We just enabled all mail services for linuxaudio.org
again. All mailing
lists are working again and mail can be sent and received for the
A short recap of what happened is that linuxaudio.org
got compromised on
January 29th, probably with a compromised private SSH key or password
from an account with shell access. The attacker checked the kernel, saw
that it was vulnerable to Dirty COW¹, pulled in an exploit and got root.
This was quickly discovered by the IT department of Virginia Tech
University that disconnected the server from the internet and started a
forensic investigation procedure. As part of their IT security policy
the server had to be reinstalled and everything had to be set up from
scratch again. In the meanwhile I built an alternative setup and after
some discussion we agreed on moving linuxaudio.org
away from the
Virginia Tech server.
got a new home after 15 years at Virginia Tech². We're
very, very thankful that we could host linuxaudio.org
on their servers
and we can't stress enough how grateful we are for all the work that has
been done on the side of Virginia Tech after the hack.
now lives at Fuga³, a fully open source OpenStack⁴ cloud
based in The Netherlands. Fuga is part of Cyso⁵, the company I work for.
ecosystem now consists of three separate servers, a
web server, a mail server and a storage server. We rebuilt everything
with portability and scalability in mind with a strong focus on
security. You can never prevent passwords or SSH keys getting into the
hands of hackers but we'll try to keep the servers as up to date as we
can to narrow down the attack surface as much as possible.
A big thank you to all those who helped out! It was quite a ride but it
seems as if most part of the linuxaudio.org
ecosystem is accessible
again. If you find any web pages, downloads or other bits and parts that
don't work properly then please let us know so we can take a look at it.
Many thanks in advance and also many thanks for bearing with us!