Some @##&% posted rm based commands on UF yesterday. The intent was to deliberately nuke new users systems, as the posts were in the beginners section, in unanswered, or 1-2 replies threads.
In addition to be banning the accounts and IPs and removing all the posts, we turned back on a confirmation email registration process. Many thanks to all the regular members who have been helping, placing warning in their sigs, posting in threads and reporting the infamous posts.
It is so frustrating to see this happening. There must be at least 10 pages of reports and infractions sitting around the staff area for the two posting waves we had. Breaking someone else’s system, I just do not see how funny it is. Is it for fame? Power? Out of boredom? See K.Mandla’s blog article for some interesting insights.
In any case, educating the new users is one of the answers we can give. Here is a little tutorial, based on a forum’s post where Aysiu has explained the rm command.
Excerpt from man rm:
NAME
rm - remove files or directories
-f, --force
ignore nonexistent files, never prompt
-r, -R, --recursive
remove directories and their contents recursively
So any command based on rm -rf will recursively remove files without asking for a confirmation. As everything is a file on Linux (the concept of directories does not really apply, each “directory” is a file) you can wipe everything that is sitting in the “directory” you are running the command from. Guess what happens if you run it in your /home..
Examples – DO NOT RUN THEM
Now, a precise file to delete can be indicated:
rm -rf /home sudo rm -rf /
The first one will wipe /home, regardless from where the command is running. The second one will wipe the entire root file system (/). Admin privilege is required to access /, gained with sudo on Ubuntu.
Basic recommendations
- Do not run these commands, unless confirmed by long time members.
rmis useful and is sometimes the only solution. - Backup, backup and backup again. On at least two separate removable devices for important stuff. The only user I am aware of being caught in the process had everything backed up.
- Be curious and search for commands you do not understand, either with
manor a search on Google or UF. You’ll improve your knowledge and skills at the same time. - Read the UF announcement
Oh well.. One of these days.
PS: thanks to Stefano Rivera, see the comments below :)
b-initials 
I saw your headlines are fix, I’m glad.
I just read this post, this is really sad that someone would do this.
I do not think I am violent, I’ve never had urges to hit someone on the head. Last night, I was just ready to bite. As Asyiu said, this is infuriating.
BTW, thanks for the tip regarding the rss feeds :)
Hey bap, I would be happy for some IP and logfiles, as we have the same problem on Ubuntu-fr. If it is the same guy, then we are already looking on legal advice.
@ Yann: they are behind a proxy..
> including /home if not installed on a separate partition
I’m not sure that’s correct. rm -rf will cross mounts.
It won’t delete ‘/home’ the directory, but it will delete it’s contents.
Yeah, I had doubts about this, and forgot to check it further, sorry. When I wrote, I had the idea to talk about unmounted partitions but dropped it.
I’m going to take that part out, an empty /home won’t make any difference to the user.
Thanks a lot for pointing this out :)
This is all fine and dandy to post big long articles about not to run these commands, but they can be easily encrypted, so when this new user sees the command he says,
“Hmm. I’m a newbie. I have no idea what this does, it looks funny, but this guy is more experienced than I. Besides, it doesn’t have any of the commands in it as I was warned not to run, so it must be safe…”
And really,
aa="f"; ab="r"; ac="m"; az="/"; ag="o"; ae="u"; af="d"; ad="s";$($ad$ae$af$ag $ab$ac -$ab$aa $az)Is as dangerous as,
sudo rm -rf /Only the former is encrypted and the latter one isn’t.
Yes, I know. The only way we have (in addition to basic moderation tools) is to educate new users, warn them not to blindly run commands etc. Would you see anything to edit/add in the UF announcement? Thanks.
Pingback: Malicious commands that can compromize a Linux system « b-initials
Hi!
I think your article is really good :) I want to translate it to Polish Ubuntu community (http://ubuntu.pl). The article will be placed in http://czytelnia.ubuntu.pl/ website where we publice lots of articles, felietons and news. So there is my question… Can I translate your article and publice it there?
PS. Link to orginal article will be placed at the end of translation, of course :)
@ hippie: No problem, please do so :)
there are some big loosers out ther thats for sure!
Pingback: Moc źle stosowanej komendy rm w Ubuntu. :: Czytelnia