Jump to content
tromfil

Hetzner got hacked

Recommended Posts

Posted

At the end of last week, Hetzner technicians discovered a "backdoor" in one

of our internal monitoring systems (Nagios).

An investigation was launched immediately and showed that the administration

interface for dedicated root servers (Robot) had also been affected. Current

findings would suggest that fragments of our client database had been copied

externally.

As a result, we currently have to consider the client data stored in our Robot

as compromised.

To our knowledge, the malicious program that we have discovered is as yet

unknown and has never appeared before.

The malicious code used in the "backdoor" exclusively infects the RAM. First

analysis suggests that the malicious code directly infiltrates running Apache

and sshd processes. Here, the infection neither modifies the binaries of the

service which has been compromised, nor does it restart the service which has

been affected.

The standard techniques used for analysis such as the examination of checksum

or tools such as "rkhunter" are therefore not able to track down the malicious

code.

We have commissioned an external security company with a detailed analysis of

the incident to support our in-house administrators. At this stage, analysis

of the incident has not yet been completed.

The access passwords for your Robot client account are stored in our database

as Hash (SHA256) with salt. As a precaution, we recommend that you change your

client passwords in the Robot.

With credit cards, only the last three digits of the card number, the card type

and the expiry date are saved in our systems. All other card data is saved

solely by our payment service provider and referenced via a pseudo card number.

Therefore, as far as we are aware, credit card data has not been compromised.

Hetzner technicians are permanently working on localising and preventing possible

security vulnerabilities as well as ensuring that our systems and infrastructure

are kept as safe as possible. Data security is a very high priority for us. To

expedite clarification further, we have reported this incident to the data

security authority concerned.

Furthermore, we are in contact with the Federal Criminal Police Office (BKA) in

regard to this incident.

Naturally, we shall inform you of new developments immediately.

We very much regret this incident and thank you for your understanding and

trust in us.

A special FAQs page has been set up at

Security Issue/en – Hetzner DokuWiki to assist you with further

enquiries.

Kind regards

Martin Hetzner

Hetzner Got Hacked - Web Hosting Talk

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...