sourceforge.net

sourceforge - bringin' the hammer down

SourceForge is dedicated to making open source projects successful.

We thrive on community collaboration to help us create the leading resource for open source software development and distribution. With the tools we provide, 3.4 million developers create powerful software in over 324,000 projects. Our popular directory connects more than 46 million consumers with these open source projects and serves more than 4,000,000 downloads a day. SourceForge is where open source happens.

Proxytunnel

Let me introduce Proxytunnel for you.
This is an old, but seems like having been abandoned lately, project which aims to provide access to applications through a proxy server. This is basically a port forwarding tool making the application think it is using direct connection.
As the author’s description goes,

Proxytunnel is a program that connects stdin and stdout to an origin server somewhere in the Internet through an industry standard HTTPS proxy.
This will allow you for example to access SSH servers when you normally only have http(s) access.


I’ve used it for accessing an FTP server, and SSHing. Either of them was successful.
Let me tell you in a few words how it can run.
First of all, I created a shell script on a Unix-like operating system as follows,

proxytunnel --proxy="proxy.lan:3128" --proxyauth="login:password" --dest="sam.ohnopub.net:22" --standalone=58181

This text describes Proxytunnel’s behavior as a standalone program.
Proxytunnel listens to a port pointed out in the –standalone option. When something comes to the port, Proxytunnel does port forwarding onto a host and port from the –dest option via a proxy server which is defined in the –proxy one. The –proxyauth option is used when the proxy server requires authentication.
When you’re done, you may SSH via:

ssh user@127.0.0.1 -p 58181

What Did http://www.sourceforge.net Look Like From 2000 To 2014?

Links:
2000: http://web.archive.org/web/20000202213034/http://www.sourceforge.net/
2001: http://web.archive.org/web/20010202073200/http://sourceforge.net/
2002: http://web.archive.org/web/20020124051726/http://www.sourceforge.net/
2003: http://web.archive.org/web/20030205135640/http://sourceforge.net/
2004: http://web.archive.org/web/20040204062446/http://www.sourceforge.net/
2005: http://web.archive.org/web/20050101090932/http://sourceforge.net/
2006: http://web.archive.org/web/20060101070321/http://sourceforge.net/
2007: http://web.archive.org/web/20070101102300/http://sourceforge.net/
2008: http://web.archive.org/web/20080103101749/http://sourceforge.net/
2009: http://web.archive.org/web/20090101213859/http://www.sourceforge.net/
2010: http://web.archive.org/web/20100102185111/http://sourceforge.net/
2011: http://web.archive.org/web/20110107171448/http://sourceforge.net/
2012: http://web.archive.org/web/20120101074334/http://sourceforge.net/
2013: http://web.archive.org/web/20130101072408/http://sourceforge.net/
2014: http://web.archive.org/web/20140101051715/http://sourceforge.net/

youtube

The Java_console Demo

SourceForge.netの攻撃(追加情報)

SourceForge.netの攻撃(追加情報)

我々は昨日述べたように、我々はsourceforge.netが攻撃され複数のサーバーが侵害されたことを発見した。

一つの視点から多くが、その後変更されています:私たちは、何が起こったのかについての詳細に理解し、我々は再発防止策を施すことができるかを理解しました。

別の観点から:我々は最後の夜であったとして私たちは、同じことをやっている:と、既知の正常なバックアップからデータを検証するために当社のサービスの大部分を保護するために、攻撃の完全な範囲を記録することにとりくんでいます。取り組んでいます。

我々のサーバーおよびサービスは、このような将来の攻撃に対して強化されていることを確認して作業を行う際にCVS、viewvcのは、リリースファイルをアップロードし、インタラクティブなシェルサービスはまだ無効になっています。

すべてのすべては、我々は、大きな進歩を加えて、明日報告して詳細を持っている期待しています。

あなたの忍耐と支援に感謝します

- SourceForge.netチーム

更新:完全なレポートは、ブログに掲載されています:

http://sourceforge.net/blog/sourceforge-attack-full-report/

タグ: ダウン 、 悪用