More than Half of Ubuntu Servers Compromised

Out of a total of eight servers of the Ubuntu project, five came under hacking attempts, which had to be disconnected from the Internet.

Experts are mending the Ubuntu project after taking offline a majority of its servers on the weekend of August 11, 2007 because somebody had compromised them to launch attacks. Ubuntu is an open-source, Linux-based, community-developed operating system (OS). The commercial sponsor of the project is Canonical.

In an online advisory, the Canonical sysadmin team leader James Troup said that one of the Canonical sponsored hosted servers of the community had been hacked. Information Week reported this on August 16, 2007. James said that after technicians detected the compromise, an investigation was conducted that discovered that five of the eight systems were remotely controlled that was attacking other systems. Troup's advisory, however, did not mention which systems were under attack.

Since the machines were actively targeting assaults on other machines, it was decided to shut them down, said Troup, who is also known by the name Elmo. Troup continued by saying that they started to bring the systems to a safe state in order to retrieve the data from the affected machines. Unfortunately, due to several reasons, it took much more time to complete the process than they wished it would. The reasons included the presence of remote control, arbitrary limits that those remote controllers imposed, and absence of bandwidth to copy data elsewhere from the site, James said.

The servers already had some problems, according to Ubuntu. These were lack of the required security patches, use of FTP to access the systems, and lack of upgrades for the servers (as a result of problems in network kernels and cards).

Troup pointed out that since the systems were being accessed using FTP without SSL, a hacker could sniff the passwords created in clear text and access the servers. The servers also lacked sufficient upgrades, which further allowed the attacker to gain access to the root areas of the computer.

Troup assured they are working fast to restore the servers while ensuring that there will be no repeat of such compromises.

Related article: More Requests For Better E-Mail and Spam Control

» SPAMfighter News - 9/1/2007