file is regenerated daily by a program that scans the birthday database and selects people whose birthday matches the current date. It would be unfortunate if the program wrote directly to /etc/motd at the same time somebody was editing /etc/motd manually.
For what it's worth, yesterday morning my IDS at work logged what appeared to be an attempt to exploit the sendmail vulnerability mentioned earlier in this message. Unfortunately I didn't have full logging turned on, so I can't say whether it had any shellcode attached or whether the goal was just to crash sendmail on vulnerable servers.
I dialed in and was told (twice) Unable to find your tty (ttyu1) in uutmp file. What does this mean and what stupid thing did I do that caused it? Bbs works anyway.
Mail still cannot be sent from wwnet.com to Grex. It appears that Grex is applying an unreasonably strict definition of what constitutes "legitimate conduct". Shutting off spammers is one thing; cutting ourselves off from major ISPs is quite another.
The ssh daemon must have died. I can telnet in, but not ssh.
$ ps -ax | grep sshd 1045 ? IW 0:05 /usr/local/libexec/sshd 1293 ? S 1:44 /usr/local/libexec/sshd 2212 ? IW 0:04 /usr/local/libexec/sshd 2763 ? IW 0:05 /usr/local/libexec/sshd 3372 ? IW 0:03 /usr/local/libexec/sshd 3569 ? IW 0:02 /usr/local/libexec/sshd 3664 ? IW 0:02 /usr/local/libexec/sshd 3989 ? S 0:05 /usr/local/libexec/sshd 23951 ? S 2:08 /usr/local/libexec/sshd 26686 ? IW 0:26 /usr/local/libexec/sshd 27290 ? IW 0:08 /usr/local/libexec/sshd 27652 ? IW 0:12 /usr/local/libexec/sshd 28254 ? IW 0:21 /usr/local/libexec/sshd 28434 ? S 0:08 /usr/local/libexec/sshd 28706 ? IW 0:09 /usr/local/libexec/sshd 4292 qc S 0:00 grep sshd $ It is running now.
resp:250: not necessarily. That output doesn't tell me if the main sshd daemon is running or not. All of those could very well just be user sessions, and the main daemon could be dead so no new sessions could start.
You have several choices: