Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ubuntu Servers Hacked

Posted by CmdrTaco on from the zomg-alert-the-media dept.

An anonymous reader noted that "Ubuntu had to shutdown 5 of 8 production servers that are sponsored by Canonical, when they started attacking other systems. Canonical blames the community, saying they were community hosted, and were poorly maintained. However, kernel upgrades couldn't be done because of poor backwards compatibility with the very hardware that Canonical had sponsored! While people point fingers at each other it is pretty clear that both sides are equally to blame, the community administrators for practicing bad security practices, such as using unencrypted FTP transfers with accounts, not properly maintaining the system. However Canonical should have been well aware of what they are hosting. The question remains, if any of the files distributed to users have been compromised. A major blow for Canonical though who are attempting to enter the business market with Ubuntu Server."

14 of 330 comments (clear)

  1. New distro name by Anonymous Coward · · Score: 5, Funny

    Spambuntu

  2. Hacked... by andrewd18 · · Score: 5, Funny

    You keep using that word. I do not think it means what you think it means.

    1. Re:Hacked... by Lord+Ender · · Score: 5, Insightful

      Language changes with time. This particular word has changed meanings (or at least got a new meaning) in the English language. You don't have to like that fact, but bitching on slashdot isn't going to change that fact.

      People in the industry are aware that "hack" used to mean "cleverly manipulate a device into doing something its designers did not intend." People also know that "wherefor" used to mean "why." In both cases, the original definitions no longer apply.

      Language changes. You'll get over it. There are more important battles to fight.

      --
      A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.
  3. I would like to read a report by QuantumRiff · · Score: 5, Interesting

    Since this is a community based, open source project, I would love in the near future (after the investigation and cleanup are done) to read about how they determined that the machines were compromised, what the attackers did, and more importantly, how Ubuntu cleaned them up...

    This could really help the community as a whole, and I know I would enjoy reading it..

    --

    What are we going to do tonight Brain?
    1. Re:I would like to read a report by discord5 · · Score: 5, Interesting

      Unless we're going to be composing a Linux Administration HOWTO: Best of Bloopers.

      I could fill about a 100 pages on my own from stupid things I've done and stupid things I've seen coworkers/customers do.

      The funniest one is still one where one of my coworkers nuked /lib on a fairly important machine unintentionally because he just loves his spacebar:

      rm -f /home/user/project /lib/*

      Upon which of course by he proceeded to ask everyone "Hey, suppose I deleted something like /lib, is there a way to get it back?", followed by 10 people laughing, followed by a minute of silence as soon as we realized what machine he just did that on. He never got a root password for an important server after that incident. In hindsight, that was a funny incident, and a valuable lesson to us all (we all became paranoid of rereading what we just typed).

      Yes, we had backups... Yes, tape drives are still slow

    2. Re:I would like to read a report by mickwd · · Score: 5, Insightful

      "The funniest one is still one where one of my coworkers nuked /lib on a fairly important machine unintentionally"

      "He never got a root password for an important server after that incident. In hindsight, that was a funny incident, and a valuable lesson to us all (we all became paranoid of rereading what we just typed)."

      I hope the decision to deny him root access was based on more than that one unintentional incident. It could have happened to any of you. After all, why else would it be a "valuable lesson" to you ? Isn't the person who made that mistake the least likely to make it again ? And you did also say you "could fill about a 100 pages on my own from stupid things I've done".

  4. Not like Debian by Bruce+Perens · · Score: 5, Informative
    This happpened to Debian once. I remember the very careful quality of the notifications, and the forensic analysis, and the fact that it was caught quickly and there thus wasn't much damage. It showed that a volunteer community can be right on top of this sort of problem with as much or more professionality than any paid staff. It's unfortunate that the configuration of Ubuntu and its loco teams has them pointing fingers at each other. And what about those systems that can't be upgraded? Are they, per chance, using proprietary network drivers? If so, well, folks should know better.

    Bruce

    --
    Bruce Perens.
  5. Re:sorry... by ZachPruckowski · · Score: 5, Insightful

    Oh, from the sounds of it, all that you say is well-warranted. They were running a version of Ubuntu from October of 2005, which was obsoleted in April of this year, and they weren't using encryption. This is security 101, and they didn't do it. This does sound a lot more like an administration problem than a software problem.

    Ultimately, I'd say that if this does wind up being an admin problem, then Ubuntu Server will not suffer. The bottom line is that a poorly administered server is a hacker target regardless of the OS.

  6. Further proof.. by HerculesMO · · Score: 5, Funny

    Linux systems are only as secure as the admins who manage them.

    And for bonus "hate" points, even MS servers can be secure if they are admined probably. Don't worry though, I have my flame suit on. :)

    --
    The price is always right if someone else is paying.
  7. Some clarification by joe_cot · · Score: 5, Informative

    As one of the people affected by this issue, I'd like to give some clarification on this. Firstly, the servers affected were Local Community (LoCo) Team servers, of which I maintain ubuntu-us.org While I'm personally annoyed that the site is down (given it was on the front page of Digg last week), these servers are far from "production" servers; they host LoCo team resources and websites. I'd like to know what "compromised" software would have been downloaded by users, given that these servers did not host user repositories, and for the most part hosted news pages, blogs, and localized documentation. The issues were twofold: the servers were not upgraded past breezy, leaving them open to vulnerabilities after Breezy's EOL; LoCo team users were running an array of web applications (Drupal, Wordpress, Mediawiki, etc), but not updating their systems with new security patches. Top that with ftp logins and no ssh keys, and you have yourself a problem. Canonical is moving the installs to their facilities, retrieving the data, and building the installs (including the aformentioned web applications) from scratch, assuming that everything has been compromised. Hopefully in the next few days this will all be over.

  8. Re:Following the M$ example. Re:BWAHAHAHA... by Minwee · · Score: 5, Funny

    Well, if they _did_ get broken into all the time, then that would be pretty embarrassing. The last thing they would want to do is publicize the fact, so it only makes sense that they would cover it up and say nothing about it.

    Since nobody has _ever_ said anything about frequent break-ins, it's clear that they must be happening.

    Why am I the only person who can see how obvious this is?

  9. Re:sftp by Anonymous Coward · · Score: 5, Interesting

    sftp and scp STILL do not allow anything like a REGET operations. Whenever anyone mentions this they got shot down in flames.

  10. Re:Following the M$ example. Re:BWAHAHAHA... by laederkeps · · Score: 5, Funny

    No, but if M$ can't guard their precious source code, what can they guard?
    Well, I heard that Ubuntu isn't very good at that either...
  11. Turns out the whole reason for the attack was... by bealzabobs_youruncle · · Score: 5, Interesting
    to replace the horrid orange and brown default themes.

    I used to be an ardent Ubuntu supporter but since Dapper and the wider adoption there has been too much emphasis on making things more Windows-like and less on best practices throughout the Ubuntu community (note I said the community, not the developers). Stuff like Automatix and the general feeling that any script that or line of code that is posted on the Ubuntu forums is guaranteed safe has led to lax standards. I've brought this up a couple times and any valid discussion quickly descends into a flame-fest and the mods (rightly so) lock it down.

    The Ubuntu community has bent over backwards so far to prove they can include everyone they lost site of many of the things that make Linux a better choice for many people; time to get back to fundamentals and best practices, the sooner the better. Stop worrying about besting Windows at every silly thing (ahem, desktop transparency), stop trying to include aunt Tilly (who is never going to "switch" anyway) and remember that some things take more effort but are often worth it.