linuxaudio.org compromised - 2018-01-29

Check this forum for important info regarding the site.

Moderators: khz, MattKingUSA

greenpete
Posts: 1
Joined: Sat Feb 03, 2018 2:21 pm
Contact:

Re: linuxaudio.org compromised - 2018-01-29

Postby greenpete » Sat Feb 03, 2018 2:28 pm

It's great to finally find out what's happened and I really feel for the admins that have to clear up this mess.

I'd also like to thank all people involved in the linuxaudio.org network as I have benefited greatly from their efforts.

I would also like to offer any help or support should there be anything an unknown like myself can do. Maybe donate to help get something like a backup server running?

I have been wondering why there's nothing on the website now it's back up or on the LinuxAudio twitter feed about this? ( https://twitter.com/linuxaudio )

Thanks again and good luck with getting this fixed as painlessly as possible. :-)

User avatar
autostatic
Established Member
Posts: 1728
Joined: Wed Dec 09, 2009 5:26 pm
Location: Beverwijk, The Netherlands
Contact:

Re: linuxaudio.org compromised - 2018-01-29

Postby autostatic » Sat Feb 03, 2018 11:43 pm

We're in the process of rebuilding everything on alternate servers as the forensics procedure at Virginia Tech simply takes too long. So hopefully tomorrow or beginning of next week we can flick the DNS switch.

Short recap, someone or something (this was probably an automated attack) probably got a reverse shell and exploited a local privilege escalation vulnerability, in this case Dirty COW. That's a somewhat older vulnerability which we could've mitigated by rebooting the server more often. The server was updated regularly but we were simply too sloppy with rebooting it as the linuxaudio.org is a hardware server sitting in some server room and there was some concern it wouldn't come back properly after a reboot.

The alternate servers are VM's so rebooting shouldn't be an issue anymore. They're also located in the EU on a fully open source cloud solution (OpenStack).

Regarding Twitter, unfortunately I have no access to that account. And we already have good backups and after the move that part is covered too.

Jeremy

GraysonPeddie
Established Member
Posts: 593
Joined: Sun Feb 12, 2012 11:12 pm
Location: Altha, FL
Contact:

Re: linuxaudio.org compromised - 2018-01-29

Postby GraysonPeddie » Sun Feb 04, 2018 6:41 am

OpenStack!!! That is something I'd like to learn in near future. This could be interesting for setting this up in my home environment even if people would tell me that is overkill as if an Ubiquiti UniFi 48-Port 500W PoE is overkill (48-port will be used for 4 video cameras, in-wall tablets, and a Doorbird powered by PoE, so I will have use of it when building a house in the near future).

OpenStack and Ubiquiti products (excluding AmpliFi) aren't designed for consumers in a home environment, but I'm more of a guy who likes having industrial-type products such as 1.5U custom-built servers and a 1U switch.

Anyway, good luck on getting the websites back online.

And yes, data forensics does take a while. It's important to preserve the data at all times for investigation and make sure all the access times are not updated upon touching the files in the filesystem.

PS: And yes, OpenStack does make sense for a large business environments as it's more for those who are looking to setup a hybrid cloud. I'm not certain if there are businesses out there that are using OpenStack internally as a private IaaS (Infrastructure as a Service) cloud.
--Grayson Peddie

Music Interest: New Age w/ a mix of modern smooth jazz, light techno/trance & downtempo -- something Epcot Future World/Tomorrowland-flavored.

User avatar
briandc
Established Member
Posts: 1329
Joined: Sun Apr 29, 2012 3:17 pm
Contact:

Re: linuxaudio.org compromised - 2018-01-29

Postby briandc » Sun Feb 04, 2018 8:36 am

A big "Thank you!" to everyone involved in helping with this. I was glad to hear there were backups!


brian
Have your PC your way: use linux!
My sound synthesis biome: http://www.linuxsynths.com

User avatar
chaocrator
Established Member
Posts: 305
Joined: Fri Jun 26, 2015 8:11 pm
Location: Kyiv, Ukraine
Contact:

Re: linuxaudio.org compromised - 2018-01-29

Postby chaocrator » Sun Feb 04, 2018 11:35 am

GraysonPeddie wrote:I'm not certain if there are businesses out there that are using OpenStack internally as a private IaaS (Infrastructure as a Service) cloud.

it is usable as a private IaaS cloud, but requires some knowledge how to set it up with simpler network infrastructure, because that one in official openstack documentation is certainly overcomplicated.

GraysonPeddie
Established Member
Posts: 593
Joined: Sun Feb 12, 2012 11:12 pm
Location: Altha, FL
Contact:

Re: linuxaudio.org compromised - 2018-01-29

Postby GraysonPeddie » Sun Feb 04, 2018 2:45 pm

Even if I use conjure-up in Ubuntu?
--Grayson Peddie

Music Interest: New Age w/ a mix of modern smooth jazz, light techno/trance & downtempo -- something Epcot Future World/Tomorrowland-flavored.

User avatar
autostatic
Established Member
Posts: 1728
Joined: Wed Dec 09, 2009 5:26 pm
Location: Beverwijk, The Netherlands
Contact:

Re: linuxaudio.org compromised - 2018-01-29

Postby autostatic » Sun Feb 04, 2018 3:17 pm

Hi everyone, please stay on topic, thanks in advance!

Mark_1
Posts: 1
Joined: Fri Feb 02, 2018 7:48 pm

Re: linuxaudio.org compromised - 2018-01-29

Postby Mark_1 » Mon Feb 05, 2018 2:04 pm

Just like to add my thanks for all your hard work. Its often the case that we don’t fully appreciate what we have until its not there.

Cheers

rghvdberg
Established Member
Posts: 888
Joined: Mon May 12, 2014 7:11 am

Re: linuxaudio.org compromised - 2018-01-29

Postby rghvdberg » Mon Feb 05, 2018 8:28 pm

I read in IRC the server was hacked ( my layman's term) but at that time I didn't realize kx and lmp depended on that server too.

Anyway, many thanks for taking care of this!
Let us all be patient and let the guys do their work :-)

chtfn
Established Member
Posts: 76
Joined: Sun Mar 15, 2015 10:21 pm

Re: linuxaudio.org compromised - 2018-01-29

Postby chtfn » Tue Feb 06, 2018 2:07 am

Thank you for the hard work and great resources. I'd like to support your work with a small donation... Where does one go for that? It would be great to be able to do that on Liberapay! :)

elerale
Established Member
Posts: 21
Joined: Sat Nov 19, 2016 4:45 am

Re: linuxaudio.org compromised - 2018-01-29

Postby elerale » Tue Feb 06, 2018 6:47 am

chtfn wrote:Thank you for the hard work and great resources. I'd like to support your work with a small donation... Where does one go for that? It would be great to be able to do that on Liberapay! :)


I would also be happy to support you through a small liberapay donation.

User avatar
bluebell
Established Member
Posts: 1071
Joined: Sat Sep 15, 2012 11:44 am
Location: Saarland & Frankfurt, Germany

Re: linuxaudio.org compromised - 2018-01-29

Postby bluebell » Tue Feb 06, 2018 12:05 pm

Thanks to all who contribute.
Linux – MOTU UltraLite AVB – Qtractor – https://soundcloud.com/suedwestlicht

User avatar
autostatic
Established Member
Posts: 1728
Joined: Wed Dec 09, 2009 5:26 pm
Location: Beverwijk, The Netherlands
Contact:

Re: linuxaudio.org compromised - 2018-01-29

Postby autostatic » Wed Feb 07, 2018 2:44 pm

So far the progress is slow. We have to deal with a timezone difference, I'm in CET while the current server and the Virginia Tech department hosting the server are in EST, and also the communication itself is not optimal. And then there's a another time issue, I can't put all my available time into restoring the server, I have a responsible day job, a family with two kids and several bands I rehearse with. We also lost some time over discussing whether linuxaudio.org should move away from the VT server or not.

Luckily I got some help for the mail services and the owner of the linuxaudio.org domain is standing by to change the DNS. And your kind words certainly help too!!! Many thanks for the support!

Jeremy

User avatar
autostatic
Established Member
Posts: 1728
Joined: Wed Dec 09, 2009 5:26 pm
Location: Beverwijk, The Netherlands
Contact:

Re: linuxaudio.org compromised - 2018-01-29

Postby autostatic » Wed Feb 07, 2018 9:31 pm

First sites are starting to work again:
  • kxstudio.linuxaudio.org
  • kokkinizita.linuxaudio.org
  • download.linuxaudio.org
  • lac.linuxaudio.org/2018

folderol
Established Member
Posts: 883
Joined: Mon Sep 28, 2015 8:06 pm
Location: Here, of course!
Contact:

Re: linuxaudio.org compromised - 2018-01-29

Postby folderol » Wed Feb 07, 2018 10:23 pm

Great news!


Return to “Announcements”

Who is online

Users browsing this forum: No registered users and 1 guest