Question

Why do I see someone else's bash history when I run screen?

Posted February 13, 2014 3.5k views
New customer here. Started an Ubuntu 12.04 droplet, and so far everything's been running smoothly. However, I just ran `screen` and started scrolling through my bash history. To my dismay, I see curl -L https://{tld ommitted for privacy}.me/cleanimage.sh | bash. This is clearly the bash history of another customer using this machine. This is quite disturbing. I value security, and if this is the kind of data that accessible in these environments (are they containers?) then I won't be able to continue using this service. Can someone please explain this, and fix the issue? Thanks
Add a comment
a3sauber
By:
a3sauber

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
Submit an Answer
4 answers
Johnneylee.Rollins February 13, 2014
https://news.ycombinator.com/item?id=6983097
Reply Report
kamaln7 February 13, 2014
Hello a3sauber,

There's no need to worry, no one is accessing or running anything on your droplet. That script is used to clean up traces such as login IPs from droplets before creating the images for public use. In other words, it was run once on another droplet that was used to prepare the image your droplet is based on.

That URL, which is hosted on an employee's droplet, is no longer valid, it redirects to a digitalocean.com internal machine now: 
~: curl -I https://{url}/cleanimage.sh
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Thu, 13 Feb 2014 20:06:10 GMT
Content-Type: text/html
Content-Length: 154
Connection: keep-alive
Location: https://assets.digitalocean.com/cleanimage.sh


Let me know if you have any other questions.

@Johnneylee.Rollins: How is that related to this?
Reply Report
a3sauber February 14, 2014
Thanks Kamal, that makes sense. These images would have to be a snapshot after some kind of setup process. I see that that's a Digital Ocean script.

Well, it doesn't clean screen's bash history ; )
Reply Report
Johnneylee.Rollins February 14, 2014
@Kamal, I wasn't aware that DO doesn't provide a clean droplet from the start and assumed anything leftover was a part of that issue.
Reply Report

Looking for something else?

Ask a new question Search for more help