From jeremy at autostatic.com Sat Feb 17 19:20:01 2018 From: jeremy at autostatic.com (Jeremy Jongepier) Date: Sat, 17 Feb 2018 19:20:01 +0100 Subject: [LAT] linuxaudio.org is back online! Message-ID: <412af30c-dd2d-5221-69d9-72cc37dd79d5@autostatic.com> Dear all, We just enabled all mail services for linuxaudio.org again. All mailing lists are working again and mail can be sent and received for the linuxaudio.org domain. A short recap of what happened is that linuxaudio.org got compromised on January 29th, probably with a compromised private SSH key or password from an account with shell access. The attacker checked the kernel, saw that it was vulnerable to Dirty COW¹, pulled in an exploit and got root. This was quickly discovered by the IT department of Virginia Tech University that disconnected the server from the internet and started a forensic investigation procedure. As part of their IT security policy the server had to be reinstalled and everything had to be set up from scratch again. In the meanwhile I built an alternative setup and after some discussion we agreed on moving linuxaudio.org away from the Virginia Tech server. So linuxaudio.org got a new home after 15 years at Virginia Tech². We're very, very thankful that we could host linuxaudio.org on their servers and we can't stress enough how grateful we are for all the work that has been done on the side of Virginia Tech after the hack. linuxaudio.org now lives at Fuga³, a fully open source OpenStack⁴ cloud based in The Netherlands. Fuga is part of Cyso⁵, the company I work for. The linuxaudio.org ecosystem now consists of three separate servers, a web server, a mail server and a storage server. We rebuilt everything with portability and scalability in mind with a strong focus on security. You can never prevent passwords or SSH keys getting into the hands of hackers but we'll try to keep the servers as up to date as we can to narrow down the attack surface as much as possible. A big thank you to all those who helped out! It was quite a ride but it seems as if most part of the linuxaudio.org ecosystem is accessible again. If you find any web pages, downloads or other bits and parts that don't work properly then please let us know so we can take a look at it. Many thanks in advance and also many thanks for bearing with us! Best, Jeremy Jongepier root at linuxaudio.org ¹ https://dirtycow.ninja/ ² https://icat.vt.edu/ ³ https://fuga.cloud/ ⁴ https://www.openstack.org/ ⁴ https://cyso.com/en/ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: OpenPGP digital signature URL: