Jump to content

I Couldn't Believe My Eyes

Alessandro17

By Alessandro17,
in Linux - *nix

 Share
24 posts in this topic

Recommended Posts

Alessandro17
Alessandro17
Posted
Posted

I didn't know whether to put this in *nix or in Laughs. It is a bit of both, I suppose.

 

http://ubuntuforums.org/announcement.php?f=48

 

ATTENTION ALL USERS: Malicious Commands

 

___________________________________________________________________________

 

I'd like to take a moment of your time to discuss a recent disturbing trend the staff has been noticing on the forums, and also take this as an opportunity to raise awareness of this situation through education.

 

We've recently had an increase in the number of dangerous commands being posted on the forums. Don't pretend you don't know what I mean -- commands that cause massive damage or disruption to the user's computer.

 

I'd just like to caution those thinking of doing this that UbuntuForums has a strict zero-tolerance policy when it comes to posting dangerous commands. If you post one of them, particularly in a support thread disguised as advice, expect to be instantly and permanently BANNED, at the account, e-mail, IP, or ISP level. I do not care about intent -- if you mean it as a joke, it is not funny. If you mean it as a lesson, go teach it somewhere else. This behavior is absolutely against the Forum Guidelines and Ubuntu Code of Conduct.

 

I'd also like to remind users to be cautious when someone tells you to run some command or download some script as a solution to your problem. When in doubt as to the safety of the procedure, it's always a good idea to wait for more opinions, and/or have the command explained to you and verify if the explanation makes sense by consulting readily available documentation on Linux commands (such as manpages). No matter how hard we try to stay on top of all posts in realtime, we are not perfect.

 

 

 

Regards,

 

The UbuntuForums Staff.

 

 

 

As requested by some, for the education of our users, here are some common examples of dangerous commands that should raise a bright red flag. Again, these are extremely dangerous and should not be attempted on a computer that has any physical connection to valuable data -- many of them will even cause damage from a LiveCD environment.

 

Again, DANGEROUS COMMANDS -- look but DO NOT RUN.

 

Also, this is far from an exhaustive list, but should give you some clues as to what kind of things people may try to trick you into doing. Remember this can always be disguised in an obfuscated command or as a part of a long procedure, so the bottom line is take caution for yourself when something just doesn't "feel right".

 

All this sounds like just ordinary common sense. But my first question was: "Why?"

 

In my Linux experience (and believe me, it is long and intensive) I had never seen anything like this in any forum.

So why the Ubuntu forum? Plain hatred? Sadism? People enjoy making fools of newbies? Microsoft shills sent to prove that Linux is not so safe after all?

I know that with other Linux distros it happens very occasionally, but from what I have read above, this sounds like an epidemic. So you help me understand.

Link to comment
Share on other sites
Alessandro17
Alessandro17
Posted
  • Author
Posted
now what's wrong with a good 'ol chmod -R 000 / every now and then? ;)

 

Much better like this:

 

alessandro@linux-nxg9:~> su

Password:

linux-nxg9:/home/alessandro # chmod -R 000 /

 

(With root privileges it works a lot better :D )

 

Of course "sudo chmod -R 000 / " should work pretty well too, when sudo is enabled :lol:

 

I saw this a few months ago and had to LOL! I couldn't decide who is stupider: the asshat who says to run 'sudo rm -rf /' or the n00b who just runs in a command as sudo without knowing what it does...

 

The odd bit is that it doesn't seem to happen to other distros that much.

Thus it must be because Ubuntu is perceived as the quintessential n00b distro :D

Link to comment
Share on other sites
BBrown
BBrown
Posted
Posted

The reality is that most noobs/newbies to Linux generally cut and paste commands into terminals trustingly when they are googling for solutions to a problem. This opens up the real possilbility and danger that a hacker or can craft a website with malicious commands and can falsely advertise the site as a site for solutions or fixes to a Noobs ubuntu compute problems. The unsuspecting and trusting noob takes the bait and bam gets caught up like a fly in a spider's web, lol.

 

For the few Mac Trojans that have been created, many of them work when the user unwittingly responds to prompts to allow root privileges and enters his or her password. There are many users who purchase Macs because they hate command line and terminals and may not realize the importance of not just entering a password when prompted. So, while this may be an issue for ubuntu users, there are equivalent Mac OSX Noobs who may be just as ignorant of such things. Hackers and trojan authors are equal opportunity attackers. To them, it does not matter if the target is a Ubuntu, Mac, or Vista Noob. For them a noob is a noob is a noob, and any noob is fair game.

Link to comment
Share on other sites
(MoC)
(MoC)
Posted
Posted
The reality is that most noobs/newbies to Linux generally cut and paste commands into terminals trustingly when they are googling for solutions to a problem. This opens up the real possilbility and danger that a hacker or can craft a website with malicious commands and can falsely advertise the site as a site for solutions or fixes to a Noobs ubuntu compute problems. The unsuspecting and trusting noob takes the bait and bam gets caught up like a fly in a spider's web, lol.

 

For the few Mac Trojans that have been created, many of them work when the user unwittingly responds to prompts to allow root privileges and enters his or her password. There are many users who purchase Macs because they hate command line and terminals and may not realize the importance of not just entering a password when prompted. So, while this may be an issue for ubuntu users, there are equivalent Mac OSX Noobs who may be just as ignorant of such things. Hackers and trojan authors are equal opportunity attackers. To them, it does not matter if the target is a Ubuntu, Mac, or Vista Noob. For them a noob is a noob is a noob, and any noob is fair game.

 

Well said.

Link to comment
Share on other sites
  • 3 weeks later...
nli
nli
Posted
Posted
The same reason why someone write virus's.

They think it is funny to have power over someone else."screw with a newbie".

Yep. I remember there used to be a jer :) ff who hung out in the comp.unix.bsd.freebsd.misc newsgroup around seven or eight years ago who would intentionally post obscufated "rm -r /" type commands in response to newbie questions.

Link to comment
Share on other sites
endafy
endafy
Posted
Posted

My initial thought was why they allowed for such commands to be run in a newbish distribution.

In my slackware box

su

chmod -R 000 /

and

rm -r /

do not work at all and come back with a reply like "don't be stupid" or "this is a good way toward a headache"

Honestly a 4 line script can block such things. DUHHHHHH write a newb distro expect newbs to make newb mistakes and then tell other newbs to do it bc they thought it was funny/a way to teach a lesson. Don't post that BS but write a simple disable script or steal one from debian or slackware. Who is the bigger newb here the devs or the newb telling the other newb to run the comman.

Link to comment
Share on other sites
fatshitcat
fatshitcat
Posted
Posted

Exactly. I can't see the point of the ridicule.

People enjoy making fools of newbies?
Mostly.

I've seen a Linux suicide command on this particular forum, and warning only in a later post. Now what if you visit the thread in the wrong time.

There's no problem in warning new user about it, at least they take the time to inform new (and potentially newbie)users as thoroughly as possible from the very beginning.

Link to comment
Share on other sites
  • 1 month later...
Conroe Mac
Conroe Mac
Posted
Posted

With great power, comes great responsibility. Quite unfortunate to hear that power corrupted. We were all "noobs" once and the future of linux is in converting the masses not just the technologically savvy.

Link to comment
Share on other sites
dies
dies
Posted
Posted
In my slackware box

su

chmod -R 000 /

and

rm -r /

do not work at all and come back with a reply like "don't be stupid" or "this is a good way toward a headache"

 

Really ? That's pretty cool. I wonder when that started... it does seem to go against what Slackware is known for.

 

Last time I tried "rm -rf /" on my slack install ( I was done with it :) ) it happily removed everything it could, no questions asked, this was a few releases ago though.

 

I agree though that a distro that is aimed at newcomers should try to avoid these kinds of issues, not prevent someone from doing something stupid but at least warn them if at all possible.

Link to comment
Share on other sites
  • 2 weeks later...
Elv13
Elv13
Posted
Posted

I would never give those kind of command, but sometime, a dangerous stupid command is the right answer, take a look. Let say the noob say: "Is there a way that I can be ABSOLUTELY sure that nobody will ever have access to my data?". Well, in this case, the right command is destructive, because "nobody" include himself. So `sudo cat /dev/urandom > /dev/sda &` is the right command. I saw that kind of questions many time. The right answer is to encrypt your partition with a TMP chip on your motherboard as key and an other private key on top of that. Then having industrial strenght passwork or quality fingerprint reader, but even there if data exist, you can get them, so the right answer is to destroy them (and warn the user that it is).

 

When someone ask how to remove windows as default choice in grub and someone give a command with mkfs in it, ban him, a chmod 777 or u+s, warn him, a scriptkiddy perl script to take control, ban his IP. But for someone who explain what the command he post do, and the noob don't read and execute it anyway, then the one who posted the command is not responsible for damage done to the noob system. Of course, if the command is off topic, then he should be banned, but once again, dangerous command exist and have some real life usage, it is the power and beauty of Linux, you are the master of your computer, you can do wtf you want with it.

Link to comment
Share on other sites
 Share
Go to topic listing
×
×
  • Create New...