http://localhost:8080/trac/ticket/476 <p> An account on kiwi was compromised via a brute force attack against VSFTP and the account was then used to attack other servers. </p> <p> More detail has been sent to the ttech list, this ticket has been created to record the time myself and Alan have spent on this. </p> en-us /trac/chrome/site/TransitionNetwork-Logo-Web-Small.jpg http://localhost:8080/trac/ticket/476 Trac 0.12.5 chris Thu, 24 Jan 2013 13:07:42 GMT http://localhost:8080/trac/ticket/476#comment:1 http://localhost:8080/trac/ticket/476#comment:1 <ul> <li><strong>hours</strong> changed from <em>0.0</em> to <em>4.0</em> </li> <li><strong>totalhours</strong> changed from <em>0.0</em> to <em>4.0</em> </li> </ul> Ticket chris Thu, 24 Jan 2013 13:18:30 GMT http://localhost:8080/trac/ticket/476#comment:2 http://localhost:8080/trac/ticket/476#comment:2 <ul> <li><strong>cc</strong> <em>ed</em> added; <em>ed.</em> removed </li> </ul> <p> Oops, Cc list corrected, <tt>ed.</tt> changed to <tt>ed</tt>. </p> Ticket chris Thu, 24 Jan 2013 13:50:54 GMT http://localhost:8080/trac/ticket/476#comment:3 http://localhost:8080/trac/ticket/476#comment:3 <ul> <li><strong>hours</strong> changed from <em>0.0</em> to <em>1.0</em> </li> <li><strong>totalhours</strong> changed from <em>4.0</em> to <em>5.0</em> </li> </ul> <p> We have decrypted the password on the compromised account now. </p> <p> I have also changed the servers SSH key -- it's used for backups, there is no evidence that access has been gained to the backup server. </p> Ticket chris Tue, 29 Jan 2013 15:11:55 GMT http://localhost:8080/trac/ticket/476#comment:4 http://localhost:8080/trac/ticket/476#comment:4 <ul> <li><strong>status</strong> changed from <em>new</em> to <em>closed</em> </li> <li><strong>resolution</strong> set to <em>fixed</em> </li> <li><strong>description</strong> modified (<a href="/trac/ticket/476?action=diff&amp;version=4">diff</a>) </li> </ul> <p> The server has now been switched off. </p> Ticket