turngren.net rapport :   Visitez le site

Données techniques du turngren.net

Geo IP vous fournit comme la latitude, la longitude et l'ISP (Internet Service Provider) etc. informations. Notre service GeoIP a trouvé l'hôte turngren.net.Actuellement, hébergé dans - et son fournisseur de services est - .

the related websites

domaine	Titre
feetondemand.com	feet on demand
turngren.net	turngren.net - put your feet up
dancingfeet.fr	dancing feet : musique et sorties à paris
bestwalkingshoesforflatfeet.com	best walking shoes for flat feet i full guide to choose the best shoes

booking-paris.danslenoir.fr temple-parvis.com lescentune.com deepskystacker.free.fr feteanniversaire.fr topito.com gateauauyaourt.com 

Analyse d'en-tête HTTP

Les informations d'en-tête HTTP font partie du protocole HTTP que le navigateur d'un utilisateur envoie à appelé Apache contenant les détails de ce que le navigateur veut et acceptera de nouveau du serveur Web.

DNS

HtmlToText

skip to content turngren.net put your feet up menu and widgets about turngren.net owncloud search for: recent posts linux and the monero miner malware – muhsti hiatus – again, it’s been a long time frozen meal review #5: devour italian sausage lasagna server migration frozen dinner review #4: devour ravioli calendar july 2018 m t w t f s s « feb 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 archives february 2018 january 2018 december 2016 june 2016 december 2015 november 2015 september 2015 august 2015 july 2015 june 2015 may 2015 april 2015 march 2015 february 2015 january 2015 december 2014 categories computers food news photography uncategorized web meta log in entries rss comments rss wordpress.org linux and the monero miner malware – muhsti update: i’ve found a few more hits on this muhsti thing, like this one . and the process came back at least once, i deleted a few more locations – more research needs to be done on this. when ubuntu 18.04 is released, i’ll probably migrate to a new server anyway. second update: i’ve restored a week-old backup onto a new linode, and pointed my domain at the new ip. going to harden what i have here, and hope that this won’t happen again. also going to back up now, after re-adding this post. waking up to emails from linode doesn’t always mean something bad is happening, but sometimes it does. here’s a shot of my wordpress directory (which is the root of my apache site). anything look odd? does any of this scream “malware” to you? how my day started every morning when i wake up, i have a habit of checking my email first thing. this morning, there were several automatically generated emails from linode (my vps host) indicating that my cpu usage was at 100% for an extended period of time. all i run on this server is my lamp stack and this wordpress site, so this is unusual. my first thought was some kind of runaway process, so i logged into the linode manager and rebooted the server. i figured there was a good chance that whatever happened, this would fix it. certainly wasn’t expecting malware. it also takes <30 seconds, and just a click of one button. an hour or two later, i get another email. so, i walk downstairs, make a cup of coffee, and sit down at my computer. i ssh into my site, and run htop. first thing that i see is two instances of a command “muhsti” which is at the top of the list and using up all of my cpu. i knew right away that this wasn’t a command that i normally have running, and it was being run under the www-data user, so it had something to do with the web server. normally the only processes running under that user are the lamp processes, like apache and mysql. big red flag. (note: this is a picture from a user on serverfault, i didn’t take a screenshot when i first discovered this process. luckily, the process on my server had only been running for a few hours, not a very long time like on this user’s server.) after some searching, i found this . turns out it’s a crypto mining malware, and at least one other person has written about it. this is the only source i can find about this process. turns out, this process mines monero and sends it back to a third party. after reading through the info, it seemed fairly straightforward. but how did i get it? chasing down the cause the only other mention i was able to find of “muhsti” was a serverfault page which linked to the above page. this user mentioned that it came in through a wordpress plugin called muhstikx86. i logged into the dashboard, looked at my installed plugins, and didn’t see it. okay, so it’s not an overtly obvious plugin. i thought, “i’ll take a look in the plugins directory in case there is something there that seems out of place.” looks normal. went to the root directory: wait – what’s plugins? i try to go into the directory. not a directory. go to edit the file – bunch of gibberish. that’s my first (although crude) way of telling something is an executable, not a script or a text file. found it. don’t know how it got there, but i found it. so, of course, i removed it. i also re-read the article i posted above, and looked to the other sources of the problem – the way that the miner replicates itself, and the method by which (cron) it triggers itself. here’s the cron process it entered: i went through and deleted everything related to it. i still don’t know exactly where it came from, but as i’ve had htop open for a while, and haven’t seen the process resurface, i think – for now at least – i’ve gotten rid of it. i also changed the permissions on the www-user crontab, so that only root can write to it. an inelegant solution, but as of now, i have no cron jobs that the www-user user needs to be running. this will prevent replications like this in the future. where do i go from here? i think i need to revisit the permissions of not only the files/folders in my webroot directory, but also the permissions of the www-data user. i don’t want them to be able to write to /dev/shm, i don’t think at least, (i’m going to keep reading up on this) and i don’t want it to generate cron jobs. hit me with some comments if you have any input, advice or ideas. curious to see how widespread this is, and maybe where it came from originally. perhaps i’ll never know. share this: click to share on reddit (opens in new window) click to share on facebook (opens in new window) click to share on google+ (opens in new window) click to email this to a friend (opens in new window) click to share on twitter (opens in new window) posted on february 17, 2018 february 17, 2018 categories uncategorized hiatus – again, it’s been a long time so, it’s been a long time without any news – time for an update. a new job, and all kinds of other things have gotten in the way. i’ve made some changes to try to be as open source, linux, and privacy-minded as i can. post-install guides continue reading hiatus – again, it’s been a long time share this: click to share on reddit (opens in new window) click to share on facebook (opens in new window) click to share on google+ (opens in new window) click to email this to a friend (opens in new window) click to share on twitter (opens in new window) posted on january 17, 2018 january 17, 2018 categories computers , news frozen meal review #5: devour italian sausage lasagna this is the second of the two devour meals i have eaten so far. it’s pretty good. simple, but good. devour italian sausage lasagna. continue reading frozen meal review #5: devour italian sausage lasagna share this: click to share on reddit (opens in new window) click to share on facebook (opens in new window) click to share on google+ (opens in new window) click to email this to a friend (opens in new window) click to share on twitter (opens in new window) posted on december 12, 2016 december 7, 2016 categories food , news 4 comments on frozen meal review #5: devour italian sausage lasagna server migration due to a whole range of problems and issues surrounding updating from ubuntu 14.04 lts to 16.04 lts, i’m in the process of migrating to a new linode that i’ve set up. this site will be going up and down over the next few hours, and will also probably be throwing out some ssl certificate errors as i get everything moved over and troubleshoot. share this: click to share on reddit (opens in new window) click to share on facebook (opens in new window) click to share on google+ (opens in new window) click to email this to a friend (opens in new window) click to share on twitter (opens in new window) posted on december 12, 2016 categories computers , news 1 comment on server migration frozen dinner review #4: devour ravioli devour is – from what i can tell – a somewhat recent entry into frozen meals. i’ve had two so far, this review is about the first of the two: ravioli with pesto sauce and italian sausage. continue reading frozen dinner review #4: devour ravioli share this: click to share on reddit (opens in new window) click to

Analyse PopURL pour turngren.net

https://turngren.net/index.php/2015/05/
https://turngren.net/index.php/server-migration/?share=facebook
https://turngren.net/index.php/linux-and-the-monero-miner-malware/?share=google-plus-1
https://turngren.net/index.php/linux-and-the-monero-miner-malware/?share=twitter
https://turngren.net/index.php/page/2/
https://turngren.net/index.php/linux-and-the-monero-miner-malware/?share=reddit
https://turngren.net/index.php/hiatus-again-its-been-a-long-time/?share=google-plus-1
https://turngren.net/index.php/frozen-meal-review-5-devour-italian-sausage-lasagna/
https://turngren.net/index.php/feed/
https://turngren.net/index.php/hiatus-again-its-been-a-long-time/#more-567
https://turngren.net/index.php/hiatus-again-its-been-a-long-time/?share=facebook
https://turngren.net/index.php/frozen-meal-review-5-devour-italian-sausage-lasagna/?share=email
https://turngren.net/index.php/2015/03/
https://turngren.net/index.php/news/
https://turngren.net/index.php/linux-and-the-monero-miner-malware/

Informations Whois

Whois est un protocole qui permet d'accéder aux informations d'enregistrement.Vous pouvez atteindre quand le site Web a été enregistré, quand il va expirer, quelles sont les coordonnées du site avec les informations suivantes. En un mot, il comprend ces informations;

Domain Name: TURNGREN.NET
Registry Domain ID: 1869377116_DOMAIN_NET-VRSN
Registrar WHOIS Server: whois.google.com
Registrar URL: http://domains.google.com
Updated Date: 2017-08-02T21:38:44Z
Creation Date: 2014-08-02T04:27:25Z
Registry Expiry Date: 2018-08-02T04:27:25Z
Registrar: Google Inc.
Registrar IANA ID: 895
Registrar Abuse Contact Email: registrar-abuse@google.com
Registrar Abuse Contact Phone: +1.8772376466
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Name Server: NS-CLOUD-C1.GOOGLEDOMAINS.COM
Name Server: NS-CLOUD-C2.GOOGLEDOMAINS.COM
Name Server: NS-CLOUD-C3.GOOGLEDOMAINS.COM
Name Server: NS-CLOUD-C4.GOOGLEDOMAINS.COM
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2017-11-09T10:08:42Z <<<

For more information on Whois status codes, please visit https://icann.org/epp

NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.

TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.

The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.

  REGISTRAR Google Inc.

SERVERS

  SERVER net.whois-servers.net

  ARGS domain =turngren.net

  PORT 43

  TYPE domain
RegrInfo
DOMAIN

  NAME turngren.net

  CHANGED 2017-08-02

  CREATED 2014-08-02

STATUS
clientTransferProhibited https://icann.org/epp#clientTransferProhibited

NSERVER

  NS-CLOUD-C1.GOOGLEDOMAINS.COM 216.239.32.108

  NS-CLOUD-C2.GOOGLEDOMAINS.COM 216.239.34.108

  NS-CLOUD-C3.GOOGLEDOMAINS.COM 216.239.36.108

  NS-CLOUD-C4.GOOGLEDOMAINS.COM 216.239.38.108

  REGISTERED yes

Erreurs

La liste suivante vous montre les fautes d'orthographe possibles des internautes pour le site Web recherché.