Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Ubuntu Servers Hacked

CmdrTaco posted more than 7 years ago | from the zomg-alert-the-media dept.

Security 330

An anonymous reader noted that "Ubuntu had to shutdown 5 of 8 production servers that are sponsored by Canonical, when they started attacking other systems. Canonical blames the community, saying they were community hosted, and were poorly maintained. However, kernel upgrades couldn't be done because of poor backwards compatibility with the very hardware that Canonical had sponsored! While people point fingers at each other it is pretty clear that both sides are equally to blame, the community administrators for practicing bad security practices, such as using unencrypted FTP transfers with accounts, not properly maintaining the system. However Canonical should have been well aware of what they are hosting. The question remains, if any of the files distributed to users have been compromised. A major blow for Canonical though who are attempting to enter the business market with Ubuntu Server."

cancel ×

330 comments

Sorry! There are no comments related to the filter you selected.

New distro name (5, Funny)

Anonymous Coward | more than 7 years ago | (#20236491)

Spambuntu

Passwords want to be free. (-1, Offtopic)

Anonymous Coward | more than 7 years ago | (#20236503)

This text is for the content filter.

BWAHAHAHA... (-1, Flamebait)

Conor Turton (639827) | more than 7 years ago | (#20236517)

And people wonder why businesses use Microsoft when the very people who keep banging on about how secure Linux is and how it's better than Windows can't get their house in order first.

Doesn't look good when the distro can't even support the hardware it recommends. Ho hum.

Following the M$ example. Re:BWAHAHAHA... (-1, Troll)

twitter (104583) | more than 7 years ago | (#20236641)

And people wonder why businesses use Microsoft when the very people who keep banging on about how secure Linux is and how it's better than Windows can't get their house in order first.

Ubuntu is special - they work with Windoze users and therefore need dumb stuff like ftp instead of sftp. This kind of thing is rare in the free software world, but the M$ campus gets hacked all the time.

Re:Following the M$ example. Re:BWAHAHAHA... (1)

abigor (540274) | more than 7 years ago | (#20236733)

"...but the M$ campus gets hacked all the time."

Do you have evidence for this? Particularly for the "all the time" part.

Re:Following the M$ example. Re:BWAHAHAHA... (5, Funny)

Minwee (522556) | more than 7 years ago | (#20236939)

Well, if they _did_ get broken into all the time, then that would be pretty embarrassing. The last thing they would want to do is publicize the fact, so it only makes sense that they would cover it up and say nothing about it.

Since nobody has _ever_ said anything about frequent break-ins, it's clear that they must be happening.

Why am I the only person who can see how obvious this is?

Re:Following the M$ example. Re:BWAHAHAHA... (0, Flamebait)

twitter (104583) | more than 7 years ago | (#20237099)

"...but the M$ campus gets hacked all the time." Do you have evidence for this? Particularly for the "all the time" part.

No, but if M$ can't guard their precious source code [slashdot.org] , what can they guard?

Re:Following the M$ example. Re:BWAHAHAHA... (3, Insightful)

abigor (540274) | more than 7 years ago | (#20237153)

Okay, so your assertion of fact was really just an enormous assumption. Thanks for the clarification.

Re:Following the M$ example. Re:BWAHAHAHA... (5, Funny)

laederkeps (976361) | more than 7 years ago | (#20237311)

No, but if M$ can't guard their precious source code, what can they guard?

Well, I heard that Ubuntu [ubuntu.com] isn't very good at that either...

Re:Following the M$ example. Re:BWAHAHAHA... (0, Troll)

Mattintosh (758112) | more than 7 years ago | (#20236817)

So you're saying that Ubuntu is especially open to insecurity by association?

Perhaps that's an attack vector that needs more attention. Sure, you can focus on FTP, but a system is more than the sum of its parts. How insecure is it to leave a system accessible to Windows users on any front?

Windoze access should be read only / password free (2, Interesting)

twitter (104583) | more than 7 years ago | (#20237387)

How insecure is it to leave a system accessible to Windows users on any front?

I won't give an gnu/linux account to any windows user because a minimum of 25% of them are part of a keylogging botnet [slashdot.org] . They are liable to access my machines from windoze and things go downhill from there, even if they use a better client. A system is only as strong as it's weakest link.

Ubuntu itself is dangerous because it includes non free software like Adobe Flash, but this should not be of concern to business users. These dangers are orders of magnitudes smaller than those faced by windoze users, but Ubuntu needs more shelter and care than Debian itself. No gnu/linux system is in danger of being auto-rooted like a windoze machine. Business users should continue their move to gnu/linux systems like Ubuntu.

Re:Following the M$ example. Re:BWAHAHAHA... (2, Insightful)

Anonymous Coward | more than 7 years ago | (#20236885)

It has nothing to do with dumbing it down for Windows users making it insecure, although I admit, this case is again a demonstration that the bigest secuirty hole on a computer is the lump of carbon/hydrogen/oxygen located between the keyboard and the chair.

They got arrogant, cocky and lazy. They let their security slip on things a Windows uers wouldn't use or care about (ex. FTP vs SFTP, from a user perspective, the difference is minimal).

Does your reality distortion field go so far as to say that Windows is causing functional breakage in Linux now? Geeze. Lemme guess, you are gonna add global warming, wars, AIDS, ebola and the common cold to the list as well, right?

Heck, fairly certain that ftp wasn't active by default on my last install of Ubuntu (I know SFTP was though).

FTP vs SFTP - maintainer arogance/incompetance
Kernel couldn't be upgraded given the hardware supplied by Ubuntu's owning company - the companies own problems

Re:Following the M$ example. Re:BWAHAHAHA... (1)

DogDude (805747) | more than 7 years ago | (#20237229)

This dumb Windows user uses sftp to connect to all of his servers. I don't know where you're trying to go with this troll...

Hacked... (5, Funny)

andrewd18 (989408) | more than 7 years ago | (#20236521)

You keep using that word. I do not think it means what you think it means.

Re:Hacked... (0)

Anonymous Coward | more than 7 years ago | (#20236759)

You keep using that word. I do not think it means what you think it means.
Truly, you have a dizzying intellect.

Re:Hacked... (1)

slightcrazed (973882) | more than 7 years ago | (#20236819)

Hallo, my name is Ubuntu Canonical. You hack my server. Preparrrre to die!

Who's next? (0)

Anonymous Coward | more than 7 years ago | (#20236795)

Ten to one [slashdot.org] , we hear next week that some large repository of Student papers is vulnerable too.

Idiot (0)

Anonymous Coward | more than 7 years ago | (#20237101)

Yes, it means exactly what he thinks it means. This whole thing with calling hackers "security researchers" is just silly beyond belief. Both of these little peccadilloes in terminology are reasons that no one who really counts takes the Slashsnot crowd very seriously.

Re:Idiot (4, Funny)

Anonymous Coward | more than 7 years ago | (#20237187)

And to think, the only reason I post here is so I can be taken seriously by the people who really count.

Another dream shattered!

Gentoo also recently disclosed security breach (4, Informative)

ChazeFroy (51595) | more than 7 years ago | (#20236523)

This isn't the only Linux distro security breach being disclosed recently. One of Gentoo's web applications was compromised and they are investigating it:

http://bugs.gentoo.org/show_bug.cgi?id=187971 [gentoo.org]

Re:Gentoo also recently disclosed security breach (1)

dattaway (3088) | more than 7 years ago | (#20236635)

And instead of shooting the messenger and arresting him on terrorism charges, action was taken and he was given many words of thanks for helping to identify the problem.

Nonsense. This story's a hoax. (1, Funny)

Anonymous Coward | more than 7 years ago | (#20236973)

Linux servers don't get hacked. Period.

OopsBuntu (-1, Troll)

Anonymous Coward | more than 7 years ago | (#20236541)

Isn't open source nice? There's always someone else to blame.

Comical (-1, Flamebait)

JeremyGNJ (1102465) | more than 7 years ago | (#20236545)

I dont generally like to be amused by other people's misfortune, however this story makes me chuckle. This is just the kind of thing that will always happen to "community" based projects. There's a certain point where "community" doesn't work, and you have to do it yourself.

People tend to associate Linux or OSS with everything being "free from the evil of money", however for the malicious person, there is always money to be made....and so stuff like this needs to be carefully monitored by PAID people.

Re:Comical (0)

Anonymous Coward | more than 7 years ago | (#20236649)

... because people who are PAID are "free from the evil of money"? Obviously such server hacks only occur where sysadmins aren't PAID. If your company server gets hacked it's because they're not paying your sysadmin enough. Hey, I like that one. I'm going to go tell my boss right now.

Re:Comical (0)

Anonymous Coward | more than 7 years ago | (#20236765)

... because people who are PAID are "free from the evil of money"?
No, if their company server gets hacked through their own negligence then their job is on the line. They have a good incentive to get it right.

Re:Comical (1)

blueZhift (652272) | more than 7 years ago | (#20236875)

Heh heh, the malicious person doesn't even need money as a motivator. In this particular case, I don't see how anyone would profit anyway, at least monetarily.

Re:Comical (0)

Anonymous Coward | more than 7 years ago | (#20237107)

I think the answer to that is obvious:

1. Hack Ubuntu servers
2. ?
3. Profit

Don't worry (4, Funny)

just_another_sean (919159) | more than 7 years ago | (#20236551)

This is just a transitional feature designed to make Windows users more comfortable using Ubuntu.

Re:Don't worry (0)

Anonymous Coward | more than 7 years ago | (#20236745)

I was wondering how this was going to be spun as a failure for Microsoft. Good job, Sean!

Re:Don't worry (0)

Anonymous Coward | more than 7 years ago | (#20236929)

And I $ee twitter $howed up to make the $ame point, except that he'$ not joking!

Re:Don't worry (1)

just_another_sean (919159) | more than 7 years ago | (#20237223)

Hey, <popeye>I yam whats me yams and that's all that me yams.</popeye>

I would like to read a report (5, Interesting)

QuantumRiff (120817) | more than 7 years ago | (#20236563)

Since this is a community based, open source project, I would love in the near future (after the investigation and cleanup are done) to read about how they determined that the machines were compromised, what the attackers did, and more importantly, how Ubuntu cleaned them up...

This could really help the community as a whole, and I know I would enjoy reading it..

Re:I would like to read a report (1)

Anonymous Coward | more than 7 years ago | (#20236741)

I suppose that other people contacted them saying "why are your servers attacking ours?"

Your servers attacking other peoples is normally a good sign you have been compromised.. Didn't you even read the summary?

Re:I would like to read a report (2)

JosefAssad (1138611) | more than 7 years ago | (#20236959)

I would love in the near future to read about how they determined that the machines were compromised

Well. I mean, 5 of 8 machines were already totally owned by the time they worked it out. I don't think documenting the discovery process is going to do anyone any favors. Unless we're going to be composing a Linux Administration HOWTO: Best of Bloopers.

Re:I would like to read a report (4, Insightful)

Frosty Piss (770223) | more than 7 years ago | (#20237177)

I don't think documenting the discovery process is going to do anyone any favors.

Isn't that part of the Linux/Microsoft Double Standard? Now, if Microsoft this type of issue and had been less than totally open about the cause and methods, you know as well as I do that there would be a high-pitched wailing from the Slashdot World.

"When linux boxen attack" (1, Funny)

Anonymous Coward | more than 7 years ago | (#20237389)

Next on Fox...

Re:I would like to read a report (5, Interesting)

discord5 (798235) | more than 7 years ago | (#20237429)

Unless we're going to be composing a Linux Administration HOWTO: Best of Bloopers.

I could fill about a 100 pages on my own from stupid things I've done and stupid things I've seen coworkers/customers do.

The funniest one is still one where one of my coworkers nuked /lib on a fairly important machine unintentionally because he just loves his spacebar:

rm -f /home/user/project /lib/*

Upon which of course by he proceeded to ask everyone "Hey, suppose I deleted something like /lib, is there a way to get it back?", followed by 10 people laughing, followed by a minute of silence as soon as we realized what machine he just did that on. He never got a root password for an important server after that incident. In hindsight, that was a funny incident, and a valuable lesson to us all (we all became paranoid of rereading what we just typed).

Yes, we had backups... Yes, tape drives are still slow

Sounds like (1)

wytcld (179112) | more than 7 years ago | (#20237117)

It sounds like a compromise based on using a flaw in an ftp daemon to exploit a kernel flaw to escalate privileges. The question I'd have is which ftp daemon were they running? FTP - even the old, unencrypted kind - IMHO can be run with tight security if you choose a daemon that can run in chroot with virtual-account privilege separation for each user. A few daemons do that, and do it well, most don't. So was this a known-problematic ftp daemon that Ubuntu's Loco servers were running, or a fresh exploit against one of the better daemons?

As for the suggestions that sftp is better, OpenSSH's version of sftp requires a shell account for each user - something good ftp daemon's don't. There are shells like scponly that are pretty good at chrooting each user's shell account - but not necessarily perfect. There are a lot more administrative steps in setting that up than for an ftp account, which if not quite done right can compromise security. FTP's maturity - again with the right daemon - can be a security advantage, over all.

Re:I would like to read a report (4, Interesting)

gmack (197796) | more than 7 years ago | (#20237307)

It's important to note that the servers may not have been actually rooted. There is a large number of ssh dictionary breakin attempts on every machine I administrate on several completely different ip blocks. The worst hit is usually my personal server that tended to get hit with several thousand attempts per hour(enough that legitimate logins were a problem) before I installed countermeasures. Even now the countermeasures are locking out 5 to 8 hosts per day.

They have managed to get user accounts on a few occasions and most of the time they never even attempt to gain root. They just start scanning for new hosts.

I'm now running a python script called DenyHosts [howtoforge.com] to find and lockout dictionary attacks. "apt-get install denyhosts" for debian users. Even on much more liberal settings than the default it's lowered my cpu load considerably and locks out attacks in the first minute rather than the hour it would otherwise take me to notice.

uh ho (4, Funny)

FudRucker (866063) | more than 7 years ago | (#20236603)

Ubuntu made a boobootu

Re:uh ho (1)

everphilski (877346) | more than 7 years ago | (#20236845)

Mark Shuttleworth kiss it and make it all better?

The real test (4, Interesting)

ZachPruckowski (918562) | more than 7 years ago | (#20236611)

The real test is how they react to this, and how they clean up their mess. Everyone screws up, but what separates good people from bad is how they react to problems and screw-ups.

It sounds like that part at least is still underway, with a meeting (FTA) in "#ubuntu-locoteams on Tuesday, August 14, 2007 at 2:00PM UTC". Seeing as that's yesterday, we should probably reserve judgement a day or two to see how they respond.

sorry... (2, Insightful)

cosmocain (1060326) | more than 7 years ago | (#20236613)

administrators, but:

who the hell places such exposed servers like these on the net without applying security patches and following simple rules? yeah, the freaking old hardware, compab problems, i sure understand that. but then make a fuss 'bout it. threat to stop maintaining the hardware if the networks cards aren't changed. if that REALLY is the only problem with the hardware which prevented updates, then i just don't understand how the hell this could happen. NICs, even though this would be no consumer hardware, aren't that expensive. if my employees servers were hacked because i did not mind telling him that some crappy piece of hardware prevented me from keeping uptodate with security, i would kindly be removed from my desk. period.

Re:sorry... (5, Insightful)

ZachPruckowski (918562) | more than 7 years ago | (#20236749)

Oh, from the sounds of it, all that you say is well-warranted. They were running a version of Ubuntu from October of 2005, which was obsoleted in April of this year, and they weren't using encryption. This is security 101, and they didn't do it. This does sound a lot more like an administration problem than a software problem.

Ultimately, I'd say that if this does wind up being an admin problem, then Ubuntu Server will not suffer. The bottom line is that a poorly administered server is a hacker target regardless of the OS.

Did they file bug reports? (1)

khasim (1285) | more than 7 years ago | (#20236897)

Okay, maybe Canonical gave them hardware that was not ... or ... was ... okay, this is just difficult to conceptualize.

The NIC's worked fine with version A.

The NIC's did not work with version B. Where's the bug report?

Breezy - this is where they stopped.
+ 6 months - Dapper - LTS, where is the bug report?
+ 12 months - Edgy - a bug report?
+ 18 months - Feisty - a bug report?

If you just CANNOT apply a patch then you HAVE TO make sure that EVERYTHING else is locked down AND INCREASE YOUR MONITORING OF THAT SYSTEM.

It looks like the admins made too many mistakes. I can fault Canonical IF there was a bug report filed and pursued.

Everything else is the admins' fault. No matter how stable and secure a system is, and by default Ubuntu ships with no open ports, a bad admin can break it.

Re:Did they file bug reports? (1)

jhol13 (1087781) | more than 7 years ago | (#20237213)

If you just CANNOT apply a patch
Could it be so that the problem is exactly here? I mean WHY they could not apply. It was claimed that some of the hardware no longer worked. The only reason I can imagine is that some driver got broken and/or was not supported by later kernel.

Hmm ... perhaps, just perhaps, this could have been avoidable by a stable binary interface in the kernel ... no, I would say it would be more than likely.

Re:Did they file bug reports? (1)

just_another_sean (919159) | more than 7 years ago | (#20237341)

Hmm ... perhaps, just perhaps, this could have been avoidable by a stable binary interface in the kernel ... no, I would say it would be more than likely.
Or, even better IMHO, they could of spent a couple of hundred US$ on getting new NICs that used open source drivers.

Update last week hosed my box (1)

morgan_greywolf (835522) | more than 7 years ago | (#20236621)

An update last week hosed by /boot partition. I haven't found any mention of this happening in any of the Ubuntu Forums. Anyone know if this could be related?

Re:Update last week hosed my box (1)

morgan_greywolf (835522) | more than 7 years ago | (#20236779)

s/by/my

Re:Update last week hosed my box (1)

flyingfsck (986395) | more than 7 years ago | (#20236781)

Well, I guess nobody can report it from their hosed boxes...

Jokes aside, my systems are working, so it probably another issue.

Re:Update last week hosed my box (1)

Chandon Seldon (43083) | more than 7 years ago | (#20236787)

Not unless you clicked through a "these packages aren't signed" warning. The package signing system is specifically designed to handle compromised repositories.

sftp (3, Insightful)

SolusSD (680489) | more than 7 years ago | (#20236639)

it amazes me that people even use the plain old ftp protocol for anything important. sftp has been around forever.

Re:sftp (5, Interesting)

Anonymous Coward | more than 7 years ago | (#20237263)

sftp and scp STILL do not allow anything like a REGET operations. Whenever anyone mentions this they got shot down in flames.

Driver issue (1)

Oddscurity (1035974) | more than 7 years ago | (#20236643)

The article itself doesn't mention a lot more than the summary. What really puzzles me is this part: "and no upgrades past breezy due to problems with the network cards and later kernels."

From the Breezy Badger release notes [ubuntu.com] : Linux 2.6.12.6

So how come there's a problem in getting that driver going under 2.6.22 (for example)?

Re:Driver issue (2, Informative)

Foktip (736679) | more than 7 years ago | (#20236889)

Heh, compatability with new hardware is part of the reason i started using Gentoo... even though Ubuntu uses new software, i've always had at least some problems getting either Broadcom or Nvidia network-cards working on generic-distro kernels. Were they using custom-made kernels, or the stock one?

Re:Driver issue (0)

Anonymous Coward | more than 7 years ago | (#20236943)

You do realize that the kernel development process and version numbering policy changed, a rather long time ago?

Re:Driver issue (1)

Technician (215283) | more than 7 years ago | (#20237173)

What really puzzles me is this part: "and no upgrades past breezy due to problems with the network cards and later kernels."

I put together a new machine Core 2 Duo on a new Asus board. I put Fiesty Fawn on it. It works great. I did notice a networking problem with the built-in NIC when trying to transfer large files to my fileserver. (DVD ISO) It would start and then hang with less then 1K transfered. Web, small transfers and such worked fine. I finaly had to make a SMB share on the machine and use my Dapper Drake laptop to transfer the file from that machine to the fileserver.

When I get some time, I'll stick in another NIC and see if that fixes the problem. I have a Intel card and a D-Link card I can try.

Re:Driver issue (1)

PalmKiller (174161) | more than 7 years ago | (#20237423)

What I don't understand is why they couldn't use the old kernel with the new release...the linux release should not necessarily tie them to a particular kernel.

Or do as I do at times (and as Oddscurity was suggesting I think) and use the old network card driver with a newer kernel ... this normally works fine by building it as a module unless something major changed in the way the kernel works with network card drivers.

Unencrypted FTP? (0)

Anonymous Coward | more than 7 years ago | (#20236657)

Say what??? Are they nuts? Were they also using telnet?

updates last night (0)

Anonymous Coward | more than 7 years ago | (#20236663)

So lets say that I installed a fresh copy of fiesty fawn last night, and was doing updates from about 8pm until 11pm EST (yes it took so long, the servers were THAT slow, and this is probably why). Should I be at all worried that the system might be compromised?

Re:updates last night (1)

mhall119 (1035984) | more than 7 years ago | (#20237393)

Ubuntu's packages are all signed, so unless you agreed to install unsigned packages (there should have been a warning telling you that was what you were doing), you should be fine. From my experience, if the package signature has a problem (package doesn't match the signature, meaning it's been modified) apt will refuse to install it, and bail out with an error message saying that signature verification failed. So you should be fine. It seems all the hackers were doing was using the servers at drones to attack someone else, probably didn't even need root access.

Kernel security flaw? (0)

Anonymous Coward | more than 7 years ago | (#20236671)

However, kernel upgrades couldn't be done because of poor backwards compatibility with the very hardware that Canonical had sponsored!

The poster is highlighting an almost completely irrelevant issue, how many security flaws are accessible in the kernel remotely? Its the applications on top, either incredibly bad administration leaving a hole, unencrypted passwords flying over the network, or regular easily guessed passwords.

Yes, its going to be inconvenient administration wise, but its not that difficult to upgrade the distribution and leave the kernel behind. The caveat is having to be extra secure on admitting remote users to protect against known local exploits.

Not like Debian (5, Informative)

Bruce Perens (3872) | more than 7 years ago | (#20236675)

This happpened to Debian once. I remember the very careful quality of the notifications, and the forensic analysis, and the fact that it was caught quickly and there thus wasn't much damage. It showed that a volunteer community can be right on top of this sort of problem with as much or more professionality than any paid staff. It's unfortunate that the configuration of Ubuntu and its loco teams has them pointing fingers at each other. And what about those systems that can't be upgraded? Are they, per chance, using proprietary network drivers? If so, well, folks should know better.

Bruce

Re:Not like Debian (-1, Flamebait)

Anonymous Coward | more than 7 years ago | (#20236965)

Typical Linux mistake because they hate binaries/proprietary they cannot use newer hardware; so now they have to run it on older/slower hardware.

Re:Not like Debian (1)

simong (32944) | more than 7 years ago | (#20237053)

The Debian servers were down for what seemed like ages though, which was frustrating for me as I was trying to build a few machines on it at the time. When providing a public service, there has to be a balance between fixing the problems and making sure that the service isn't down for too long.
I would assume that the Ubuntu source is safely stored offline somewhere and can be recovered but one of the lessons that has to be learned is the value of a standardised production environment that's been designed in a secure way. Horse and stable door for sure but these are the requirements that are paramount in a production system that is delivering what is becoming high profile software.

Re:Not like Debian (4, Funny)

soupforare (542403) | more than 7 years ago | (#20237103)

Maybe they should've been running deb stable. ;)

Re:Not like Debian (1)

un1xl0ser (575642) | more than 7 years ago | (#20237165)

There is no word on what was compromised exactly, but network drivers shouldn't affect their ability to update the userland portion of Ubuntu whatsoever. That is assuming that there was a remote exploit in one of the services that they ran, and that someone didn't just sniff their unencrypted FTP authentication.

laziness and excuses (1)

bl8n8r (649187) | more than 7 years ago | (#20236679)

It's all the same. You can lock up a system tighter than a dolphins ass, but no security in the world can mitigate pebkac.

Re:laziness and excuses (1)

andrewd18 (989408) | more than 7 years ago | (#20236961)

You can lock up a system tighter than a dolphins ass
How tight is that, exactly? Since you seem to have some experience, could you demonstrate for us?

Re:laziness and excuses (1)

k_187 (61692) | more than 7 years ago | (#20237029)

Simple, see that Cat5 cable coming out of the back? Pull it out.

"tighter than a dolphins ass" (3, Funny)

Dystopian Rebel (714995) | more than 7 years ago | (#20237141)

Sir, somewhere in the fully-indexed and data-mined future, your descendants will be publicly shamed and ridiculed because of your post.

I suppose they'll have no choice but to flee to deeper waters.

 

how ironic (4, Insightful)

Anonymous Coward | more than 7 years ago | (#20236681)

had these been windows servers we would have heard cries of a flaky operating system being the problem. in this case, since they're linux servers, we hear that the fault lays on the administrators of the boxen for not hardening the systems?

Re:how ironic (2)

Ginger Unicorn (952287) | more than 7 years ago | (#20236867)

perhaps it's true.

Re:how ironic (2, Insightful)

deftcoder (1090261) | more than 7 years ago | (#20237367)

That's because with Linux, you actually *CAN* harden your system. (e.g. kernel-level security patches, exec-shield, SELinux, etc.)

Re:how ironic (0)

Anonymous Coward | more than 7 years ago | (#20237415)

Well, considering if they had left the default install as is this wouldn't happen the fault does lie with the administrators. They opened up services that have notoriously poor security and did not take the proper steps to secure them. FTP services shouldn't even be available to install straight from CD anymore. You should have to apt-get it with warnings as to how insecure it is (plaintext, what?). It is a flawed protocol. Maybe they should go a step further and have SFTP replace FTP as the default "ftp" package and if you want a crappy old ftp client/server call it iftp/iftpd for insecure-ftp or iwannabehacked-ftp. Although with iftp you might have mac fans installing it thinking it must be the best possible ftp.

--David

The plan. (0)

Anonymous Coward | more than 7 years ago | (#20236701)

1. Accuse Microsoft of making insecure procuts and being bloodsucking capitalist vampires.

2. Praise Linux for being secure and community-made, and hence non-profit.

3. Shift blame around when security is compromised since nobody knows who's really accountable.

4. ???

5. Global Linux hegemony.

Constructively (1)

b1ufox (987621) | more than 7 years ago | (#20236719)

Seriously, better late than never.
No software is perfect,no package is absolutely secure.
Its good that these servers were compromised and detected too[i hope withing time].
This means either admins are not doing their job properly or the culprit packages are buggy.
Either way it is an eye opener to the community and especially Canonical.
This calls for better auditing and more effort to be put into security on Ubuntu server systems as well as packages which make their way into Ubuntu.
This may possibly mean more work for Ubuntu package maintainers and in turn a better product[not the perfect one but a better one].

Re:Constructively (2)

plague3106 (71849) | more than 7 years ago | (#20236941)

I wonder if the tone would be so even headed if this was a recent MS operating system.

Panic, They Might Have Gotten the Source Code! (4, Funny)

twitter (104583) | more than 7 years ago | (#20236743)

It's like NT all over again [slashdot.org] . God only knows what bad things they can do with that.

I'm sorry (1, Funny)

thatskinnyguy (1129515) | more than 7 years ago | (#20236797)

This doesn't sound like a hack at all. If "[they] started attacking the other servers", it sounds more like a virus than a hacker. That is, if the servers were genuinely attacking the other servers. It's an exploited weakness nonetheless.

Mod -1 please (3, Funny)

greedyturtle (968401) | more than 7 years ago | (#20237149)

Please mod this -1, I don't agree with him.

This is why packages should be signed (1)

DaleGlass (1068434) | more than 7 years ago | (#20236805)

With signatures in place, and verification by default when packages are installed, you'd need more than just breaking into a server to cause serious damage.

Ubuntu seems to have something in place already, but from my look at it, doesn't seem nearly as insistent on security as it should be.

New NIC, Anyone? (1)

BobMcD (601576) | more than 7 years ago | (#20236823)

no upgrades past breezy due to problems with the network cards and later kernels
So wait, this old hardware has no PCI slots? No USB ports? Nothing that could allow one to simply NOT USE THE UNSUPPORTED NIC CARD???

What the HELL is going on here? This isn't just an 'oops', this is really, really friggen lazy! Last I checked, 3Com and Intel still have about a billion NICs out there in the great wide world. Hell, I could mail them a few myself... ;)

No?

Re:New NIC, Anyone? (2, Insightful)

greedyturtle (968401) | more than 7 years ago | (#20237185)

It's a lot harder to remotely install a PCI card than it is to complain about it on an internet message board.

Re:New NIC, Anyone? (1)

BobMcD (601576) | more than 7 years ago | (#20237293)


Admin: You see, boss, I wasn't there. I can't exactly reach through the pipes!

Boss: I see. So should any hardware fail, it can never be replaced? No one has any kind of physical access to the hardware at all? I suppose the servers are encased in concrete??

Admin: Well no. Not exactly...

Sure, that'll fly. I'll use it on my boss. "I couldn't replace the drive from home, and didn't feel like driving in, sorry."

Sheesh

Re:Older cpmpatible NIC, Anyone? (1)

Technician (215283) | more than 7 years ago | (#20237257)

So wait, this old hardware has no PCI slots? No USB ports? Nothing that could allow one to simply NOT USE THE UNSUPPORTED NIC CARD???

I wonder if they could use some of my NE2000 NICs. They should be compatible. I'll even toss in some 50 ohm terminations.

Further proof.. (5, Funny)

HerculesMO (693085) | more than 7 years ago | (#20236869)

Linux systems are only as secure as the admins who manage them.

And for bonus "hate" points, even MS servers can be secure if they are admined probably. Don't worry though, I have my flame suit on. :)

Some clarification (5, Informative)

joe_cot (1011355) | more than 7 years ago | (#20236881)

As one of the people affected by this issue, I'd like to give some clarification on this. Firstly, the servers affected were Local Community (LoCo) Team servers, of which I maintain ubuntu-us.org While I'm personally annoyed that the site is down (given it was on the front page of Digg last week), these servers are far from "production" servers; they host LoCo team resources and websites. I'd like to know what "compromised" software would have been downloaded by users, given that these servers did not host user repositories, and for the most part hosted news pages, blogs, and localized documentation. The issues were twofold: the servers were not upgraded past breezy, leaving them open to vulnerabilities after Breezy's EOL; LoCo team users were running an array of web applications (Drupal, Wordpress, Mediawiki, etc), but not updating their systems with new security patches. Top that with ftp logins and no ssh keys, and you have yourself a problem. Canonical is moving the installs to their facilities, retrieving the data, and building the installs (including the aformentioned web applications) from scratch, assuming that everything has been compromised. Hopefully in the next few days this will all be over.

This is a FAILURE of the OPEN SOURCE Community (-1, Troll)

Anonymous Coward | more than 7 years ago | (#20236977)

why hasn't the community (that means you) spent enough time looking over the code and fixing all those bugs?

We share the blame equally!

Re:This is a FAILURE of the OPEN SOURCE Community (1)

mhall119 (1035984) | more than 7 years ago | (#20237327)

Who said it was a bug? It could be as easy as someone password sniffing on a remote network saw a user log in to the Ubuntu server's FTP service. Once they had a username and password, logging onto the box and running a spam/DoS script against other servers is easy. It's not a bug, it's just an insecure method of accessing a box. Kind of like putting a huge lock on your front door, then leaving the key under the mat.

In other news... (1)

thatskinnyguy (1129515) | more than 7 years ago | (#20236979)

I can see it now: Ubuntu pushing out a hacked patch that makes all the term screens read by default:

[root@localhost]# All your Ubuntu are belong to us. Make your time. HAHAHA!

Thank Goodness! (0)

Anonymous Coward | more than 7 years ago | (#20237005)

I wonder if these are the same servers that Ubuntu users get updates from.

If they were successfully attacked by the threat level of script kiddies, then it's likely that they were compromised earlier by higher threat levels, eg. large corporations or governments. Such a crude method of spreading speaks of a zombie net, and would have been harmless to Ubuntu's users, but the bad guys from other threat models may have created backdoors, keyloggers, and other rootkits on every updaters' computer.

Not that the big fish won't be able to work their way back in once Ubuntu is back up, but at least we'll have a reprieve and they'll have to use more resources.

Yes, I sleep in my tin foil nightcap.

Re:Thank Goodness! (1)

joe_cot (1011355) | more than 7 years ago | (#20237129)

I wonder if these are the same servers that Ubuntu users get updates from.

They're not. The repository servers are controlled and maintained by Canonical. These were community-run servers for hosting Local Community Teams [ubuntu.com] . You can take the tin foil hat off now.

It's "shut down",damn it. (-1, Flamebait)

Anonymous Coward | more than 7 years ago | (#20237021)

"Shutdown" is not a verb. Learn to spell.

Cripes!

It happens (4, Informative)

popeydotcom (114724) | more than 7 years ago | (#20237091)

Firstly these servers were not "Canonical Hosted" as the anonymous readers suggests. They were hosted in a DC which Canonical paid for, but the community maintained them. So Canonical system admins had very little to do with them.

My site - http://screencasts.ubuntu.com [ubuntu.com] was one of them that was affected, so I was of course concerned that there might be some data loss. I only use SCP to copy files up to the site, and logon with my ssh key, so don't think that all Ubuntu community members are using FTP, weak passwords and really old software, it only takes _one_ though to naff it up for everyone else.

The Canonical system admins (on top of the work they already do) migrated the services from those servers to their own DC very quickly. My site went down on Tuesday and was back by Friday. For free hosting and oodles of bandwidth, I'm happy with that downtime - for a community site.

Soviet? (4, Funny)

Jugalator (259273) | more than 7 years ago | (#20237161)

"Ubuntu had to shutdown 5 of 8 production servers that are sponsored by Canonical, when they started attacking other systems."

In Soviet Russia, server attack you?

Ubuntu hacked! (0, Troll)

sgholt (973993) | more than 7 years ago | (#20237323)

uhh...that's what happens when you try to make your linux distro work like windows....

Turns out the whole reason for the attack was... (5, Interesting)

bealzabobs_youruncle (971430) | more than 7 years ago | (#20237365)

to replace the horrid orange and brown default themes.

I used to be an ardent Ubuntu supporter but since Dapper and the wider adoption there has been too much emphasis on making things more Windows-like and less on best practices throughout the Ubuntu community (note I said the community, not the developers). Stuff like Automatix and the general feeling that any script that or line of code that is posted on the Ubuntu forums is guaranteed safe has led to lax standards. I've brought this up a couple times and any valid discussion quickly descends into a flame-fest and the mods (rightly so) lock it down.

The Ubuntu community has bent over backwards so far to prove they can include everyone they lost site of many of the things that make Linux a better choice for many people; time to get back to fundamentals and best practices, the sooner the better. Stop worrying about besting Windows at every silly thing (ahem, desktop transparency), stop trying to include aunt Tilly (who is never going to "switch" anyway) and remember that some things take more effort but are often worth it.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?