Power up with new SaaS Add-Ons from the DigitalOcean Marketplace

Question

Why do I see someone else's bash history when I run screen?

  • Posted February 13, 2014

New customer here. Started an Ubuntu 12.04 droplet, and so far everything’s been running smoothly. However, I just ran screen and started scrolling through my bash history. To my dismay, I see curl -L https://{tld ommitted for privacy}.me/cleanimage.sh | bash. This is clearly the bash history of another customer using this machine.

This is quite disturbing. I value security, and if this is the kind of data that accessible in these environments (are they containers?) then I won’t be able to continue using this service.

Can someone please explain this, and fix the issue?

Thanks

Subscribe
Share
Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Johnneylee.RollinsFebruary 14, 2014

@Kamal, I wasn’t aware that DO doesn’t provide a clean droplet from the start and assumed anything leftover was a part of that issue.

a3sauberFebruary 14, 2014

Thanks Kamal, that makes sense. These images would have to be a snapshot after some kind of setup process. I see that that’s a Digital Ocean script. <br> <br>Well, it doesn’t clean screen’s bash history ; )

Kamal NasserFebruary 13, 2014

Hello a3sauber, <br> <br>There’s no need to worry, no one is accessing or running anything on your droplet. That script is used to clean up traces such as login IPs from droplets before creating the images for public use. In other words, it was run once on another droplet that was used to prepare the image your droplet is based on. <br> <br>That URL, which is hosted on an employee’s droplet, is no longer valid, it redirects to a digitalocean.com internal machine now: <br> <pre> ~: curl -I https://{url}/cleanimage.sh HTTP/1.1 302 Moved Temporarily Server: nginx Date: Thu, 13 Feb 2014 20:06:10 GMT Content-Type: text/html Content-Length: 154 Connection: keep-alive Location: https://assets.digitalocean.com/cleanimage.sh </pre> <br> <br>Let me know if you have any other questions. <br> <br>@Johnneylee.Rollins: How is that related to this?

Johnneylee.RollinsFebruary 13, 2014

https://news.ycombinator.com/item?id=6983097