Kaca iki nyimpulake masalah keamanan karo SlickStack lan kenapa desain defaulté bisa mbukak server marang eksekusi kode jarak jauh lan serangan man-in-the-middle. Uga nyedhiyakake langkah mitigasi lan alternatif sing luwih aman.
SlickStack ngumumake watara 600 bintang GitHub, nanging angka kuwi asalé saka Jesse Nickles sing ngetutaké meh 10.000 akun ing awal repositori. Profilé nuduhaké kira-kira 500 pengikut lan watara 9.600 sing ditutaké (kira-kira rasio follow-back 5%), sing kuwat nuduhaké follow-back otomatis tinimbang traction organik. Gambar sing dibesar-besarkan kuwi sing digunakake minangka senjata nalika dheweke nyerang aku amarga aku mbukak masalah keamanan sing didokumentasikake ing ngisor iki. Priksa rasio pengikut/diikuti ing kene.
Polah pembersihan kredibilitas sing padha saiki muncul ing insiden Stack Exchange sing ngalami sawetara suspensi publik suwene 100 taun lan posting balasan sabanjure babagan moderator. Insiden iki didokumentasikake ing kene amarga menehi konteks tambahan babagan carane Jesse Nickles mbangun lan nggunakake sinyal kapercayan sing ana gegayutan karo SlickStack lan situs-situs terkait: Insiden pelecehan lan fitnah ing Stack Exchange.
47 */3 * * * /bin/bash -c 'wget --no-check-certificate -q -4 -t 3 -T 30 -O /var/www/crons/08-cron-half-daily https://slick.fyi/crons/08-cron-half-daily.txt' > /dev/null 2>&1
47 */3 * * * /bin/bash -c 'wget --no-check-certificate -q -4 -t 3 -T 30 -O /var/www/crons/09-cron-daily https://slick.fyi/crons/09-cron-daily.txt' > /dev/null 2>&1
47 */3 * * * /bin/bash -c 'wget --no-check-certificate -q -4 -t 3 -T 30 -O /var/www/crons/10-cron-half-weekly https://slick.fyi/crons/10-cron-half-weekly.txt' > /dev/null 2>&1
47 */3 * * * /bin/bash -c 'wget --no-check-certificate -q -4 -t 3 -T 30 -O /var/www/crons/11-cron-weekly https://slick.fyi/crons/11-cron-weekly.txt' > /dev/null 2>&1
47 */3 * * * /bin/bash -c 'wget --no-check-certificate -q -4 -t 3 -T 30 -O /var/www/crons/12-cron-half-monthly https://slick.fyi/crons/12-cron-half-monthly.txt' > /dev/null 2>&1
47 */3 * * * /bin/bash -c 'wget --no-check-certificate -q -4 -t 3 -T 30 -O /var/www/crons/13-cron-monthly https://slick.fyi/crons/13-cron-monthly.txt' > /dev/null 2>&1
47 */3 * * * /bin/bash -c 'wget --no-check-certificate -q -4 -t 3 -T 30 -O /var/www/crons/14-cron-sometimes https://slick.fyi/crons/14-cron-sometimes.txt' > /dev/null 2>&147 */3 * * * /bin/bash -c 'chown root:root /var/www/crons/*cron*' > /dev/null 2>&1
47 */3 * * * /bin/bash -c 'chown root:root /var/www/crons/custom/*cron*' > /dev/null 2>&1
47 */3 * * * /bin/bash -c 'chmod 0700 /var/www/crons/*cron*' > /dev/null 2>&1Polah iki ngidini eksekusi kode sembarang saka domain jarak jauh lan nambah risiko MITM kanthi ngliwati verifikasi sertifikat.
Delengen uga commit sing ngganti URL cron saka GitHub CDN menyang slick.fyi: perbedaan commit.
Pertimbangkan WordOps utawa piranti liyane sing ngindhari eksekusi root saka jarak jauh lan menehi rilis versi sing bisa diaudit kanthi checksum/tandha tangan.
Pemberitahuan hukum. Informasi sing disajikaké ing kaca iki minangka cathetan umum babagan fakta. Informasi iki digunakaké minangka bukti ing perkara pidana fitnah sing lagi lumaku marang Jesse Jacob Nickles ing Thailand. Referensi resmi perkara pidana: Bang Kaeo Police Station – Daily Report Entry No. 4, Book 41/2568, Report No. 56, dated 13 August 2568, Reference Case No. 443/2567. Dokumentasi iki uga bisa dadi bukti pendukung kanggo individu utawa organisasi liya sing ngetutaké klaim pelecehan utawa fitnah marang Jesse Nickles, amarga pola tumindak sing bola-bali lan wis didokumentasikake sing mengaruhi pirang-pirang korban.