Charnell Lucich

Community Hosted Servers Compromised.

Posted on: August 15, 2007

According to Ubuntu’s weekly newsletter, they have quite the problem on their hands at the moment.

This last week, 5 of the 8 servers that are LoCo hosted but Canonical sponsored, had to be shut down due to reports that they were actively attacking other machines. These servers were found to have a variety of problems including, but not limited to, missing security patches, FTP (not sftp, without SSL) was being used to access the machines, and no upgrades past breezy due to problems with the network cards and later kernels. Loco teams will be given a choice to: a. migrate to the Canonical data center, or b. stay on the hosted/outsourced servers. Each option has its good and bad points. Jono Bacon has therefore called for a meeting to discuss these issues.

Missing security patches? Insecure FTP? Problems with hardware and kernels? Seems to me this mess could’ve been easily avoidable had someone actually been paying attention to these servers. Live and learn.

Advertisements

6 Responses to "Community Hosted Servers Compromised."

haven’t RTFA yet, but first thought that comes to mind should end-users be concerned about compromised binaries?

ok maybe i should of RTFA šŸ™‚ it’s just a community site with blogs, localized documentation, and such…no repositories…which doesn’t make the issue seem so bad now.

You would think that servers hosting community sites for a Linux distribution would at least be running the latest version of that distribution. Problems with network cards and kernels? The newer kernels should support just about any network card better than an older kernel. If there was some kind of glitch, there are tons of Ubuntu developers to call upon, most of whom would be glad to help the community. Even if there are no repositories hosted there and there is no direct damage, it looks really bad on the Linux community when something like this happens.

not only is the argument bogus on the lack of driver support, isn’t this the hardware configuration Canonical claims to be able to support?!?

Yeah, you have to look pretty hard these days to find hardware that does not work with modern Linux kernels. It isn’t hard to swap out a NIC, or add a $10 Intel Pro/S NIC. Much cheaper than the admin time to clean up a compromised server.

i wonder if the compromise resulted from the root password or was it the user installing it, was found in the debian configuration files since it was breezy.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Enter your email address to follow this blog and receive notifications of new posts by email.

Follow Charnell Lucich on WordPress.com

Follow me on Twitter

%d bloggers like this: