Emdebian Server Compromised
November 6th, 2005
Unfortunately we have been hacked! Due to an old version of Twiki being used, which was not a Debian package and thus not automatically updated we got got by the XML-RPC hole. Fortunately our kernel was too new to be vulnerable to subseqent attacks so as far as we can tell they only ever got www-data rights and installed a bot, but that's still quite bad.
Thanx to sterling efforts by Charles Stevenson and Allen Curtis, the owner of the box, everything has been re-installed and checked over. This time the box has been set up from scratch as a server in a reasonably security-conscious fashion. Hopefully we won't have to waste time going through that again for a while. On the bright side we do now have a better-organised box.
Back to other Emdebian news.
Back to the Emdebian Project homepage.