Hackers force Debian Linux sites offline

Hackers force Debian Linux sites offline

Summary: The Debian Linux group had to pull servers offline after a recent hack attack, it has admitted

SHARE:
TOPICS: Security
2

Several servers belonging to the Debian Project, maintainers of the Debian Linux distribution, were compromised and subsequently pulled offline last week.

The compromise was revealed in a posting to the debian-announce mailing list, with tech news blog Slashdot.org picking it up shortly afterwards.

"This is a very unfortunate incident to report about. Some Debian servers were found to have been compromised in the last 24 hours," the posting read.

Attackers compromised four servers, including those responsible for maintaining the project's bug tracking system, mailing lists, Web, Common Versioning System (CVS), security downloads and others.

"Some of these services are currently not available as the machines undergo close inspection. Some services have been moved to other machines (www.debian.org for example)," the statement added.

The servers appear to have been brought back online at the time of writing.

Debian had been due to release a new point release of Debian GNU/Linux, which had already been distributed to "mirror" sites for download. The updated software was not compromised in the breach.

"This update has now been checked and it is not affected by the compromise," the group's statement read.

Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

2 comments
Log in or register to join the discussion
  • CVS is Concurrent Versioning System not Common Versioning System.
    anonymous
  • The first line is a bit misleading - Debian was not forced to admit, the Debian project announced the intrusion (within 24 hours)
    anonymous