Home  |  News  |  Articles  |  Forum  |  Polls  |  Blogs  |  Videos  |  Resource Library

Keywords: Match:
Linux Foundation sites still offline after "brute force attack"
Sep. 13, 2011

The Linux Foundation says service will return "in the coming days" at, and other sites taken offline for a third day after a "brute force attack." The Linux kernel is unaffected, but registered users on Linux Foundation sites likely had their personal information compromised.

A week after uncovering malware on several key servers, the Linux Foundationhas taken other key websites -- including -- offline for a complete reinstall., and all sub-domains associated with these sites were taken offline after administrators discovered "a security breach" on Sept. 8, according to an email sent to all registered members of the sites on Sept. 11.

The site was down for a third day on Sept. 13. An updated version of a holding page placed on all the affected sites (below), called the breach a "brute force attack," noting, "The Linux Foundation does not store passwords in plaintext. However an attacker with access to stored password would have direct access to conduct a brute force attack." email addresses "are working and safe to use," according to the Linux Foundation.

Original holding page displayed on
(Click to enlarge)

Personal info likely compromised

The username, password, email address and "other information" provided by users registered with the sites may have been stolen, according to the disclosure email. Any passwords or SSH keys used on those sites should be considered compromised, and the foundation recommends that if any of the passwords have been reused elsewhere, users should change them immediately.

"We believe this breach was connected to the intrusion on," Linux Foundation said in the email. Linux Organization officials discovered on Aug. 28 that attackers had installed a Trojan and opened a backdoor into servers on Aug. 12.

The attackers had logged user activity and modified the OpenSSH client and server software installed on the compromised server, but had not gained access to the Linux kernel source code or other applications. The Trojan discovered on was based on an "off-the-shelf" rootkit called Phalanx.

The security breach is not just about information theft as it involves a malware compromise, Paul Ducklin, head of technology for the Asia Pacific group at Sophos, wrote on the Naked Security blog. "If a server is 'owned' by malware, even the login process should be considered untrustworthy," Ducklin wrote, noting that malware could steal passwords directly from memory at the time of the actual login by a user.

The pattern of activity by the intruders on led observers to speculate that the attackers did not really understand the significance of the servers they'd breached and were unable to capitalize on the attack. If the latest breaches are related to and had occurred around the same time, the attacks appear to be even more widespread than originally thought.

Linux kernel not affected

These breaches are said to have no impact on the Linux kernel or any other projects' source codes as none of the compromised sites are related to software development, as is

The Linux Foundation is a not-for-profit organization which funds Linux development so that the developers remain independent of any particular vendor or commercial group. is the news, information and community site about Linux, and provides information on the foundation's activities. The sub-domains, such as the Linux Developer Network and the video site, are also used for disseminating information.

The latest incident on Linux servers may actually make Linux supporters take a serious look at Linux malware and security in general, Ducklin said. It will also likely force people who continue to perceive the operating system as a "hobby product" as being more legitimate than that, since "why else would be in the sights of cyber-crooks?" according to Ducklin.

"Whilst Linux malware is not new, this is probably the closest it has ever come to the heart of their beloved operating system," Ducklin wrote.

Fahmida Rashid is a writer for eWEEK.

Related Stories:

(Click here for further information)

Home  |  News  |  Articles  |  Forum  |  Polls  |  About  |  Contact

Ziff Davis Enterprise Home | Contact Us | Advertise | Link to Us | Reprints | Magazine Subscriptions | Newsletters
Tech RSS Feeds | ROI Calculators | Tech Podcasts | Tech Video | VARs | Channel News

Baseline | Careers | Channel Insider | CIO Insight | DesktopLinux | DeviceForge | DevSource | eSeminars |
eWEEK | Enterprise Network Security | LinuxDevices | Linux Watch | Microsoft Watch | Mid-market | Networking | PDF Zone |
Publish | Security IT Hub | Strategic Partner | Web Buyer's Guide | Windows for Devices

Developer Shed | Dev Shed | ASP Free | Dev Articles | Dev Hardware | SEO Chat | Tutorialized | Scripts |
Code Walkers | Web Hosters | Dev Mechanic | Dev Archives | igrep

Use of this site is governed by our Terms of Service and Privacy Policy. Except where otherwise specified, the contents of this site are copyright © 1999-2011 Ziff Davis Enterprise Holdings Inc. All Rights Reserved. Reproduction in whole or in part in any form or medium without express written permission of Ziff Davis Enterprise is prohibited. Linux is a registered trademark of Linus Torvalds. All other marks are the property of their respective owners.