Ubuntu unplugs compromised servers
Five out of eight systems riddled with bugs
Ubuntu had to shut down five of its eight production servers last week after realising the poorly maintained systems were compromised to such an extent they had become a source of attacks against other systems.
The servers were sponsored by Canonical but hosted by the community. The systems were running an old unsupported version of Ubuntu, a factor that goes some way to explaining why they were so insecure.
Problems included missing security patches, the use of FTP (rather than a secure protocol) to access the machines, and no recent upgrades due to problems with the network cards and later kernels. Kernel upgrades were omitted because of poor backwards compatibility with the hardware Canonical supplied.
It's unclear whether or not files hosted on the servers were altered by hackers. A post-mortem by Canonical found that hacking into the systems would have been easy for any moderately skilled hacker.
"An attacker could have gotten a shell through almost any of these sites," writes James Troup, leader of the Canonical sysadmin team.
Ubuntu community members have been given the choice of either migrating the servers to Canonical's data centre or to stay on hosted servers. More on the incident can be found in Ubuntu's newsletter here. ®
Sponsored: The Nuts and Bolts of Ransomware in 2016