linuxaudio.org compromised - 2018-01-29
Moderators: MattKingUSA, khz
-
- Established Member
- Posts: 4
- Joined: Tue Jan 30, 2018 10:36 pm
Re: linuxaudio.org compromised - 2018-01-29
Thanks for all the hardwork. Everyone should definitely pitch in to write an opera about these linux heroes.
-
- Established Member
- Posts: 2036
- Joined: Sat Jun 11, 2016 12:05 am
- Has thanked: 10 times
- Been thanked: 22 times
Re: linuxaudio.org compromised - 2018-01-29
Hi,
Is there a need to subscribe again to the list ?
Cheers.
Is there a need to subscribe again to the list ?
Cheers.
- rncbc
- Established Member
- Posts: 1068
- Joined: Mon Apr 19, 2010 12:20 pm
- Has thanked: 45 times
- Been thanked: 270 times
- Contact:
Re: linuxaudio.org compromised - 2018-01-29
a pertinent questionjonetsu wrote:Hi,
Is there a need to subscribe again to the list ?
Cheers.
though if one or everyone should have to do just that that would be really disgusting and quite frankly it would sentence the death of it all :/
from my standing pov.:
none of the LA(A|D|U) mail-lists seems to work at all; mails sent just seem to fall into the void: no bounces, no single response either;
mailist archives seem to have stopped on 29/1: no surprise here;
administrative interface seems to be up and running though;
otoh. planet.linuxaudio.org looks like is has also a huge-lot to catch-up so another question comes in: is it running/being fed at all?
byee
-
- Established Member
- Posts: 2036
- Joined: Sat Jun 11, 2016 12:05 am
- Has thanked: 10 times
- Been thanked: 22 times
Re: linuxaudio.org compromised - 2018-01-29
Care must be taken when writing on opera !BlackGuyver78 wrote:Thanks for all the hardwork. Everyone should definitely pitch in to write an opera about these linux heroes.
"New research finds music can be used to hack smartphones, computers and cars"
" .... likened the devious possibilities of hacking the accelerometer of an electronic device to the piercing capabilities of an opera singer."
http://www.nme.com/news/music/music-can ... ch-2016930
OK, back to the more serious topic ...
- khz
- Established Member
- Posts: 1648
- Joined: Thu Apr 17, 2008 6:29 am
- Location: German
- Has thanked: 42 times
- Been thanked: 92 times
Re: linuxaudio.org compromised - 2018-01-29
THX!
. . . FZ - Does humor belongs in Music?
. . GNU/LINUX@AUDIO ~ /Wiki $ Howto.Info && GNU/Linux Debian installing >> Linux Audio Workstation LAW
. . GNU/LINUX@AUDIO ~ /Wiki $ Howto.Info && GNU/Linux Debian installing >> Linux Audio Workstation LAW
- I don't care about the freedom of speech because I have nothing to say.
- briandc
- Established Member
- Posts: 1442
- Joined: Sun Apr 29, 2012 3:17 pm
- Location: Italy
- Has thanked: 58 times
- Been thanked: 28 times
- Contact:
Re: linuxaudio.org compromised - 2018-01-29
A big "THANK YOU" to Autostatic (good to see you around here again!) and everyone else "behind the scenes."
Beer's on me (hitch: you have to come to Italy Milan-area to get it!) Unless I end up in "the north" some time soon...
brian
Beer's on me (hitch: you have to come to Italy Milan-area to get it!) Unless I end up in "the north" some time soon...
brian
Have your PC your way: use linux!
My sound synthesis biome: http://www.linuxsynths.com
My sound synthesis biome: http://www.linuxsynths.com
-
- Established Member
- Posts: 2036
- Joined: Sat Jun 11, 2016 12:05 am
- Has thanked: 10 times
- Been thanked: 22 times
Re: linuxaudio.org compromised - 2018-01-29
OK, so it seems to work for just about everyone with all the thanks floating around. And since there's no activity in the mailing list that I can see from the email client here whose configuration did not change, there IS a need to subscribe again.
UPDATE Nope, that's not it. The reply was:
"An attempt was made to subscribe your address to the mailing list linux-audio-user@lists.linuxaudio.org. You are already subscribed to this mailing list. Note that the list membership is not public, so it is possible that a bad person was trying to probe the list for its membership. This would be a privacy violation if we let them do this, but we didn't."
UPDATE Nope, that's not it. The reply was:
"An attempt was made to subscribe your address to the mailing list linux-audio-user@lists.linuxaudio.org. You are already subscribed to this mailing list. Note that the list membership is not public, so it is possible that a bad person was trying to probe the list for its membership. This would be a privacy violation if we let them do this, but we didn't."
Re: linuxaudio.org compromised - 2018-01-29
Don't think the smtp-server is started yet on the machine. I sent a "help" to linux-audio-user-request and got a time out.jonetsu wrote:OK, so it seems to work for just about everyone with all the thanks floating around. And since there's no activity in the mailing list that I can see from the email client here whose configuration did not change, there IS a need to subscribe again.
UPDATE Nope, that's not it. The reply was:
"An attempt was made to subscribe your address to the mailing list linux-audio-user@lists.linuxaudio.org. You are already subscribed to this mailing list. Note that the list membership is not public, so it is possible that a bad person was trying to probe the list for its membership. This would be a privacy violation if we let them do this, but we didn't."
Code: Select all
Feb 15 19:48:49 nic postfix/smtp[16371]: 624E52A0030: to=<linux-audio-user-request@lists.linuxaudio.org>, relay=none, delay=30, delays=0.04/0/30/0, dsn=4.4.1, status=deferred (connect to a.mx.lists.linuxaudio.org[185.54.115.210]:25: Connection timed out)
-
- Established Member
- Posts: 8
- Joined: Sun Nov 27, 2011 10:03 pm
- Location: Topeka, Kansas, USA
- Contact:
Re: linuxaudio.org compromised - 2018-01-29
Can use more hands? Email me. I've been registered on the wiki for a while. jeb@ponderworthy.com
Jonathan E. Brickman
http://lsn.ponderworthy.com
http://lsn.ponderworthy.com
-
- Established Member
- Posts: 2036
- Joined: Sat Jun 11, 2016 12:05 am
- Has thanked: 10 times
- Been thanked: 22 times
- autostatic
- Established Member
- Posts: 1994
- Joined: Wed Dec 09, 2009 5:26 pm
- Location: Beverwijk, The Netherlands
- Has thanked: 32 times
- Been thanked: 104 times
- Contact:
Re: linuxaudio.org compromised - 2018-01-29
Dear all,
We just enabled all mail services for linuxaudio.org again. All mailing
lists are working again and mail can be sent and received for the
linuxaudio.org domain.
A short recap of what happened is that linuxaudio.org got compromised on
January 29th, probably with a compromised private SSH key or password
from an account with shell access. The attacker checked the kernel, saw
that it was vulnerable to Dirty COW¹, pulled in an exploit and got root.
This was quickly discovered by the IT department of Virginia Tech
University that disconnected the server from the internet and started a
forensic investigation procedure. As part of their IT security policy
the server had to be reinstalled and everything had to be set up from
scratch again. In the meanwhile I built an alternative setup and after
some discussion we agreed on moving linuxaudio.org away from the
Virginia Tech server.
So linuxaudio.org got a new home after 15 years at Virginia Tech². We're
very, very thankful that we could host linuxaudio.org on their servers
and we can't stress enough how grateful we are for all the work that has
been done on the side of Virginia Tech after the hack.
linuxaudio.org now lives at Fuga³, a fully open source OpenStack⁴ cloud
based in The Netherlands. Fuga is part of Cyso⁵, the company I work for.
The linuxaudio.org ecosystem now consists of three separate servers, a
web server, a mail server and a storage server. We rebuilt everything
with portability and scalability in mind with a strong focus on
security. You can never prevent passwords or SSH keys getting into the
hands of hackers but we'll try to keep the servers as up to date as we
can to narrow down the attack surface as much as possible.
A big thank you to all those who helped out! It was quite a ride but it
seems as if most part of the linuxaudio.org ecosystem is accessible
again. If you find any web pages, downloads or other bits and parts that
don't work properly then please let us know so we can take a look at it.
Many thanks in advance and also many thanks for bearing with us!
Best,
Jeremy Jongepier
root@linuxaudio.org
¹ https://dirtycow.ninja/
² https://icat.vt.edu/
³ https://fuga.cloud/
⁴ https://www.openstack.org/
⁵ https://cyso.com/en/
We just enabled all mail services for linuxaudio.org again. All mailing
lists are working again and mail can be sent and received for the
linuxaudio.org domain.
A short recap of what happened is that linuxaudio.org got compromised on
January 29th, probably with a compromised private SSH key or password
from an account with shell access. The attacker checked the kernel, saw
that it was vulnerable to Dirty COW¹, pulled in an exploit and got root.
This was quickly discovered by the IT department of Virginia Tech
University that disconnected the server from the internet and started a
forensic investigation procedure. As part of their IT security policy
the server had to be reinstalled and everything had to be set up from
scratch again. In the meanwhile I built an alternative setup and after
some discussion we agreed on moving linuxaudio.org away from the
Virginia Tech server.
So linuxaudio.org got a new home after 15 years at Virginia Tech². We're
very, very thankful that we could host linuxaudio.org on their servers
and we can't stress enough how grateful we are for all the work that has
been done on the side of Virginia Tech after the hack.
linuxaudio.org now lives at Fuga³, a fully open source OpenStack⁴ cloud
based in The Netherlands. Fuga is part of Cyso⁵, the company I work for.
The linuxaudio.org ecosystem now consists of three separate servers, a
web server, a mail server and a storage server. We rebuilt everything
with portability and scalability in mind with a strong focus on
security. You can never prevent passwords or SSH keys getting into the
hands of hackers but we'll try to keep the servers as up to date as we
can to narrow down the attack surface as much as possible.
A big thank you to all those who helped out! It was quite a ride but it
seems as if most part of the linuxaudio.org ecosystem is accessible
again. If you find any web pages, downloads or other bits and parts that
don't work properly then please let us know so we can take a look at it.
Many thanks in advance and also many thanks for bearing with us!
Best,
Jeremy Jongepier
root@linuxaudio.org
¹ https://dirtycow.ninja/
² https://icat.vt.edu/
³ https://fuga.cloud/
⁴ https://www.openstack.org/
⁵ https://cyso.com/en/
- autostatic
- Established Member
- Posts: 1994
- Joined: Wed Dec 09, 2009 5:26 pm
- Location: Beverwijk, The Netherlands
- Has thanked: 32 times
- Been thanked: 104 times
- Contact:
Re: linuxaudio.org compromised - 2018-01-29
No, we restored the complete Mailman setup from the compromised server. That includes all subscriptions, no need to subscribe again.jonetsu wrote:Is there a need to subscribe again to the list ?
- autostatic
- Established Member
- Posts: 1994
- Joined: Wed Dec 09, 2009 5:26 pm
- Location: Beverwijk, The Netherlands
- Has thanked: 32 times
- Been thanked: 104 times
- Contact:
Re: linuxaudio.org compromised - 2018-01-29
Hi Rui,
Regarding planet.linuxaudo.org, I'm working on getting it to gather updates again. But bear in mind that the software we were using (planetplanet) was written in like Python 2.2 and isn't maintained anymore.
Jeremy
We decided to keep all mail related ports closed until we were 100% sure that all mail services functioned properly. Today we finally reached that point, we opened everything up and everything started to work again. We didn't want mail to start bouncing as that could be interpreted that the corresponding mail boxes might not exist anymore which was not the case.rncbc wrote:a pertinent question
though if one or everyone should have to do just that that would be really disgusting and quite frankly it would sentence the death of it all :/
from my standing pov.:
none of the LA(A|D|U) mail-lists seems to work at all; mails sent just seem to fall into the void: no bounces, no single response either;
mailist archives seem to have stopped on 29/1: no surprise here;
administrative interface seems to be up and running though;
otoh. planet.linuxaudio.org looks like is has also a huge-lot to catch-up so another question comes in: is it running/being fed at all?
Regarding planet.linuxaudo.org, I'm working on getting it to gather updates again. But bear in mind that the software we were using (planetplanet) was written in like Python 2.2 and isn't maintained anymore.
Jeremy
-
- Established Member
- Posts: 2082
- Joined: Mon Sep 28, 2015 8:06 pm
- Location: Here, of course!
- Has thanked: 227 times
- Been thanked: 400 times
- Contact:
Re: linuxaudio.org compromised - 2018-01-29
Once again, thanks to you and everyone who helped to get this sorted out.
The Yoshimi guy {apparently now an 'elderly'}
- autostatic
- Established Member
- Posts: 1994
- Joined: Wed Dec 09, 2009 5:26 pm
- Location: Beverwijk, The Netherlands
- Has thanked: 32 times
- Been thanked: 104 times
- Contact:
Re: linuxaudio.org compromised - 2018-01-29
https://planet.linuxaudio.org/ is pulling in updates again. The template we used doesn't seem to work at the moment but I'll fix that too.