VA Linux acknowledges hack

Linux company spills the beans on how its servers -- hosting the SourceForge development site -- were hacked
Written by ZDNet Staff, Contributor

Server seller VA Linux Systems acknowledged on Tuesday that an Internet intruder breached the security surrounding its open-source development site, SourceForge.net.

The site's "shell server" was compromised on 22 May after a SourceForge employee logged on to an outside Internet service provider that had already been taken over by the intruder, said Pat McGovern, site director of SourceForge.net. When the staff member logged on to SourceForge remotely, the intruder captured the password.

"What happened was the (ISP) was compromised and had not known it," McGovern said, adding that the site's administrator quickly noticed the intruder and shut systems down. "Basically we had to go through and rebuild the machine, and then we checked the log file of everyone who used the machine."

Using the log file, the site's administrator sent an e-mail to warn developers who had recently signed on to the site that their accounts may have been compromised. Similar to what was done on the ISP's system, the intruder who took control of the SourceForge server may have been able to essentially "watch" as people logged on.

The e-mail warned the developers that they should change their passwords because their accounts may have been compromised.

SourceForge is a network of sites that hosts more than 21,000 open-source development projects, giving developers the tools necessary to update different versions of the code and allowing people to easily search the database of projects.

After the attack, VA removed the shell service until workers could reinstall the software and data on the server. The shell server allowed SourceForge members to type commands into the system remotely. On Thursday, the company posted an alert that the shell server couldn't be used because of an "unscheduled maintenance event."

"In this case, they only got into a shell server," McGovern said.

The company also decided to shut down its "compile farm," a collection of computers running different operating systems on which SourceForge developers can test their software.

Unlike the intrusion into Microsoft's servers last year, in this case few developers were worried about the vandals stealing their software. The projects hosted by the site are open source, so "stealing" the code makes little difference.

Although illicit modifications to the programming projects are a concern, McGovern said the intruder didn't get that far.

This week is apparently a bad one for open-source-related sites. On Tuesday, download site Tucows.com -- which has large archives of open-source programs -- disappeared from the Net for a few hours.

The site is back up. Ross Rader, director of research for Tucows, could not provide more details about the outage.

Is your PC safe? Find out in ZDNet UK's Viruses and Hacking News Section.

Have your say instantly, and see what others have said. Click on the TalkBack button and go to the Security forum.

Let the editors know what you think in the Mailroom. And read other letters.

Editorial standards