MESSAGE
| DATE | 2006-03-27 |
| FROM | From: "Inker, Evan"
|
| SUBJECT | Subject: [NYLXS - HANGOUT] A Tale of Complete Stupidity and Its True! Oklahoma city threa tens
|
Oklahoma city threatens to call FBI over 'renegade' Linux maker
By Ashlee Vance in Mountain View
Published Friday 24th March 2006 20:20 GMT
The heartland turned vicious this week when an Oklahoma town threatened to
call in the FBI because its web site was hacked by Linux maker Cent OS.
Problem is CentOS didn't hack Tuttle's web site at all. The city's hosting
provider had simply botched a web server.
This tale kicked off yesterday when Tuttle's city manager Jerry Taylor fired
off an angry message to the CentOS staff. Taylor had popped onto the city's
web site and found the standard Apache server configuration boilerplate that
appears with a new web server installation. Taylor seemed to confuse this
with a potential hack attack on the bustling town's IT infrastructure.
"Who gave you permission to invade my website and block me and anyone else
from accessing it???," Taylor wrote to CentOS. "Please remove your software
immediately before I report it to government officials!! I am the City
Manager of Tuttle, Oklahoma."
Few people would initiate a tech support query like this, but these are
dangerous times, and Taylor suspected the worst. (Er, but only the world's
most boring hacker would break into a site and then throw up a boilerplate
about how to fix the hack.)
CentOS developer Johnny Hughes jumped on the case and tried to explain the
situation to Taylor.
"I feel sorry for your city," he replied in an e-mail. "CentOS is an
operating system. It is probably installed on the computer that runs your
website. . . . Please contact someone who does IT for you and show them the
page so that they can configure your apache webserver correctly."
That response didn't go over so well.
"Get this web site off my home page!!!!! It is blocking access to my
website!!!!~!," Taylor responded, clearly excited about the situation and
sensing that Bin Laden was near.
Again, CentOS jumped in to try and explain some of the technical details
behind the problem. It pointed Taylor to this page
(http://centos.hughesjr.com/testing/noindex_new.html), saying it was the
standard page for a web server and noted that it provides instructions on
how to fix the problem. The CentOS staffer suggested that Taylor contact his
service provider or have an administrator look into the issue.
That response didn't go over so well.
"Unless this software is removed I will file a complaint with the FBI,"
Taylor replied.
Later he added,
"I have four computers located at City Hall. All of these computers display
the same CentOS page when attempting to bring up Tuttle-ok.gov. Now if your
software is not causing this problem, how does it happen??? No one outside
this building has complained about this problem. This is a block of public
access to a city's website. Remove your software within the next 12 hours or
an official complaint to the FBI is being filed!"
And later,
"I am computer literate! I have 22 years in computer systems engineering and
operation. Now, can you tell me how to remove 'your software' that you
acknowledge you provided free of charge? I consider this 'hacking.'"
After a few more exciting exchanges, CentOS managed to track down the
problem for Taylor. It turns out that hosting provider Vidia Communications
is running CentOS on some of its servers and had not configured the Tuttle
web site properly. CentOS informed Taylor of the situation, and, a day
later, Taylor had calmed down.
"The problem has been resolved by VIDIA who used to host the City website,"
he wrote. "They still provide cable service but do not host the website. The
explanation was that they had a crash and during the rebuild they
reinstalled the software that affected our website."
"I am sorry that we had to go through the process and accusations to get the
problem resolved. It could have been resolved a lot quicker if the initial
correspondence with you provided the helpful information that was
transmitted in the last messages. My initial contact with VIDIA disallowed
any knowledge of creating the problem."
Er, so despite the fact that CentOS went out of its way to figure out the
problem for Tuttle, Taylor still places the blame on CentOS for not fixing
the problem - that it didn't create - sooner. In addition, Taylor didn't
really start off the whole process on the best foot despite Tuttle being a
town "Where People Grow - Friendly!" Grow friendly, threaten to bring in the
FBI at the drop of a hat - what's the difference?
As of this writing, one Tuttle web site (http://www.cityoftuttle.org/) still
had not been fixed, although you can find the charming Tuttle man Taylor
over here
(http://www.tuttle-ok.gov/index.asp?Type=B_BASIC&SEC=%7BCC5DEFB6-1B2A-4783-A
5F8-A92275C95081%7D).
Taylor has yet to respond to our request for comment.
It seems that Tuttle has quite the hacking epidemic on its hands. The Tuttle
Times newspaper's web site, for example, has had its Forum section cracked.
Click at your own risk to see it (http://tuttletimes.com/forum/index.php) or
have a peek at our screen grab
(http://www.theregister.co.uk/2006/03/24/tutthack.jpg).
To see the full transcript of the web server war, travel over here
(http://www.centos.org/modules/news/article.php?storyid=127). It's classic
reading
CentOS in the News : It's L-i-n-u-x, that is an Operating System
Posted by hughesjr on 2006/3/24 4:42:41 (116930 reads)
OR ... why every city council needs at least one geek
Background: This a default test page that shows up after an install of
CentOS. It is slightly different between the 3 centos versions ... here is
an example:
http://mirror.centos.org/mirrorscripts/noindex_new.html
Now, the rest of this story is true ... hard to believe, but true none the
less. I will just post the raw e-mails (email addresses removed) and let you
see a day in the life of the CentOS Team
Thu, 23 Mar 2006 00:52:58 +0000 (Wed, 18:52 CST)
Jerry A. Taylor submitted the following Information:
Email xxxxxxx
Company City of Tuttle
Location Oklahoma
Comments
Who gave you permission to invade my website and block me and anyone else
from accessing it???
Please remove your software immediately before I report it to government
officials!!
I am the City Manager of Tuttle, Oklahoma.
-----------------------------------------------
From: Johnny Hughes
To: Jerry A. Taylor
Subject: Re: www.centos.org - Contact Us Form
Date: Wed, 22 Mar 2006 18:59:18 -0600
I feel sorry for your city.
CentOS is an operating system. It is probably installed on the computer
that runs your website.
We hope you are happy with it, since we produced it for free and you are
able to use it without paying us ... and are even threatening to have us
arrested for providing to you free of charge.
Please contact someone who does IT for you and show them the page so
that they can configure your apache webserver correctly.
Thanks,
Johnny Hughes,
CentOS 4 Lead Developer
-----------------------------------------------
From: Jerry A. Taylor
To: CentOS Web Site
Subject: www.centos.org - Contact Us Form
Date: Thu, 23 Mar 2006 18:58:31 +0000 (12:58 CST)
Jerry A. Taylor submitted the following Information:
Email xxxxx
Company City of Tuttle
Location Oklahoma
Comments
Get this web site off my home page!!!!!
It is blocking access to my website!!!!~!
-----------------------------------------------
From: Johnny Hughes
To: Jerry A. Taylor
Subject: Re: www.centos.org - Contact Us Form
Date: Thu, 23 Mar 2006 13:45:37 -0600
It is not a website ... it is the operating system.
I would be glad to help you configure your webserver.
Do you own the machine that your web site is on, or is it at a hosting
provider.
If it is at a provider, they need to properly configure their webserver.
If it is on your machine, your apache needs to be properly configured.
I am assuming that you are seeing a page that looks like this:
http://centos.hughesjr.com/testing/noindex_new.html
If so, it tells you exactly what needs to be done to fix the problem.
If your server is at a provider location, they should be able to fix it
if you tell them about the issue.
We didn't DO ANYTHING ... that is what the default apache setup looks
like if you are running our operating system (CentOS). So how your
configuration file has been replaced by the default one ... that is not
something that we can do, it is something that might have been done by
the administrator of the machine.
IF you are not sending these e-mails via the CentOS.org homepage, please
reply to this e-mail so that I will know that.
Thanks,
Johnny Hughes
CentOS-4 Lead Developer
-----------------------------------------------
From: Jerry.Taylor
To: Johnny Hughes
Subject: Re: www.centos.org - Contact Us Form
Date: Thu, 23 Mar 2006 13:54:24 -0600
I do not want this software!!!! This is the City of Tuttle, Oklahoma. Get
rid of this software!!!!!
Second notice!
-----------------------------------------------
From: Jerry.Taylor
To: Johnny Hughes
Subject: Re: www.centos.org - Contact Us Form
Date: Thu, 23 Mar 2006 13:58:23 -0600
Johnny,
Unless this software is removed I will file a complaint with the FBI.
-----------------------------------------------
From: Johnny Hughes
To: Jerry.Taylor
Subject: Re: www.centos.org - Contact Us Form
Date: Thu, 23 Mar 2006 14:18:06 -0600
Jerry,
I/We didn't install any software ... I am trying to tell you that.
I am asking you as nicely as I possible can to explain what the problem is.
I have tried to explain to you what CentOS is.
It is an operating system ... a version of linux.
It does not install itself ... it requires someone to install it.
If you will not let me help you, or at least talk to someone who knows
what Linux is, then you will look like an idiot.
Your choice.
Thanks,
Johnny Hughes
-----------------------------------------------
From: Johnny Hughes
To: Jerry.Taylor
Subject: Re: www.centos.org - Contact Us Form
Date: Thu, 23 Mar 2006 14:46:40 -0600
Mr. Taylor,
My name is Johnny Hughes, I am a software engineer and I am a developer
of CentOS. I live in Corpus Christi, Texas.
I have been published in several magazines ... here is my latest
article:
http://www.linux-magazine.com/issue/65
http://www.linux-magazine.com/issue/65/CentOS_4.2.pdf
CentOS is a legitimate operating system ... that is what it is. It is
like Microsoft Windows, RedHat Linux, or Apple OSX ... It is not
possible that it was installed without operator action. I have no idea
what you think has happened, nor what has given you the idea that the
CentOS Project is involved in any way.
CentOS is not spyware, it is not spam. It does not take over websites.
If you will not let me help you, find someone you know who is computer
literate and has heard of Linux to look at your problem. I am trying
very, very hard to save you from great embarrassment.
You may certainly call the FBI if you want. I may call some law
enforcement agency or attorney myself if you don't stop throwing around
accusations and stop threatening me without just cause.
Please, for the love of God, either let me help you or talk to a
computer administrator who can help you with your problem.
Thank You,
Johnny Hughes
CentOS-4 Lead Developer
-----------------------------------------------
From: Jerry.Taylor
To: Johnny Hughes
Subject: Re: www.centos.org - Contact Us Form
Date: Thu, 23 Mar 2006 15:15:17 -0600
I have four computers located at City Hall. All of these computers display
the same CentOS page when attempting to bring up Tuttle-ok.gov. Now if your
software is not causing this problem, how does it happen??? No one outside
this building has complained about this problem. This is a block of public
access to a city's website. Remove your software within the next 12 hours or
an official complaint to the FBI is being filed!
Third correspondence to this location.
-----------------------------------------------
From: Jerry.Taylor
To: Johnny Hughes
Subject: Re: www.centos.org - Contact Us Form
Date: Thu, 23 Mar 2006 15:50:33 -0600
Johnny,
This a message to notify you that your webpage has blocked an "Official"
website that is used to provide public information regarding City Council
meetings including notifying the public of the agendas. Failure to provide
the agendas on the City's website is a violation of the open records act of
Oklahoma. You claim no responsibility but the city did not subscribe to your
software and the city did not authorize you to display it when the city's
website is selected.
You have officially been notified and given an opportunity to correct the
situation without legal intervention. The rest is up to you!
Jerry
-----------------------------------------------
From: Johnny Hughes
To: Jerry.Taylor
Cc: mayor of Tuttle
Subject: Re: www.centos.org - Contact Us Form
Date: Thu, 23 Mar 2006 18:34:18 -0600
Mr. Taylor
Stop with the FBI already. If CentOS is on the computers, it was
installed there by someone who controls the computer.
Who installed the operating system on those computers? Who is the
administrator of the computers and have you contacted them?
If the operating system that is installed on the computers is CentOS,
then it was installed by the administrator if the computer.
Are you not understanding what I am writing?
Please talk to the person who controls the computers ... or give me a
name and an e-mail address and I will talk to them.
If someone who is computer literate doesn't take care of this situation
I will be forced to send these ridiculous e-mails to your local media.
I'm sure they will be able to understand what I am trying to tell you.
Please, I have asked you at least 3 times to have your administrator,
the person who installed the operating system on those computers, to
look at them.
Thank you,
Johnny Hughes
-----------------------------------------------
From: Johnny Hughes
To: Jerry.Taylor
Cc: mayor of Tuttle
Subject: Re: www.centos.org - Contact Us Form
Date: Thu, 23 Mar 2006 18:38:46 -0600
We don't display anything ... you have yet to even tell me the name of
the webserver in question.
I am very tired of your threats when you have yet to even show me what
your problem is.
You obviously do not understand what I am trying to tell you, is there
no one on the city council or in your building who understands what an
operating system is.
If you would like me to help the administrator of the computers in
question, I would be happy to. However, we did not install anything,
anywhere.
-----------------------------------------------
From: Jerry.Taylor
To: Johnny Hughes
Subject: Re: www.centos.org - Contact Us Form
Date: Thu, 23 Mar 2006 18:58:24 -0600
Johnny,
I have contacted the City's network administrator wnd he has done nothing to
install your CentOS software. I have contacted our Internet provider and
they know nothing about your software. I am computer literate! I have 22
years in computer systems engineering and operation. Now, can you tell me
how to remove "your software" that you acknowledge you provided free of
charge? I consider this "hacking". I have no fear of the media, in fact I
welcome this publicity.
Just correct this problem and leave this system alone in the future.
Jerry
-----------------------------------------------
From: Johnny Hughes
To: Jerry.Taylor
Cc: mayor of Tuttle
Subject: Re: www.centos.org - Contact Us Form
Date: Thu, 23 Mar 2006 19:08:05 -0600
Mr. Taylor,
Even though I have repeatedly asked you to contact your service provider
or your network administrator, you have persisted to instead harass me.
I have repeatedly offered to help you fix your issue, if you would just
provide me with information. You have chosen neither provide me with
information or contact your hosting provider ... so I decided to see if
I could find some of the information myself.
I found the website that you are having problems with by looking at
http://www.Tuttle-OK.gov/ and I saw an e-mail address of
cityoftuttle.org ... so I went to www.cityoftuttle.org and I see the
problem.
As I tried to explain to you before, that page is displayed when the
webserver in question is not properly configured.
The IP address that is returned from a name lookup of
www.cityoftuttle.org is 65.77.67.7. That is the IP address of your
server.
Doing more research, I have found that the site in question is hosted by
Vidia Communications. If you look at this page
http://uptime.netcraft.com/up/graph/?host=www.vidiacom.com
you will plainly see that Vidia Communications uses CentOS as the
operating system for their server.
So, though I have told you again and again that you need to contact your
service provider and tell them of your problem, you obviously would
rather threaten me and my group.
Now, for the last time ... contact your web server provider, Vidia
Communications, and tell them that they have a misconfiguration on the
server that they are hosting your website on.
While you are at it, why don't you ask Vidia Communications why it is
that they choose CentOS to host your webserver on.
So you see Mr. Taylor, you ARE using my free operating system to run
your website, you are doing so by choice, it is a configuration error by
the person who choose to install the software and if you would have done
what I asked you to your website would have been up by now.
Let me conclude by saying that it is very hard for me NOT to send this
e-mail and all the other correspondence between you and I to
http://www.tuttletimes.com/
I will not do so, even though I really do want to.
Thank you,
Johnny Hughes
-----------------------------------------------
From: Johnny Hughes
To: Jerry.Taylor
Subject: Re: www.centos.org - Contact Us Form
Date: Thu, 23 Mar 2006 19:20:11 -0600
Mr. Taylor,
If there are other servers besides the one I already found ... If you
provide me the names, I'll be happy to tell you who the provider is for
them as well.
Johnny Hughes
-----------------------------------------------
From: Jerry.Taylor
To: Johnny Hughes
Subject: Re: www.centos.org - Contact Us Form
Date: Fri, 24 Mar 2006 11:36:42 -0600
Johnny,
The problem has been resolved by VIDIA who used to host the City website.
They still provide cable service but do not host the website. The
explanation was that they had a crash and during the rebuild they
reinstalled the software that affected our website.
I am sorry that we had to go through the process and accusations to get the
problem resolved. It could have been resolved a lot quicker if the initial
correspondence with you provided the helpful information that was
transmitted in the last messages. My initial contact with VIDIA disallowed
any knowledge of creating the problem.
Jerry
-----------------------------------------------
From: Johnny Hughes
To: Jerry.Taylor
Subject: Re: www.centos.org - Contact Us Form
Date: Fri, 24 Mar 2006 11:49:15 -0600
Jerry,
I asked time and again for the name of the web server administrator or
the website so that I could help you.
I did the extra research on my own to figure it out for myself when I
was not provided any of that information by you.
I also tried very hard to convince you that the problem had to be caused
on the web server and that CentOS could not possibly be installed by
accident or in anyway take over a website.
You will notice that in my first and second e-mails, I spell out exactly
how to fix the problem and who should be contacted.
Any administrator should have been able to use nslookup, dig and whois
to figure out the problem, which had absolutely nothing to do with
CentOS.
I am glad that you got the problem fixed.
Thanks,
Johnny Hughes
|
|
