demidevimon

demidevimon on a desk

For many years, demidevimon was a server of various kinds and the gateway through which the computers on my home network accessed the Internet.

demidevimon is an Intergraph TD-310, bought at a garage sale of Name Brand Computer Outlet (now apparently defunct). He is the twin brother of malcolm.

demidevimon holds a special place in my heart, because it is the first computer on which I installed a full GNU/Linux operating system from source (this before Linux From Scratch existed). This was a tremendous learning experience for me. Doing this a few times more on other computers led me to look for a way to automate the process somewhat, which in turn led to the creation of Gusto GNU/Linux.

To celebrate the successful completion of the laborious process of installing an operating system by hand, I created this small piece of ASCII art:

                      ___                                                    
   ____           ,--',_-"'  Welcome to                                      
,==___ `-.  _/`,-'   /--,    ._.   ___ .  . . ._.   ___ .  . . .  .  __  .__ 
   ,==`  (,/--/ )   _==. `   |  \ (__  |\/| | |  \ (__  |  | | |\/| /  \ |  |
  '  ,==-/o}{o}\,--=    `    |__/ (___ |  | | |__/ (___  \/  | |  | \__/ |  |
         \.__) /.,. `                                                        
      ,--,`---'(  /`                                                         
      /^^`.(   \ (                                                           
           '    `-'                                                          
This is demidevimon.bamsoftware.com.

This is the /etc/issue file on demidevimon and used to be prominently displayed on the home page of this web site.

I had my best-ever game of NetHack on Demidevimon:

 No  Points     Name                                                   Hp [max]
  1    1220031  david-Val-Dwa-Fem-Law escaped the dungeon [max level
                28].                                                  185 [185]

Some time in the summer of 2001 the hard drive holding the web pages and my programs suffered a head crash. (demidevimon was my primary computer at the time.) This was followed by a lot of work with dd and xxd to recover what data I could from the undamaged sectors. During this period I learned more than I ever wanted to know about the Second Extended Filesystem. I have forgotten most of it now, though.

demidevimon is named after my favorite Digimon character. Demidevimon was a bad-guy Digimon who was eventually eaten by his boss, VenomMyotismon.

descrypt and solitairecrypt were written on demidevimon.

I wiped and removed demidevimon's disks and put him in the garage to await recycling in the early hours of April 14, 2008.

Breakin

demidevimon was broken into around June and July, 2006. I had left sshd running to allow password authentication and my mysql user had a guessable password. The attacker installed some files in /tmp, in a directory with the invisible filename of " " (a single space character). These files were

/tmp/ :
total 548
-rw-r--r--   1 mysql    mysql      382466 Jul  5 17:16 MuiPay.tgz
drwxr-xr-x   2 mysql    mysql        1024 Jul  6 10:02 br
drwxr-xr-x   2 mysql    mysql        1024 Jul  6 10:07 eb
drwxr-xr-x   2 mysql    mysql        1024 Jul  6 10:51 send
-rw-r--r--   1 mysql    mysql      170366 Jul  5 17:01 sendP61.tgz

/tmp/ /br:
total 380
-rw-r--r--   1 mysql    mysql         724 Feb 16  2001 ini.inc
-rw-r--r--   1 mysql    mysql      213556 Jul  6 06:58 list.txt
-rwxr-xr-x   1 mysql    mysql      165596 Aug 21  2001 pico
-rw-r--r--   1 mysql    mysql        1268 Feb 28 07:13 send.php
-rw-r--r--   1 mysql    mysql        3829 Jul  6 04:50 test.txt

/tmp/ /eb:
total 1228
-rw-r--r--   1 mysql    mysql         724 Feb 16  2001 ini.inc
-rw-r--r--   1 mysql    mysql      815742 Jun  3 17:58 list.txt
-rwxr-xr-x   1 mysql    mysql      165596 Aug 21  2001 pico
-rwxr-xr-x   1 mysql    mysql      249980 Feb 13  2001 screen
-rw-r--r--   1 mysql    mysql         644 Jun  3 14:51 send.php
-rw-r--r--   1 mysql    mysql       13356 Jun  3 16:01 test.txt

/tmp/ /send:
total 735
-rw-r--r--   1 mysql    mysql        4780 Jul  5 17:05 bla.txt
-rw-r--r--   1 mysql    mysql         580 Jun 21  2005 ebay.php
-rw-r--r--   1 mysql    mysql         724 Jun 16  2004 ini.inc
-rw-r--r--   1 mysql    mysql      240617 Jul  5 17:12 list.txt
-rwxr-xr-x   1 mysql    mysql      165596 Aug 21  2001 pico
-rw-r--r--   1 mysql    mysql       83375 Nov 23  2004 pico.tgz
-rwxr-xr-x   1 mysql    mysql      249980 Jul  5 17:14 screen

As far as I can tell, these files were used to send thousands of spam emails.


Back