Re: [Haskell-cafe] Status update on {code, trac, projects, planet, community}.haskell.org

3 Feb 2011

      On Thu, 2011-02-03 at 10:37 +0200, Roman Cheplyaka wrote:
...
* Duncan Coutts  [2011-02-02 01:33:22+0000]
...
These are all hosted on the community server. The community server was
hacked on the 26th January and we took it offline. The server was
running an old version of debian that was no longer supported with
security updates. (Ironically, two days previously the infrastructure
team had been discussing the fact that nobody seemed to have any time
available to do the planned migration to a new host). The hacker
replaced sshd which we noticed because the ssh host signature changed
and it started prompting for passwords (we use key-based rather than
password based logins).
Might be related:
http://sourceforge.net/blog/sourceforge-attack-full-report/
Yes, it's quite possible.

One difference to note is that we use ssh key based logins, not
passwords. We suspect this saved us from the worst case scenarios.

Nevertheless, while we don't have to reset passwords, we are concerned
about the potential that the attacker replaced or added to users
~/.ssh/authorized_keys lists, which is why we have not yet re-enabled
user accounts.

We will try and provide as full a picture as we can when we're satisfied
we've got as much info and confidence as we're likely to get.

Duncan