[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [ecf-dev] ecf2.osuosl.org

On 11/29/2010 07:31 PM, Scott Lewis wrote:
> Hi Folks,
> 
> This morning the OSU Open Source lab is apparently experiencing an ssh
> attack (i.e. to all machines *.osuosl.org).
> 
> One of the machines in that domain is ecf2.osuosl.org.  ecf2 was
> formerly our build machine...about two weeks ago Markus K completed the
> move of ecf2.osuosl.org to the new machine [1] and [2].
> 
> Since ecf2 is a fairly old system, it is probably somewhat more
> vulnerable to compromise from this ssh attack (older OS version)...so we
> are going to ask that if the OSU OSL admins want to, that they can shut
> this machine down temporarily.  This is only temporary, but it may be a
> while (e.g. week) before ecf2.osuosl.org is back up.  It will, however,
> be back up eventually.
> 
> Please let everyone know via this list if this creates a problem for
> you.  In general, everyone should be migrating over to using [2] for
> accessing ECF build artifacts, but I realize that some may not have
> completed such a changeover.

As a precaution, ecf2.osuosl.org has been taken down now. Nothing
indicated a security break in, but we want to be on the safe side.

It's going to take a while before the machine is going to be online
again. The OSU admins have to find time to reinstall the box with a
recent Linux (Gentoo).

Markus