Novell OpenSUSE Server Hacked

abelikoff writes "Both LinuxWorld Australia and SuSE Linux Forums report that OpenSUSE website got hacked last night." This story was submitted quite a number of times.

OpenSUSE website Hacked? No.

[blanks]

The open SuSE website wasnt hacked, it was a damn gamming machine they had on their network.

From TFA:

"The employees that set it up apparently had no idea of security," Brandon said. "But what is really surprising is that Novell would allow employees to set up game servers on their corporate network and then allow the public to access it."

"There was no major breach of security here," Barney said. "Needless to say, we are taking the appropriate steps" to address the situation.

Re:ssh scan

[despisethesun]

I have a hard time to see the gain in security by disalowing root but allowing users to login and then sudo.

You must not have much experience with sudo. One of the benefits of it is that it allows you to give root permission to people for specific tasks that they would need that access level for. While there are certainly a lot of people who set their sudoers file to "allow all" for everyone, if sudo is properly implemented no one should be able to do anything they don't NEED to do as root. Sudo also has the benefit of keeping track of what users used it to do what tasks, making it easier to trace the path an attack came from.

Gogo0 also mentioned an added benefit to this scheme so I'm not going to repeat it here.