Ticket #476 (closed maintenance: fixed)

Opened 4 years ago

Last modified 4 years ago

Kiwi VSFTP compromise

Reported by: chris Owned by: chris
Priority: critical Milestone:
Component: Dev server Keywords:
Cc: laura, ed, jim Estimated Number of Hours: 0.0
Add Hours to Ticket: 0 Billable?: yes
Total Hours: 5.0

Description (last modified by chris) (diff)

An account on kiwi was compromised via a brute force attack against VSFTP and the account was then used to attack other servers.

More detail has been sent to the ttech list, this ticket has been created to record the time myself and Alan have spent on this.

Change History

comment:1 Changed 4 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 4.0
  • Total Hours changed from 0.0 to 4.0

comment:2 Changed 4 years ago by chris

  • Cc ed added; ed. removed

Oops, Cc list corrected, ed. changed to ed.

comment:3 Changed 4 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 1.0
  • Total Hours changed from 4.0 to 5.0

We have decrypted the password on the compromised account now.

I have also changed the servers SSH key -- it's used for backups, there is no evidence that access has been gained to the backup server.

comment:4 Changed 4 years ago by chris

  • Status changed from new to closed
  • Resolution set to fixed
  • Description modified (diff)

The server has now been switched off.

Note: See TracTickets for help on using tickets.