Re: [tor-relays] Admin panel compromised

Subject: Re: [tor-relays] Admin panel compromised

Date: Fri, 4 Oct 2013 08:52:09 -0500

Delivery-date: Fri, 04 Oct 2013 09:52:21 -0400

Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=EJteoLmvzL2dy2P/C1sC2rMle+PaQv1MuUAiN8q6qdQ=; b=s81WMXofUsKxpvPwdRbKYh4Dgs5M4JYptTWe1EndXjBsR0elAJ/IWJFkygim8Nz7uO iufqJhWNKoShHis7NXK3GHsWZgbb/3uETgc9qFYTUkJOnMwU0YpL0JA2kN4sLWoXXvH5 L3Y+6yoQbITscneMGVC48CH1H82d3gKmWEyjICZUmtnInkPW81axI6evA8cTM46SAMac 7QzZAapJhC087ui+/BpuSESVUHPjo93+uXcM+wx+tjhhBsTvRBM3UtJbC2YBCBf1/RcN uzOc0tPVmhAsOfEbJaGQOtIf7lClmYB4l0WP/zUpxp/JKasaeeOQBXTAm9OcPZ+WQxC7 SO2A==

In-reply-to: <E5512B74-D2B1-4866-84A8-F4651C7F07C3@xxxxxxxxxxxxxx>

List-archive: <http://lists.torproject.org/pipermail/tor-relays/>

List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>

List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>

List-post: <mailto:tor-relays@lists.torproject.org>

List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>

List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>

References: <E5512B74-D2B1-4866-84A8-F4651C7F07C3@xxxxxxxxxxxxxx>

Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx

Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>

Yoriz,

I also concur with the previous reply at the way you are handling the situation. I hope you get back up and running soon.

Thanks for running an exit.

Jon

On Fri, Oct 4, 2013 at 2:21 AM, Yoriz <tor@xxxxxxxxxxxxxx> wrote:

For your info:

I am the operator of the "privshield" exit. I just got notice from my hoster (5gbps.com) that their backoffice admin panel was compromised. Indeed my firstname and password to the admin panel have been changed. Fortunately, I have SSH on my VPS configured to only accept public key-based logins, and see no signs of entry of the VPS.

As the backoffice panel provides direct console access, there is a slight chance they logged in directly by a safe-mode boot, but my uptime is a month, and I see no dip in the tor bandwidth: https://atlas.torproject.org/#details/DA3F7BD5428F88C79C9C7006B791982DA0115411

However, as a precaution I have shut down my tor exit. I will request a clean Ubuntu image and reinstall my tor exit this weekend. I will generate new server keys just to be sure. My mail is hosted on the same system, I won't have access to this email address for a few days.

// Yoriz

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

_______________________________________________ tor-relays mailing list tor-relays@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays