linuxaudio.org compromised - 2018-01-29

Check this forum for important info regarding the site.

Moderators: MattKingUSA, khz

User avatar
autostatic
Established Member
Posts: 1994
Joined: Wed Dec 09, 2009 5:26 pm
Location: Beverwijk, The Netherlands
Has thanked: 32 times
Been thanked: 104 times
Contact:

linuxaudio.org compromised - 2018-01-29

Post by autostatic »

Dear all,

January 29th the linuxaudio.org was compromised. Someone managed to pull in a privilege escalation exploit, probably through a reverse shell and got root. This was discovered by the Virginia Tech IT department and they cut the server off from the network. Their policy dictates that compromised servers have to be wiped and reinstalled. Because we didn't have an option to try cleaning up things we have to build everything up from scratch again. Since it's a very small team that keeps this server up (basically 2 persons including myself) rebuilding is going to take some time. Data loss should be minimal as we have backups. So please bear with us, I will keep you posted on the progress.

Best,

Jeremy
finotti
Established Member
Posts: 528
Joined: Thu Sep 01, 2011 9:07 pm
Has thanked: 86 times
Been thanked: 23 times

Re: linuxaudio.org compromised - 2018-01-29

Post by finotti »

Thanks for the information and all your work maintaining (and now fixing) this great resource to the community!
ssj71
Established Member
Posts: 1294
Joined: Tue Sep 25, 2012 6:36 pm
Has thanked: 1 time

Re: linuxaudio.org compromised - 2018-01-29

Post by ssj71 »

Huge thanks for your generous work to keep it maintained! I certainly miss it already (I check the planet daily), but however long it takes I appreciate you offering your skills to the community.
_ssj71

music: https://soundcloud.com/ssj71
My plugins are Infamous! http://ssj71.github.io/infamousPlugins
I just want to get back to making music!
TheAxeMan
Established Member
Posts: 3
Joined: Wed Jan 31, 2018 10:10 pm

Re: linuxaudio.org compromised - 2018-01-29

Post by TheAxeMan »

Yes, thank you for your service!

Just when I was looking for some info... Your content has helped me greatly in switching from Windows to Linux with my little "home studio".
folderol
Established Member
Posts: 2069
Joined: Mon Sep 28, 2015 8:06 pm
Location: Here, of course!
Has thanked: 224 times
Been thanked: 400 times
Contact:

Re: linuxaudio.org compromised - 2018-01-29

Post by folderol »

I'm seriously impressed Jeremy!
I knew it was a small operation, but didn't realise it was that small.

Thanks for all your work.
The Yoshimi guy {apparently now an 'elderly'}
User avatar
autostatic
Established Member
Posts: 1994
Joined: Wed Dec 09, 2009 5:26 pm
Location: Beverwijk, The Netherlands
Has thanked: 32 times
Been thanked: 104 times
Contact:

Re: linuxaudio.org compromised - 2018-01-29

Post by autostatic »

Thanks everybody for the kind words! Current status is that the hack is being investigated and that some static sites are responding again. But no clear indication of how things will progress. We' not sitting still though, in the meanwhile we're thinking about what other options we have and we might start preparing for a plan B.
User avatar
autostatic
Established Member
Posts: 1994
Joined: Wed Dec 09, 2009 5:26 pm
Location: Beverwijk, The Netherlands
Has thanked: 32 times
Been thanked: 104 times
Contact:

Re: linuxaudio.org compromised - 2018-01-29

Post by autostatic »

I'd like to point out that information in this thread on the outage of linuxaudio.org is leading. So please refrain from speculating, thanks in advance!

Current status is that we have access to the current server again so we can start recovering data. Hopefully we can make some good progress this weekend. Priorities are mail and LAC2018 submissions. Then Libremusicproductions.com and kxstudio.linuxaudio.org (including the repo's). More to come so keep an eye on this thread!

And if there are any questions, PM me on IRC or send me a mail.

Jeremy
jCandlish
Established Member
Posts: 4
Joined: Mon Jun 20, 2016 8:17 pm
Location: Switzerland
Been thanked: 1 time

Re: linuxaudio.org compromised - 2018-01-29

Post by jCandlish »

Thanks for your hard work, and sorry about your weekend.
raffguitar++
Established Member
Posts: 19
Joined: Sun Jun 12, 2016 5:55 pm

Re: linuxaudio.org compromised - 2018-01-29

Post by raffguitar++ »

Aaahh, so that's why LMP is down! (One of my all time favorite sites). Just recently told a friend who is new to Linux about it, figures :roll:

Anyway, very sorry to hear about this incident. And thank you very much for all of your hard work! I will stay tuned and check in now and then.
User avatar
gennargiu
Established Member
Posts: 389
Joined: Sun Dec 18, 2016 9:56 pm
Been thanked: 14 times

Re: linuxaudio.org compromised - 2018-01-29

Post by gennargiu »

Many thanks for your works and best regards :wink:

gennaro
Hp Elite 8200 3,1 Ghz - 16 Giga Ram Hd 2 Terabyte - Mx Linux 19.4-Ardour 6.8 - Mixbus 7
Asus X54c - Mx Linux 19.4-Ardour 6.8- Mixbus 7-RPI3 + Raspbian Buster- Rpi4 (4giga ram)
User avatar
SLCBagpiper
Established Member
Posts: 13
Joined: Mon Jul 13, 2015 3:07 am
Location: Salt Lake City, UT
Contact:

Re: linuxaudio.org compromised - 2018-01-29

Post by SLCBagpiper »

Thanks for all of your hard work.
"If it's stupid, but it works, then it's not stupid."
---Art. III, Murphy's Military Law
User avatar
GraysonPeddie
Established Member
Posts: 657
Joined: Sun Feb 12, 2012 11:12 pm
Location: Altha, FL
Been thanked: 6 times
Contact:

Re: linuxaudio.org compromised - 2018-01-29

Post by GraysonPeddie »

I am CompTIA A+ certified, but not Linux+ certified despite having lots of experience with Linux at home. It would be nice if I could be of help, but I'm from Florida. I took the exams at World Services for the Blind and got a 795 for CompTIA A+ 220-901 and 803 for A+ 220-902.

Anyway, I hope all the Linux Musician-related websites will be up and fully operational soon.
--Grayson Peddie

Music Interest: New Age w/ a mix of modern smooth jazz, light techno/trance & downtempo -- something Epcot Future World/Tomorrowland-flavored.
Drazen
Established Member
Posts: 28
Joined: Sun Nov 13, 2016 8:30 am
Been thanked: 2 times

Re: linuxaudio.org compromised - 2018-01-29

Post by Drazen »

Thanks for your hard work.
Best
Drazen
elerale
Established Member
Posts: 36
Joined: Sat Nov 19, 2016 4:45 am
Has thanked: 2 times
Been thanked: 2 times

Re: linuxaudio.org compromised - 2018-01-29

Post by elerale »

Hello,

Thanks for everything !

Cheers
Erwan
greenpete
Posts: 1
Joined: Sat Feb 03, 2018 2:21 pm
Contact:

Re: linuxaudio.org compromised - 2018-01-29

Post by greenpete »

It's great to finally find out what's happened and I really feel for the admins that have to clear up this mess.

I'd also like to thank all people involved in the linuxaudio.org network as I have benefited greatly from their efforts.

I would also like to offer any help or support should there be anything an unknown like myself can do. Maybe donate to help get something like a backup server running?

I have been wondering why there's nothing on the website now it's back up or on the LinuxAudio twitter feed about this? ( https://twitter.com/linuxaudio )

Thanks again and good luck with getting this fixed as painlessly as possible. :-)
Post Reply