Форум успешных вебмастеров - GoFuckBiz.com

  Форум успешных вебмастеров - GoFuckBiz.com > Бизнес-решения > Хостинг и железо
Хостинг и железо Обсуждаем вопросы хостинга и железа

Закрытая тема
Опции темы Опции просмотра
Старый 06.06.2013, 21:11   #1
Регистрация: 03.09.2007
Сообщений: 131
Бабло: $33254
По умолчанию Hetzner поломали.

пришло письмо:
"Dear Client

At the end of last week, Hetzner technicians discovered a "backdoor" in one
of our internal monitoring systems (Nagios).

An investigation was launched immediately and showed that the administration
interface for dedicated root servers (Robot) had also been affected. Current
findings would suggest that fragments of our client database had been copied

As a result, we currently have to consider the client data stored in our Robot
as compromised.

To our knowledge, the malicious program that we have discovered is as yet
unknown and has never appeared before.

The malicious code used in the "backdoor" exclusively infects the RAM. First
analysis suggests that the malicious code directly infiltrates running Apache
and sshd processes. Here, the infection neither modifies the binaries of the
service which has been compromised, nor does it restart the service which has
been affected.

The standard techniques used for analysis such as the examination of checksum
or tools such as "rkhunter" are therefore not able to track down the malicious

We have commissioned an external security company with a detailed analysis of
the incident to support our in-house administrators. At this stage, analysis
of the incident has not yet been completed.

The access passwords for your Robot client account are stored in our database
as Hash (SHA256) with salt. As a precaution, we recommend that you change your
client passwords in the Robot.

With credit cards, only the last three digits of the card number, the card type
and the expiry date are saved in our systems. All other card data is saved
solely by our payment service provider and referenced via a pseudo card number.
Therefore, as far as we are aware, credit card data has not been compromised.

Hetzner technicians are permanently working on localising and preventing possible
security vulnerabilities as well as ensuring that our systems and infrastructure
are kept as safe as possible. Data security is a very high priority for us. To
expedite clarification further, we have reported this incident to the data
security authority concerned.

Furthermore, we are in contact with the Federal Criminal Police Office (BKA) in
regard to this incident.

Naturally, we shall inform you of new developments immediately.

We very much regret this incident and thank you for your understanding and
trust in us."
buhhu вне форума  
Старый 06.06.2013, 22:06   #2
Senior Member
Аватар для t1esto
Регистрация: 13.08.2007
Сообщений: 553
Бабло: $144989
По умолчанию

тоже пришло. слили их базу с главной панели ((
t1esto вне форума  
Старый 06.06.2013, 22:39   #3
Senior Member
Регистрация: 31.03.2011
Сообщений: 2,927
Бабло: $611915
По умолчанию

я палкой платил. А насчет пасса, так 10 символов с солью не сильно сбрутишь
Strikelol вне форума  
Старый 07.06.2013, 01:03   #5
Регистрация: 27.11.2012
Сообщений: 223
Бабло: $43064
По умолчанию

Сообщение от mirikas
жаль клиентов но хетзнер пидарасы дох-я серваков перелокали))
Поменял все пасы на всяк случай
tmp вне форума  
Старый 07.06.2013, 10:12   #6
Сеньйор Помидор
Аватар для qvent
Регистрация: 28.08.2007
Сообщений: 1,695
Бабло: $364905
Отправить сообщение для qvent с помощью ICQ
По умолчанию

Я так понял что доступ тока к роботу получили, к серверам нет?
qvent на форуме  
Старый 08.06.2013, 14:17   #7
Senior Member
Регистрация: 06.05.2013
Сообщений: 486
Бабло: $84575
По умолчанию

а разве они скажут... тоже пришло письмецо
Somat вне форума  
Старый 08.06.2013, 14:39   #8
Senior Member
Аватар для NTллигент
Регистрация: 23.04.2007
Адрес: Leopolis
Сообщений: 363
Бабло: $71360
По умолчанию

Тоже самое, пароли на робота сменил
EchoUA: Outsource PHP Development. Offshore PHP Development from Ukraine
NTллигент вне форума