03-01-2012, 05:21 PM
|
|
Junior Guru Wannabe
|
|
Join Date: Jan 2010
Posts: 49
|
|
Linode Management console compromised
Hi Guys,
A very well respected service in the Bitcoin community was hacked today. Lots of money stolen. It appears to be an issue with the Linode management console. This puts all VPS's at risk
Please see:
http://pastebin.com/UW7iT5fj (Title: Linode hack)
https://bitcointalk.org/index.php?topic=66916 (The forum post)
About 25,000 coins were stolen (at current rate thats ~$120k in losses)
|
03-01-2012, 05:22 PM
|
|
Junior Guru Wannabe
|
|
Join Date: Jan 2010
Posts: 49
|
|
PLEASE: check your systems for reboots / changed root passwords ASAP!
|
03-01-2012, 05:25 PM
|
|
Warp Speed!
|
|
Join Date: Feb 2008
Location: Houston, Texas, USA
Posts: 2,771
|
|
I'm curious to know what this means exactly:
Quote:
|
Our investigation has revealed a customer support interface was used to access your account. The compromised credentials have been restricted and we are discussing policy changes to prevent this from recurring.
|
Regards
|
03-01-2012, 05:41 PM
|
|
Newbie
|
|
Join Date: Sep 2009
Posts: 28
|
|
Linode Super Admin Account Hacked!
Today, two Bitcoin related websites (Slush Mining, the 3rd/2nd largest pool, and the Bitcoin Faucet) were hacked. Both of these servers were on Linode.
Unlike most stories though, this one revealed a huge security breech on Linode's side rather than the site owners. A customer/technical support admin account was compromised, and the attacker was then able to modify passwords on customer accounts, giving them complete access to any system that was under Linode's control.
At least 3,000 Bitcoins were stolen in the attack, meaning $12,000 of actual theft took place as a result of the attack, and unknown amounts of data was compromised across Linode servers. The recipient's Bitcoin address had more than that, but whether or not these were all obtained from the attack is unknown.
A copy of the email correspondence with Linode support was posted by the owner of the Slush Bitcion Mining pool on the bitcoin official forums:
http://pastebin.com/UW7iT5fj
|
03-01-2012, 05:50 PM
|
|
Junior Guru
|
|
Join Date: Dec 2009
Location: United Kingdom
Posts: 203
|
|
My linode dosen't seem to have been compromised,
__________________
▓▓▓▓ NerdyVPS - You Will Be Assimilated
▓▓▓▓ PiePanel
|
03-01-2012, 06:54 PM
|
|
Junior Guru Wannabe
|
|
Join Date: Jan 2010
Posts: 49
|
|
|
03-01-2012, 07:16 PM
|
|
Premium Member
|
|
Join Date: Jun 2011
Location: Aberdeen
Posts: 2,130
|
|
It's lucky Xen systems aren't as easy to access as OpenVZ. Everyone with password authentication should log in and disable it while Linode carry out their investigation.
|
03-01-2012, 07:20 PM
|
|
Junior Guru Wannabe
|
|
Join Date: Feb 2012
Location: USA
Posts: 33
|
|
Wow, we were going to setup VPS using OpenVZ but after this story I think we will stick with Xen. Our purchase for VPS is on hold until this is taken care of. Thank you for the update sellmestuff.
|
03-01-2012, 07:22 PM
|
|
Premium Member
|
|
Join Date: Jun 2011
Location: Aberdeen
Posts: 2,130
|
|
Quote:
Originally Posted by Virtual Rack Host
Wow, we were going to setup VPS using OpenVZ but after this story I think we will stick with Xen. Our purchase for VPS is on hold until this is taken care of. Thank you for the update sellmestuff.
|
OpenVZ will only be less secure if the intruder managed to gain access to Linode's nodes. (vzctl enter or /vz/private). Of course when it comes to vulnerable data... you can't assume the intruder didn't get access until after an investigation.
|
03-01-2012, 07:29 PM
|
|
Junior Guru Wannabe
|
|
Join Date: Feb 2012
Location: USA
Posts: 33
|
|
Thanks Flapadar. When would be a good time to grab the VPS using Xen?
|
03-01-2012, 07:32 PM
|
|
Premium Member
|
|
Join Date: Jun 2011
Location: Aberdeen
Posts: 2,130
|
|
Quote:
Originally Posted by Virtual Rack Host
Thanks Flapadar. When would be a good time to grab the VPS using Xen?
|
Now that they're aware of the hack, it's probably safe. It will be remnants from the hack that will cause problems (Customers with changed root pw etc) If you were planning a Xen VPS from Linode, I'd personally get it now and just spend a little extra time securing it (SSH keys, disable password login, perhaps even block SSH from any IPs that aren't in your ISP's range)
|
03-01-2012, 07:38 PM
|
|
Junior Guru Wannabe
|
|
Join Date: Jan 2010
Posts: 49
|
|
Quote:
Originally Posted by Flapadar
Now that they're aware of the hack, it's probably safe. It will be remnants from the hack that will cause problems (Customers with changed root pw etc) If you were planning a Xen VPS from Linode, I'd personally get it now and just spend a little extra time securing it (SSH keys, disable password login, perhaps even block SSH from any IPs that aren't in your ISP's range)
|
Didn't you read the post at all?
If the management console was seized, it'd be just as easy to reboot your server into single user mode and do whatever you want. Regardless of SSH keys or anything.
|
03-01-2012, 07:39 PM
|
|
Junior Guru Wannabe
|
|
Join Date: Jan 2010
Posts: 49
|
|
It has nothing to do with OpenVZ or Xen.. It's Linode's management console which allows access to the server from the panel. jeez guys, come on. At least read before you post.
|
03-01-2012, 08:48 PM
|
|
Web Hosting Master
|
|
Join Date: Dec 2001
Location: MO
Posts: 629
|
|
Quote:
Originally Posted by Flapadar
It's lucky Xen systems aren't as easy to access as OpenVZ. Everyone with password authentication should log in and disable it while Linode carry out their investigation.
|
Read before you post, cowboy.
|
03-01-2012, 11:06 PM
|
|
Junior Guru Wannabe
|
|
Join Date: Jan 2010
Posts: 49
|
|
|
| Thread Tools |
Search this Thread |
|
|
|
| Display Modes |
 Linear Mode
|
| Postbit Selector |
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
|
|
|
| Login: |
|
|
| Advertisement: |
|
|
| Web Hosting News: |
|
|
|
