[tsc-devel] Server outage
Quintus |
Sun, 14 Jun 2015 09:09:58 UTC
Hi everyone,
today night between midnight and 08:00 UTC the alexandria server has
been subject of both an SSH breakin attack and a massive spam attack on
the wiki. It completely crashed shortly before 08:00 UTC. We solely use
SSH publickey authentication, thus it was (near to) impossible to
bruteforce the authentication mechanism. No unauthorised access thus
happened.
As of 09:00 UTC I got a chance to boot up the server again via the
hoster’s control panel and reinstituted its services.
For the wiki, I was unable to even reach the wiki page after I started
it. It simply didn’t load anymore. Inspecting the directory, I see 6299
pages listed for it, which I doubt are legitimate pages. I disabled the
wiki for now. This is the peak of problems that arised from the moinmoin
wiki software, which might be related to moinmoin itself or to the old
version Debian oldstable ships; before ditching it entirely, I’d at
least consider that possibility. Debian is known to not keep
non-mainstream software up-to-date from a security point of view.
The forum was entirely unaffected. It is up again, and it was only down
due to the high load on the server (load average > 30). There’s not a single
spam post on the forum as far as I can see.
For those of you with SSH access, I have switched sshd to port 753 now,
which should silence a number of the bruteforce login attempts.
sydney, I’d appreciate it if you could PM me on IRC.
Valete,
Quintus
--
Blog: http://www.quintilianus.eu
I will reject HTML emails. | Ich akzeptiere keine HTML-Nachrichten.
|
Use GnuPG for mail encryption: | GnuPG für Mail-Verschlüsselung:
https://www.gnupg.org | https://de.wikipedia.org/wiki/GnuPG
My key fingerprint: | Mein Schlüsselabdruck:
B1FE 958E D5E8 468E AA20 | B1FE 958E D5E8 468E AA20
8F4B F1D8 799F BCC8 BC4F | 8F4B F1D8 799F BCC8 BC4F