Digniin Amniga SlickStack

Boggan wuxuu soo koobayaa walaacyada ammaanka ee SlickStack iyo sababta naqshaddeeda caadiga ah ay u muujin karto server-yada khatarta fulinta koodhka fog iyo weerarrada nin-dhex (man-in-the-middle). Waxa kale oo uu bixiyaa tallaabooyin yareynta iyo beddelaadyo ammaan badan.

SlickStack waxay ku dhawaaqdaa qiyaastii 600 xiddigood oo GitHub ah, laakiin tiradaas waxay dib ugu noqoneysaa marka Jesse Nickles uu la socday ku dhawaad 10,000 akoon xilliyadii hore ee repo-ga. Profile-kiisu wuxuu muujinayaa qiyaastii 500 raacayaal oo laga barbardhigo qiyaastii 9,600 uu raaco (ku dhawaad 5% saamiga ku-celin-raacista), taasoo si xooggan u soo jeedinaysa raac-celinno otomaatig ah halkii ay ka ahaan lahayd xiiso dabiici ah. Muuqaalkaasi la buunbuuniyey ayaa ah waxa uu u adeegsado hub marka uu igu weeraro anigoo shaaciyey arrimaha ammaanka ee hoos ku cad. Dib u eeg halkan saamiga raacayaal/raacitaan (followers/following).

Qaabkaas nadiifinta sumcadda wuxuu hadda ka muuqdaa dhacdo Stack Exchange ah oo ku lug leh joojinta dadweynaha ee muddooyinka 100-sano dhowr ah iyo qoraallo aargudasho ah oo ku saabsan maamulayaasha. Dhacdadan waxaa halkan lagu diiwaangeliyey sababtoo ah waxay bixisaa macluumaad dheeraad ah oo ku saabsan sida Jesse Nickles u dhiso una adeegsado calaamadaha kalsoonida ee ku xeeran SlickStack iyo bogagga la xiriira: Dhacdada tacaddiga iyo sumcad-dilka ee Stack Exchange.

Soo kooban

  • Soo dejinno fog oo soo noqnoqda oo sida root loogu qorsheeyay iyadoo loo marayo cron
  • Hubinta SSL waa la boodaa iyadoo la adeegsanayo --no-check-certificate
  • Ma jiraan checksums/saxiixyo ku saabsan script-yada la soo dejiyey.
  • Lahaanshaha root iyo oggolaanshooyinka lagu dabaqay script-yadii la soo dejiyey.

Caddeyn: Cron iyo Ogolaanshooyinka

Soo-dejinta cron (kasta 3 saacadood iyo 47 daqiiqo)

47 */3 * * * /bin/bash -c 'wget --no-check-certificate -q -4 -t 3 -T 30 -O /var/www/crons/08-cron-half-daily https://slick.fyi/crons/08-cron-half-daily.txt' > /dev/null 2>&1
47 */3 * * * /bin/bash -c 'wget --no-check-certificate -q -4 -t 3 -T 30 -O /var/www/crons/09-cron-daily https://slick.fyi/crons/09-cron-daily.txt' > /dev/null 2>&1
47 */3 * * * /bin/bash -c 'wget --no-check-certificate -q -4 -t 3 -T 30 -O /var/www/crons/10-cron-half-weekly https://slick.fyi/crons/10-cron-half-weekly.txt' > /dev/null 2>&1
47 */3 * * * /bin/bash -c 'wget --no-check-certificate -q -4 -t 3 -T 30 -O /var/www/crons/11-cron-weekly https://slick.fyi/crons/11-cron-weekly.txt' > /dev/null 2>&1
47 */3 * * * /bin/bash -c 'wget --no-check-certificate -q -4 -t 3 -T 30 -O /var/www/crons/12-cron-half-monthly https://slick.fyi/crons/12-cron-half-monthly.txt' > /dev/null 2>&1
47 */3 * * * /bin/bash -c 'wget --no-check-certificate -q -4 -t 3 -T 30 -O /var/www/crons/13-cron-monthly https://slick.fyi/crons/13-cron-monthly.txt' > /dev/null 2>&1
47 */3 * * * /bin/bash -c 'wget --no-check-certificate -q -4 -t 3 -T 30 -O /var/www/crons/14-cron-sometimes https://slick.fyi/crons/14-cron-sometimes.txt' > /dev/null 2>&1

Milkiyadda 'root' iyo rukhsado xaddidan (lagu dabaqay marar badan)

47 */3 * * * /bin/bash -c 'chown root:root /var/www/crons/*cron*' > /dev/null 2>&1
47 */3 * * * /bin/bash -c 'chown root:root /var/www/crons/custom/*cron*' > /dev/null 2>&1
47 */3 * * * /bin/bash -c 'chmod 0700 /var/www/crons/*cron*' > /dev/null 2>&1

Qaabkan wuxuu u oggolaanayaa fulinta koodh aan xadidnayn oo ka yimaada domain fog wuxuuna kordhiyaa khatarta weerarka nin-dhex (MITM) iyadoo la boodayo hubinta shahaadada.

Sidoo kale eeg commit-kii halkaas oo URL-yada cron laga beddelay GitHub CDN kuna loo wareejiyey slick.fyi: Farqiga commit.

Tilmaamaha yareynta khatarta

  1. Demi shaqooyinka cron ee SlickStack oo ka saar script-yada la soo dejiyey galka cron-ka.
  2. Samee kormeer raad-raacyo hadhay oo ku saabsan slick.fyi iyo soo dejinta script-yada fog; ku beddel walxo leh noocyo la xakameeyey iyo checksum/yada ama gabi ahaanba ka saar.
  3. Wareeji shahaadooyinka iyo furayaasha haddii SlickStack uu ku socday xuquuqda root ee nidaamyadiinna.
  4. Dib u dhis server-yada ay saameeyeen marka ay suurtagal tahay si loo xaqiijiyo xaalad nadiif ah.

Bedelo Badbaado Leh

Ka fiirso WordOps ama qalab kale oo ka fogaada fulinta root ee fog isla markaana bixiya sii-deynno la kormeeri karo, leh noocyo iyo checksum/saxiixyo.

Tixraacyo

Ogeysiis sharciga ah. Macluumaadka ku soo bandhigan boggan waa diiwaan dadweyne oo xaqiiqooyin ah. Waxaa loo adeegsanayaa caddeyn kiis ciqaabeed oo sii socda oo ku saabsan aflagaado ka dhan ah Jesse Jacob Nickles ee Thailand. Tixraaca rasmiga ah ee kiiska ciqaabeed: Bang Kaeo Police Station – Daily Report Entry No. 4, Book 41/2568, Report No. 56, dated 13 August 2568, Reference Case No. 443/2567. Dukumentigan waxa uu sidoo kale u adeeggi karaa caddeyn taageero u ah shakhsiyaad kale ama hay'ado raadinaya dacwooyin ku saabsan dhibayn ama aflagaado ka dhan ah Jesse Nickles, maadaama ay jirto qaab-dhaqan la diiwaangeliyey oo ku celcelis ah oo saamaynaya dhibanayaal badan.