It is Time to Send Mr. Pi Home
Tomorrow night while the enemy is busy watching American Idol, Mr. Pi will attempt to lower his defenses to the lowest level yet which should allow a successful break-in.
We Have Learned Many Things Together:
- The Rasbian crew does a pretty good job of securing the downloadable image and they leave it to us to screw it up.
- Fail2Ban worked ridiculously well under load.
- There are lot of cool people around the internet.
Final Shoot Out
- Fail2Ban is watching Randy.
- Password Reset to 5-7 characters
- Compromised FTP account published
- SSH taking 500 connections at a time (will increase if world doesn’t stop)
- When you are victorious, please update the Web Page, change the ssh banner and switch the Pi password.
Wanted to note – but no pressure to the winner – there is a really nice teacher on Reddit needing a couple Pi’s for his classroom. If you donate the Pi, I will pitch in with some other things.
Day 1 Recap
For those of you just hearing of about this, Mr. Pi (@FreeMrPi) has been through a tough ordeal. He was kidnapped and dumped in a data center in Houston, Texas. You get to keep Mr. Pi if you liberate him by passing his serial number to the Embassy. See full contest rules and details.
What We Have Learned So Far:
- He has a homepage at FreeMrPi.shardme.com where he lets us know that he is still alive and well. He also is trying to pick up a date on Pinterest? This subdomain is sitting behind Cloudflare to help protect Mr. Pi if there were a surge of traffic. This protection will sometimes serve you a cached page with an older time stamp.
- If you do an IP lookup of FreeMrPi.shardme.com, you will not see Mr. Pi’s IP address but instead one of Cloudflare’s proxies. You will also get this proxy if you try to liberate Mr. Pi by hostname instead of IP address.
- We know that Mr. Pi has an IP address of 18.104.22.168. He leaked it to us in his source code on the above host.
- Mr. Pi is pretty much running a stock version of Raspbian (Kudos to them for keeping our Pi’s secure). He gets updates forced on him regularly but is gaining favor with the guards. They have let him install a couple extra services and might let him run even more soon.
- Mr. Pi does have one piece of software that is making brute force liberation more challenging. The have strapped him with fail2ban which has certain connection rules and makes people sit out if they exceed them. He told us that at 600 SSH connection attempts you get jailed 60 seconds for each additional attempt.
- Mr. Pi has had his passwords changed, but we know his username is still ‘pi’ and his password starts with ‘y’ (not very helpful).
He held strong through the barrage of liberation attacks last night and he knows we are all pulling for him. I anticipate we will have him freed one way or another in the next few days.