Nmap Development mailing list archives
Hack Attack
From: Fyodor <fyodor () nmap org>
Date: Sat, 13 Apr 2013 18:35:14 -0700
Hi Folks. I'm sorry for the downtime over the last week, but someone compromised our hosting provider (Linode) and used that access to break into some of our virtual private server (VPS) systems. So we spent the last week doing investigation and recovery work. I guess we've seen the dark side of cloud hosting. The good news is that we have reverted to pre-breakin (3/31) backups and pretty much all of our sites and services are up and running again.. Meanwhile, Linode says they have identified and fixed the flaws in their systems which allowed this to happen, and they have expelled the attackers. Linode put out their own release at [1]. There are still a couple issues outstanding: 1) The svn server may give you an error when you update since we reverted to a known good backup and manually re-applied all the commits since then (after verifying them by hand). You may need to blow away your working directory and check out from scratch. Also, we have disabled all comitter accounts until we can reissue them with new passwords. 2) seclists.org is currently missing mail between 3/31 and 4/12. We're working on migrating that over. Interestingly, our web referrer logs show that the attacker first visited us by following a link on this Quora page listing Linode's most prominent customers: http://www.quora.com/What-are-some-of-the-highest-traffic-websites-hosted-on-Linode I guess they hacked Linode and then went looking for well-known sites to go after. Perhaps we should be flattered to have made the list, but we're not. Linode says the intruder messed around with our account, but left their other customers alone. Thanks for your patience this week. We think everything is cleaned up, but, as always, please let me know if you see something suspicious or broken or amiss. I'd like to thank David for staying up with me past midnight multiple times doing recovery. Linode's CEO (Chris Aker) and COO (Tom Asaro) were also helpful and prompt in investigating. Let's hope this doesn't happen again! Cheers, Fyodor [1] http://blog.linode.com/2013/04/12/security-notice-linode-manager-password-reset/ _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Hack Attack Fyodor (Apr 13)
- Re: Hack Attack (fixing your git-svn checkouts) David Fifield (Apr 15)
- Re: Hack Attack (fixing your git-svn checkouts) David Fifield (Apr 18)
- Re: Hack Attack (fixing your git-svn checkouts) David Fifield (Apr 15)