Page 1 of 3 123 LastLast
Results 1 to 15 of 38
  1. #1
    Join Date
    Mar 2008
    Location
    /usr/bin/kvm
    Posts
    239

    * Hetzner Got Hacked

    Dear Client

    At the end of last week, Hetzner technicians discovered a "backdoor" in one
    of our internal monitoring systems (Nagios).

    An investigation was launched immediately and showed that the administration
    interface for dedicated root servers (Robot) had also been affected. Current
    findings would suggest that fragments of our client database had been copied
    externally.

    As a result, we currently have to consider the client data stored in our Robot
    as compromised.

    To our knowledge, the malicious program that we have discovered is as yet
    unknown and has never appeared before.

    The malicious code used in the "backdoor" exclusively infects the RAM. First
    analysis suggests that the malicious code directly infiltrates running Apache
    and sshd processes. Here, the infection neither modifies the binaries of the
    service which has been compromised, nor does it restart the service which has
    been affected.

    The standard techniques used for analysis such as the examination of checksum
    or tools such as "rkhunter" are therefore not able to track down the malicious
    code.

    We have commissioned an external security company with a detailed analysis of
    the incident to support our in-house administrators. At this stage, analysis
    of the incident has not yet been completed.

    The access passwords for your Robot client account are stored in our database
    as Hash (SHA256) with salt. As a precaution, we recommend that you change your
    client passwords in the Robot.

    With credit cards, only the last three digits of the card number, the card type
    and the expiry date are saved in our systems. All other card data is saved
    solely by our payment service provider and referenced via a pseudo card number.
    Therefore, as far as we are aware, credit card data has not been compromised.

    Hetzner technicians are permanently working on localising and preventing possible
    security vulnerabilities as well as ensuring that our systems and infrastructure
    are kept as safe as possible. Data security is a very high priority for us. To
    expedite clarification further, we have reported this incident to the data
    security authority concerned.

    Furthermore, we are in contact with the Federal Criminal Police Office (BKA) in
    regard to this incident.

    Naturally, we shall inform you of new developments immediately.

    We very much regret this incident and thank you for your understanding and
    trust in us.

    A special FAQs page has been set up at
    http://wiki.hetzner.de/index.php/Security_Issue/en to assist you with further
    enquiries.

    Kind regards

    Martin Hetzner
    - Founder of Backupsy, VPSDime, Winity

  2. #2
    Join Date
    Aug 2007
    Location
    Belgium
    Posts
    3,910
    Let's hope they can find a solution soon. It's not Hetzner that's hacked, it's an issue with Nagios
    InstantDedicated.com - Unmanaged Dedicated Servers with Instant Activation [EU and USA]
    ServerBoost.com - Managed Dedicated Servers with 24x7 On-Site Support [100% Uptime Guarantee]
    ≈ Locations: (The Netherlands) - Tier 3 [Dataplace] | (Miami) - Tier 3 - Pay via: Bitcoin, Paypal, Credit Card, Sofort Banking, Bancontact, Webmoney, iDEAL

  3. #3
    Join Date
    Nov 2011
    Location
    Calgary, Alberta, Canada
    Posts
    672
    Thank god I didn't go with them. Considering they needed government issued identification to verify I am who I am and now that information could've been in the hands of some hacker...
    Little Apps
    Open Source Software

  4. #4
    Join Date
    Mar 2009
    Posts
    389
    And now the entire hetzner network is down!
    EDIT : Back up now, was down for a minute.

  5. #5
    Join Date
    Jan 2011
    Location
    Varna, Bulgaria
    Posts
    1,267
    Again? When / what was the previous one?

  6. #6
    Join Date
    Mar 2008
    Location
    /usr/bin/kvm
    Posts
    239
    Quote Originally Posted by 24x7group View Post
    Let's hope they can find a solution soon. It's not Hetzner that's hacked, it's an issue with Nagios
    Yes, Nagios got hacked, not Hetzner. All user info is safe.
    - Founder of Backupsy, VPSDime, Winity

  7. #7
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,249
    The malicious code used in the "backdoor" exclusively infects the RAM. First
    analysis suggests that the malicious code directly infiltrates running Apache
    and sshd processes. Here, the infection neither modifies the binaries of the
    service which has been compromised, nor does it restart the service which has
    been affected.
    This is a fairly poor explanation.
    Steven Ciaburri | Proactive Linux Server Management - Rack911.com
    System Administration Extraordinaire | Follow us on twitter:@Rack911Labs
    Managed Servers (AS62710), Server Management, and Security Auditing.
    www.HostingSecList.com - Security notices for the hosting community.

  8. #8
    Join Date
    Aug 2011
    Location
    Denmark
    Posts
    108
    Honestly, I do not find the content of the above message alarming as such. Simply update your password and you should be fine.

    However if you had them access any of your server(s) in recent times, I would check those servers as well just in case.
    The malicious code used in the "backdoor" exclusively infects the RAM. First
    analysis suggests that the malicious code directly infiltrates running Apache
    and sshd processes. Here, the infection neither modifies the binaries of the
    service which has been compromised, nor does it restart the service which has
    been affected.
    Just my 0.02 - I would love to hear what others have to say though.
    "Learn from yesterday, live for today, hope for tomorrow. The important thing is not to stop questioning." - Albert Einstein

  9. #9
    Ouch. But they atleast don't try to cover it up and most releavant details was given before they get asked about. Some people should take this as example when things go wrong...

  10. #10
    Join Date
    Mar 2009
    Posts
    389
    Quote Originally Posted by rds100 View Post
    Again? When / what was the previous one?
    Last year..

  11. #11
    Join Date
    Aug 2011
    Location
    Denmark
    Posts
    108
    Quote Originally Posted by softshop011 View Post
    Last year..
    Link to this? I am curious and would like to know more.
    "Learn from yesterday, live for today, hope for tomorrow. The important thing is not to stop questioning." - Albert Einstein

  12. #12
    Join Date
    Aug 2011
    Location
    Denmark
    Posts
    108
    "Learn from yesterday, live for today, hope for tomorrow. The important thing is not to stop questioning." - Albert Einstein

  13. #13
    Join Date
    Mar 2009
    Posts
    389
    Quote Originally Posted by MrEliasen View Post
    Link to this? I am curious and would like to know more.
    Looking for the link, thorough analysis of the compromise was posted by German IT specialist.

    Tobias Huch wrote about the compromise/data breach :
    http://www.golem.de/1110/86916.html
    http://www.netzwelt.de/news/88855-in...r-hetzner.html

    There's also a thread on WHT
    http://www.webhostingtalk.com/showthread.php?t=1088324
    Last edited by softshop011; 06-06-2013 at 01:22 PM.

  14. #14
    Join Date
    Aug 2011
    Location
    Denmark
    Posts
    108
    Quote Originally Posted by softshop011 View Post
    Looking for the link, thorough analysis of the compromise was posted by German IT specialist.

    Tobias Huch wrote about the compromise/data breach :
    http://www.golem.de/1110/86916.html
    http://www.netzwelt.de/news/88855-in...r-hetzner.html

    There's also a thread on WHT
    http://www.webhostingtalk.com/showthread.php?t=1088324
    Appreciated, thanks!
    "Learn from yesterday, live for today, hope for tomorrow. The important thing is not to stop questioning." - Albert Einstein

  15. #15
    Quote Originally Posted by softshop011 View Post
    And now the entire hetzner network is down!
    EDIT : Back up now, was down for a minute.
    Yes, even I noticed the same.

Page 1 of 3 123 LastLast

Similar Threads

  1. Staminus /Hetzner /Webtropia Reviews (Bad) Except hetzner
    By gmakhs in forum Dedicated Server
    Replies: 13
    Last Post: 12-03-2012, 02:18 PM
  2. Hacked? We Guarantee Your Website Will Not Be Hacked or Defaced!
    By UNIXy in forum Hosting & Network Security
    Replies: 1
    Last Post: 05-28-2012, 03:09 PM
  3. hetzner review , hetzner company or hetzner swindler
    By fun_9990 in forum Dedicated Server
    Replies: 65
    Last Post: 03-03-2012, 01:11 AM
  4. Hetzner robot apparently hacked
    By wartungsfenster in forum Providers and Network Outages and Updates
    Replies: 1
    Last Post: 10-06-2011, 12:53 PM
  5. Can my blog be hacked on shared hosting if my neighbour is hacked?
    By zobe in forum Hosting Security and Technology
    Replies: 17
    Last Post: 03-10-2011, 04:09 AM

Related Posts from theWHIR.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •