Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Security Software Linux

Ubuntu Servers Hacked 330

Posted by CmdrTaco
from the zomg-alert-the-media dept.
An anonymous reader noted that "Ubuntu had to shutdown 5 of 8 production servers that are sponsored by Canonical, when they started attacking other systems. Canonical blames the community, saying they were community hosted, and were poorly maintained. However, kernel upgrades couldn't be done because of poor backwards compatibility with the very hardware that Canonical had sponsored! While people point fingers at each other it is pretty clear that both sides are equally to blame, the community administrators for practicing bad security practices, such as using unencrypted FTP transfers with accounts, not properly maintaining the system. However Canonical should have been well aware of what they are hosting. The question remains, if any of the files distributed to users have been compromised. A major blow for Canonical though who are attempting to enter the business market with Ubuntu Server."
This discussion has been archived. No new comments can be posted.

Ubuntu Servers Hacked

Comments Filter:
  • by ChazeFroy (51595) on Wednesday August 15, 2007 @09:40AM (#20236523) Homepage
    This isn't the only Linux distro security breach being disclosed recently. One of Gentoo's web applications was compromised and they are investigating it:

    http://bugs.gentoo.org/show_bug.cgi?id=187971 [gentoo.org]
  • Not like Debian (Score:5, Informative)

    by Bruce Perens (3872) * <bruce@perens.com> on Wednesday August 15, 2007 @09:51AM (#20236675) Homepage Journal
    This happpened to Debian once. I remember the very careful quality of the notifications, and the forensic analysis, and the fact that it was caught quickly and there thus wasn't much damage. It showed that a volunteer community can be right on top of this sort of problem with as much or more professionality than any paid staff. It's unfortunate that the configuration of Ubuntu and its loco teams has them pointing fingers at each other. And what about those systems that can't be upgraded? Are they, per chance, using proprietary network drivers? If so, well, folks should know better.


  • Some clarification (Score:5, Informative)

    by joe_cot (1011355) on Wednesday August 15, 2007 @10:05AM (#20236881) Homepage
    As one of the people affected by this issue, I'd like to give some clarification on this. Firstly, the servers affected were Local Community (LoCo) Team servers, of which I maintain ubuntu-us.org While I'm personally annoyed that the site is down (given it was on the front page of Digg last week), these servers are far from "production" servers; they host LoCo team resources and websites. I'd like to know what "compromised" software would have been downloaded by users, given that these servers did not host user repositories, and for the most part hosted news pages, blogs, and localized documentation. The issues were twofold: the servers were not upgraded past breezy, leaving them open to vulnerabilities after Breezy's EOL; LoCo team users were running an array of web applications (Drupal, Wordpress, Mediawiki, etc), but not updating their systems with new security patches. Top that with ftp logins and no ssh keys, and you have yourself a problem. Canonical is moving the installs to their facilities, retrieving the data, and building the installs (including the aformentioned web applications) from scratch, assuming that everything has been compromised. Hopefully in the next few days this will all be over.
  • Re:Driver issue (Score:3, Informative)

    by Foktip (736679) on Wednesday August 15, 2007 @10:05AM (#20236889)
    Heh, compatability with new hardware is part of the reason i started using Gentoo... even though Ubuntu uses new software, i've always had at least some problems getting either Broadcom or Nvidia network-cards working on generic-distro kernels. Were they using custom-made kernels, or the stock one?
  • It happens (Score:5, Informative)

    by popeydotcom (114724) on Wednesday August 15, 2007 @10:19AM (#20237091) Homepage
    Firstly these servers were not "Canonical Hosted" as the anonymous readers suggests. They were hosted in a DC which Canonical paid for, but the community maintained them. So Canonical system admins had very little to do with them.

    My site - http://screencasts.ubuntu.com [ubuntu.com] was one of them that was affected, so I was of course concerned that there might be some data loss. I only use SCP to copy files up to the site, and logon with my ssh key, so don't think that all Ubuntu community members are using FTP, weak passwords and really old software, it only takes _one_ though to naff it up for everyone else.

    The Canonical system admins (on top of the work they already do) migrated the services from those servers to their own DC very quickly. My site went down on Tuesday and was back by Friday. For free hosting and oodles of bandwidth, I'm happy with that downtime - for a community site.
  • Re:how ironic (Score:3, Informative)

    by Super_Z (756391) on Wednesday August 15, 2007 @11:12AM (#20237823)

    If you had bothered to read the originating mail ( https://lists.ubuntu.com/archives/loco-contacts/20 07-August/001510.html [ubuntu.com] ), you would have seen that these servers were hacked through unpatched 3rd party web-applications running on these servers - namely:

    art-web, gallery, drupal, phpmyadmin, wordpress, postnuke, phpbb,
    smf, moodle, planet, aspseek, moin, taskfreak, cms made simple,
    mediawiki, ...

    Your argument is whiny and offtopic.

  • Re:Constructively (Score:2, Informative)

    by plague3106 (71849) on Wednesday August 15, 2007 @11:46AM (#20238227)
    Is there a similar sort of problem in Windows that was fixed 10 years ago and is now something you have to go out of your way to subject yourself to?

    Ten years ago Linux was barely 1.0. The problem wasn't fixed as long ago as you pretend it was.

    Most Windows problems tend to be about what the system will do by default, not what sort of ways you can screw yourself up if you really try hard and insist on ignoring decades of other people's mistakes.

    The defaults have not been an issue since before that flawed kernel was released. Why do zealots insist on making themselves look stupid by not even being familar with that which they critisize?
  • by Nimey (114278) on Wednesday August 15, 2007 @12:04PM (#20238455) Homepage Journal
    Why the hell did he have root anyway? Only people with /need/ should have root, and then they should just use sudo anyway.

    Your server was poorly administered.
  • Re:Hacked... (Score:2, Informative)

    by KingKiki217 (979050) on Wednesday August 15, 2007 @12:32PM (#20238807)
    The problem is that most people don't know these things. Most people seem to think that when Juliet asks "Wherefor art thou, Romeo?" she's asking after his location.
  • by houghi (78078) on Wednesday August 15, 2007 @01:59PM (#20239991)
    That is why I use `rm directory -rf` instead of `rm -rf directory`. It saved me a few times already.

Some people carve careers, others chisel them.