:: [dyne:bolic] on-line attack diverte…
Forside
Slet denne besked
Besvar denne besked
Skribent: jaromil
Dato:  
Til: hackers, dynebolic, brico, freej, muse, netsukuku
Emne: [dyne:bolic] on-line attack diverted

re all,

somehow yesterday we have found out that one of our servers was hit by
a Storm Botnet[1]: it was probably an attempt to use it as a master
for several hundreds zombie bots, mostly located in Asia.

This "storm" lasted very short, as we noticed it on time and reacted
fast, many thanks to the freaknet brothers who were ready to contain
the damages, in particular nightolo (our CSO) and pallotron (our CTO)
and asbesto (our GAY).

We had no data-loss: all our contents are backupped and the attackers
were not interested in our data as much as in our bandwidth,
nevertheless our venerable web and mailinglist frontend server
quico.dyne.org (named so in memory of Francesc Sabaté Llopart) has
been compromised: a rookit was injected at kernel level, after a
break-in using a PHP5 vulnerability, probably of the WordPress CMS.

So despite this was quite a big storm (our NOC called DEFCON 1) our
services were restored in less than a day and we are back to normal
now, with some extra security measures that we've learned from this
experience.

This mail is also to inform you that, because of a somehow poor setup
in the backup of mailman (missing config.pck ?!) we might have lost
some un/subscriptions to this and other dyne.org mailinglists, namely
those between november 2007 and november 2008. We apologize for the
inconvenient and kindly ask all the mailinglist subscribers to please
be kind and tolerate this discrepancy.

In case you have been re-subscribed to our mailinglists by error,
please use the unsubscribe links on http://lists.dyne.org and do not
hesitate to contact us would any problem occur.

thanks for your understanding and support,
ciao


[1] http://en.wikipedia.org/wiki/Storm_botnet


- --

jaromil, dyne.org developer, http://jaromil.dyne.org

GPG: 779F E8B5 47C7 3A89 4112 64D0 7B64 3184 B534 0B5E