Novell OpenSUSE Server Hacked 329
abelikoff writes "Both LinuxWorld Australia and SuSE Linux Forums report that OpenSUSE website got hacked last night." This story was submitted quite a number of times.
Happiness is twin floppies.
ssh scan (Score:5, Informative)
I see these attacks all the time on all Internet facing servers.
different hacks, different times (Score:5, Informative)
Steven
OpenSUSE website Hacked? No. (Score:5, Informative)
From TFA:
"The employees that set it up apparently had no idea of security," Brandon said. "But what is really surprising is that Novell would allow employees to set up game servers on their corporate network and then allow the public to access it."
"There was no major breach of security here," Barney said. "Needless to say, we are taking the appropriate steps" to address the situation.
Re:Neat (Score:1, Informative)
rc28 27377 7202 0 12:44 pts/0 00:00:00 grep ncsd
rc28@linux:~>
wtf are you talking about?
From: yourfriendly neighborhood Suse 9.3 user
They have a website (Score:3, Informative)
Re:Don't blame LINUX (Score:3, Informative)
Only those Iranians and the SUSE people know
Blog of the hacker (Score:2, Informative)
He is a movie fan and was just accepted to a university.
Some bits of information can be found here:3 90/ [zone-h.org]
http://www.zone-h.org/en/defacements/view/id=2917
Besides the OpenSuSE website they also hacked into wiki.novell.com and forge.novell.com.
Too bad that the Iranian hackers used OpenSuSE for their political stuff. It seems a bit misplaced, what does a linux distribution has to do with the question whether Iran should have nuclear stuff or not?
Re:ssh scan (Score:2, Informative)
1: change default ssh port
2: disallow direct root logins via ssh
Those 2 simple principles prevent many things.
The SSH root password was god (Score:2, Informative)
Alot of people are reluctant to use a firewall, even though you can easily do it with SuSE and YaST2.
I have the pay version of SuSE9.3 Pro, which is well worth the $99 price tag.
I mostly run fedora core boxes though, and this is a really good alternative to other iptables interfaces.
http://www.webhostgear.com/60.html [webhostgear.com]
http://www.webhostgear.com/61.html [webhostgear.com]
Get yourself those, make sure non of your dir's are 777, have strong 20+ char long passwords, don't RPM fetch from shady repositories, and you're on your way!
Comment removed (Score:5, Informative)
Re:OpenSUSE website Hacked? No. (Score:4, Informative)
Re:Lol thanks, that explains a lot of log entries (Score:1, Informative)
of course. btw, care to share whatever wonderful method you have for keeping the same trusted (static) IP for a laptop no matter what location it's plugged into the net from? And it goes without saying that no real men would ever use an ISP that does DHCP or, God forbid, NAT.
methinks you should get out into the world more often.
P.S. Here's a free hint: if you do need to block automated scans (and are too lazy to implement some active blocking) yet still have to allow for flexible use, a far better solution is to move ssh to a different port.
Re:echo "PermitRootLogin no" /etc/ssh/sshd_config (Score:2, Informative)
Re:ssh scan (Score:5, Informative)
In the case of three admins, you would end up with three accounts that could be exploited, rather increasing if anything the risk of direct ssh exploits.
Once the bad guy is in, he has all the local exploit possibilities to gain root, so your already in trouble if they get in.
So as long as you do ssh with passwords, disalowing root-login dosent really buy you any security, but it hassels the admins each and every day.
On the other hand, prefered method would be to login with keys and disallow passwords completely whenever possible.
Re:ssh scan (Score:5, Informative)
One could try to use a non-root user to bruteforce their way into my system, but they'll either get one (probably created by an application) with
Re:ssh scan (Score:5, Informative)
You must not have much experience with sudo. One of the benefits of it is that it allows you to give root permission to people for specific tasks that they would need that access level for. While there are certainly a lot of people who set their sudoers file to "allow all" for everyone, if sudo is properly implemented no one should be able to do anything they don't NEED to do as root. Sudo also has the benefit of keeping track of what users used it to do what tasks, making it easier to trace the path an attack came from.
Gogo0 also mentioned an added benefit to this scheme so I'm not going to repeat it here.
How secure by default? (Score:4, Informative)
It's a reasonable question to ask.
Yes, fundamentally it's true that configuration management has a significant effect on security. To be precise, this is not a flaw, but a characteristic. A site which is in full control of system configuration will have formal security advantages over one which isn't, and this is universally true regardless of platform.
However, the story is told from a much different perspective when it comes to evaluating the security of a given platform. Configuration remains a major factor in security, but it has to be weighed in light of platform capability. So, for example, a very simple network appliance with a very small configuration space has the prospect of being very secure. An ideal appliance cannot be configured insecurely. In practice, that may or not be the case, depending as always on design tradeoffs and correctness of implementation.
Apart from pure appliances, all computing platforms must, for reasons of generality, offer configuration possibilities that put some security tradeoffs in the hands of site administrators. Such is the case for both Linux and Windows, so indeed poor administration can always result in poor security on a sufficiently general platform.
The practical focus, therefore, has turned to how securely these platforms are configured by default. Interestingly, even though Windows is marketed for nonexpert use, it has a long tradition of being configured insecure by default, exactly the opposite of what would be appropriate for a nonexpert market. It also, in my opinion, embodies a lot of fundamentally insecure design tradeoffs, neglecting principles such as modularity, containment, and least privilege, for example. These are extremely deep design problems, not easily fixed.
Linux and Unix, although designed by developers for developers, and therefore intended for expert use, have a record of delivering much better security by default. I can think of lots of particular exceptions, but they have tended to be minor design tradeoffs that could be, and were, easily corrected. Security incident statistics seem to reinforce these observations very strongly.
In my line of work, I get to see what goes on behind the scenes at a lot of sites. It's not often that I come upon a site which is not suffering to some significant degree from a chronic neglect of configuration management. All discussion of platform characteristics aside, this is a real problem on the ground for security.
The issue, in terms of value for effort, then becomes to identify which of these sites is (a) at most immediate risk, and (b) has the best potential of improvement. In the former case, I find that the answer is Windows, and in the latter, it's Linux.
Re:ssh scan (Score:3, Informative)
The two biggies are greater control over what can and can't be executed with root privileges and an audit trail.