correct. Something which wasn't mentioned in this message is that our
account was the one that unpacked the DirtyCOW exploit, so it is
likely that the old server has been compromised too.

We have stopped syncing to , and we should really stop
pointing to their mirror, because it's not kept up to date. (I have
been meaning to look at it, but haven't found the time so far.)

Given that itself was probably exploited, maybe we should
also rebuild all binaries that we have there.

On Sat, Feb 17, 2018 at 8:46 PM, David Kastrup <> wrote:
> Probably relevant for our download problems:
> ---------- Forwarded message ----------
> From: Jeremy Jongepier <>
> To: Linux Audio Users 
> <linux-audio-user-cunTk1MwBs/>, LAD 
> <linux-audio-dev-cunTk1MwBs/>
> Cc:
> Bcc:
> Date: Sat, 17 Feb 2018 19:15:17 +0100
> Subject: [LAD] is back online!
> Dear all,
> We just enabled all mail services for again. All mailing
> lists are working again and mail can be sent and received for the
> domain.
> A short recap of what happened is that got compromised on
> January 29th, probably with a compromised private SSH key or password
> from an account with shell access. The attacker checked the kernel, saw
> that it was vulnerable to Dirty COW¹, pulled in an exploit and got root.
> This was quickly discovered by the IT department of Virginia Tech
> University that disconnected the server from the internet and started a
> forensic investigation procedure. As part of their IT security policy
> the server had to be reinstalled and everything had to be set up from
> scratch again. In the meanwhile I built an alternative setup and after
> some discussion we agreed on moving away from the
> Virginia Tech server.
> So got a new home after 15 years at Virginia Tech². We're
> very, very thankful that we could host on their servers
> and we can't stress enough how grateful we are for all the work that has
> been done on the side of Virginia Tech after the hack.
> now lives at Fuga³, a fully open source OpenStack⁴ cloud
> based in The Netherlands. Fuga is part of Cyso⁵, the company I work for.
> The ecosystem now consists of three separate servers, a
> web server, a mail server and a storage server. We rebuilt everything
> with portability and scalability in mind with a strong focus on
> security. You can never prevent passwords or SSH keys getting into the
> hands of hackers but we'll try to keep the servers as up to date as we
> can to narrow down the attack surface as much as possible.
> A big thank you to all those who helped out! It was quite a ride but it
> seems as if most part of the ecosystem is accessible
> again. If you find any web pages, downloads or other bits and parts that
> don't work properly then please let us know so we can take a look at it.
> Many thanks in advance and also many thanks for bearing with us!
> Best,
> Jeremy Jongepier
> ¹
> ²
> ³
> ⁴
> ⁴
> _______________________________________________
> Linux-audio-dev mailing list
> --
> David Kastrup
> _______________________________________________
> lilypond-devel mailing list

Han-Wen Nienhuys - -

lilypond-devel mailing list

Reply via email to