New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Jesus christ, I never imagined it'd work this well...
@host4bot
This is precisely the purpose of the script, to educate those who don't understand what they are running. The script itself is nothing more than a show, making the untrained eye believe it is deleting their entire system. But look closely; it prints out "rm -rf" but in reality only lists the files in your filesystem!
Take this as a lesson, and be sure to know what you're running. A few extra moments could save you from needing to reimage your system and dealing with any consequences.
Lmfao!
While not to excuse the OP (or anyone who blindly trusts a script), one could nonetheless argue that if a long-standing member of the community provides a link to a script called
bench.shso prominently in their signature, then another (less experienced) member could be forgiven for presuming that the script really is a legitimate benchmarking script and not a script that is constructed to scare a person and to teach them a lesson.@angstrom
Fair enough. I suppose it was more of a punch back when I was a newer member.
That being said, even if a long standing member says something, it can't always be trusted. Perhaps that user is hacked, or their servers are compromised for whatever reason and the script is changed to something malicious!
We all make mistakes. All humans do
This is why privilege de-escalation and backups are important -- with less privileges means less possible damage (generally).
Yes, as I said, the OP (or anyone) is responsible if they don't exercise due caution with respect to unknown scripts.
At the same time, this doesn't mean that you as a long-standing member of this community are exempt from any charge of intending to mislead (less experienced) unsuspecting members with a script called
bench.shthat you wrote and that you provide the command-line incantation for so prominently in your signature. In this context, a user could be forgiven for presuming to trust you.He will just ignore what you said... for second time.
This is very high up there on the stupid thread list
That's not very useful as you can easily hash every IPv4 address.
I do not disagree entirely. But I think in this case, the ends justified the means. I'm sure OP won't soon forget what that script was meant to teach and no real harm was done afaik.
The "lol u dumb, quit now" responses were much more malicious than the script. Remember the person on the other side of the screen might not learn exactly the same way as you or even had the opportunity to have the time to be capable of doing so.
Anyway
Happy Easter!
Sorry, but no one here was entrusted with a mission to teach others a lesson such that the end justifies the means.
User signatures on a forum are supposed to be innocent: for example, they may contain a simple link to a user's website, or an outdated quote (such as my signature). If someone hides an affiliate link in their signature, others may object, and if they object, they object not merely because an explicit forum rule is broken. They object because there's an intent by the signature holder to conceal something from them that they would prefer to know about.
Again, as you can see in my posts above, I'm not excusing the OP's carelessness: he's responsible for the scripts that he runs on his server.
But I'm not inclined to let @FlamesRunner off the hook either: he wasn't entrusted with a mission to teach others a lesson via a misleading signature.
Yes, what saves the day is that "no real harm" was done, but this doesn't mean that the OP is the only one to blame in this situation.
Honestly- it breaks the don't be a dick rule. We all have things that we are experts in and could behave as dicks towards others, yet choose not to. In this case, one decided to use his signature line to achieve some external validation as to his expertise in acting as a dick.
True, I completely forgot about brute force. Perhaps I'll add some sort of extra bits like the hostname mixed with the IP and their operating system -- that should make it at least difficult to reverse.
tl;dr
You can easily hack other people vps if you are a longstanding member of the community. Just put the script on your sigs, and you're good to go.
Came to say exactly this. People need to get off their high horses. This is a fucking community, not 4chan.
No. The OP would have gotten the message much sooner by explicitly saying "don't blindly run scripts downloaded from the Internet without inspecting the contents first or else assholes may actually do something malicious other than intended. There are assholes everywhere". EVERYONE would get the message without having to run a fake benchmark.
There's no mention of not running shit you don't understand, which telling someone to check contents but not know what they are looking at is useless. Why is two letter "rm" more serious than "ls"? I mean, rm isn't "delete", so how would the layman know what is safe or not? Take a look at the Underhanded C competitions to see how innocent looking code can hide deadly code that pro's can miss.
We download compiled applications all the fucking time and run them without first inspecting the code. So the takeaway is that @FlamesRunner can't be trusted.
Not of fan of this approach to "helping" others.
imho this logic is flawed. it's about people who most likely go somewhere in the internet by googling for whatever and then downloading something unknown because they are too lazy for real learning or at least a minimum of effort and research.
and guess what, these people have no clue nor care about how 'longstanding' someone is in some community. or do you really think OP checked the history of the person posting this while not checking what he actually is downloading? ;-)
that's about the exact point... people who can't distinguish between rm or ls being harmful or not need to be taught that a server facing public internet is not just another devices where you click and download simple apps to.
the environment on an unmanaged server is not made nor delivered as moron safe as possible from the beginning - like your smartphone or tablet usually is.
I think this got nothing to do with the high horse but with the ignorance of people which tells that
is sadly not the reality but wishful thinking...
nowadays people (including me) are much more used to skimming most of the time and not reading, especially signatures get lost on the way.
and think about it. even parents sometimes scare their kids a bit of something they want to protect them from. of course that's a debatable topic too, just saying.
however, probably nothing where a common ground is achievable (says the divorced /w kids)
Since I first mentioned "longstanding member", I'll try to address this.
In my reaction, I was trying to abstract away from the particular qualities of the OP as much as possible. I have no idea whether the OP looked at @FlamesRunner's history or not. But my point was a more general one.
If you (= @Falzo) put a link to a script called
bench.shin your signature, I would presume that I could trust you. I would presume that I could trust you in large part because you're a longstanding member of the community that I recognize. If I could trust you, I would also trust that your script was really a benchmarking script and not a non-benchmarking script intended to scare a person and to teach them a lesson.In contrast, if some new guy signs up and puts a link to a script called
bench.shin his signature, I would not presume that I could trust him and I would definitely inspect his script before running it.In any community, longstanding members do earn trust implicitly as long as they don't break this trust. This was my more general point. (Again, I wanted to abstract away from the particular qualities of the OP as much as possible.)
Although I was trying to formulate the matter in terms of (implicit) trust, your formulation is much more to-the-point. I agree.
I dont thnk it does. It's a helpful "lesson". I "fell for" (ran) it, even though I thought prior to running it that I was pretty careful. Point proven. That moment is etched into my memory along with opening a rogue email attachment 20 years ago (iloveyou).
yes of course - but that's exactly what I meant with 'flawed logic' ... you and other people that are around in this community can see the difference you describe and build that trust. however, they'd also know if something like a fake bench is in the signature of someone they otherwise trust. so the issue with trust is none between these communities members.
people like OP on the other hand don't know or care who is a trustworthy, long-standing whatever member. they google something, go to a community, maybe signup to ask a question and from a quick glance pick something and run it without thinking about it or the trustworthiness of that member at all.
and that's what that very signatures teaches us. if you come to a community, you know nothing about the members and their status. so rather research first. that's what I meant, that I doubt OP even checked if @FlamesRunner could be a member to trust by checking his post history or whatever...
in the end it's interesting that OP picked up something from that sig, rather then using something that really got posted in context to real results here. @FlamesRunner didn't even participate in his first thread, so the question is, why didn't OP pick up on yabs or whatever would be more often referenced/presented in other topics.
SCAM_DONT_BASH
Implies common-sense.
What everyone is saying is that you should inherently trust scripts in signatures from long standing members of internet forums simply because they've been a member of that forum for a long time, even though you have no idea who they actually are. Also, long standing members never decide to do anything bad and they can't get their accounts hacked either, so you should definitely trust them with no questions asked.
Bottom line is that it's @FlamesRunner's fault for posting a script in his signature that caused no harm (other then mental effect on OP, maybe), and OP did nothing wrong by running a random script from a random person on the internet that he trusted for no other reason then that person's username has been registered for a long time.
/S
This is why people get hacked so often and attitudes like this (blaming @FlamesRunner instead of taking responsibility) is what perpetuates the problem and encourages poor security practices.
"When you blame others for your mistakes you loose your power to learn from them". Take the lesson and move on...