For your info: I am the operator of the "privshield" exit. I just got notice from my hoster (5gbps.com) that their backoffice admin panel was compromised. Indeed my firstname and password to the admin panel have been changed. Fortunately, I have SSH on my VPS configured to only accept public key-based logins, and see no signs of entry of the VPS. As the backoffice panel provides direct console access, there is a slight chance they logged in directly by a safe-mode boot, but my uptime is a month, and I see no dip in the tor bandwidth: https://atlas.torproject.org/#details/DA3F7BD5428F88C79C9C7006B791982DA01154... However, as a precaution I have shut down my tor exit. I will request a clean Ubuntu image and reinstall my tor exit this weekend. I will generate new server keys just to be sure. My mail is hosted on the same system, I won't have access to this email address for a few days. // Yoriz
Hi Yoriz, Yoriz:
I am the operator of the "privshield" exit. I just got notice from my hoster (5gbps.com) that their backoffice admin panel was compromised. Indeed my firstname and password to the admin panel have been changed. Fortunately, I have SSH on my VPS configured to only accept public key-based logins, and see no signs of entry of the VPS.
As the backoffice panel provides direct console access, there is a slight chance they logged in directly by a safe-mode boot, but my uptime is a month, and I see no dip in the tor bandwidth: https://atlas.torproject.org/#details/DA3F7BD5428F88C79C9C7006B791982DA01154...
However, as a precaution I have shut down my tor exit. I will request a clean Ubuntu image and reinstall my tor exit this weekend. I will generate new server keys just to be sure. My mail is hosted on the same system, I won't have access to this email address for a few days.
Thanks for handling this breach in such a responsible manner. I hope your reinstallation will go smoothly. -- Lunar <lunar@torproject.org>
Yoriz, I also concur with the previous reply at the way you are handling the situation. I hope you get back up and running soon. Thanks for running an exit. Jon On Fri, Oct 4, 2013 at 2:21 AM, Yoriz <tor@privshield.com> wrote:
For your info:
I am the operator of the "privshield" exit. I just got notice from my hoster (5gbps.com) that their backoffice admin panel was compromised. Indeed my firstname and password to the admin panel have been changed. Fortunately, I have SSH on my VPS configured to only accept public key-based logins, and see no signs of entry of the VPS.
As the backoffice panel provides direct console access, there is a slight chance they logged in directly by a safe-mode boot, but my uptime is a month, and I see no dip in the tor bandwidth: https://atlas.torproject.org/#details/DA3F7BD5428F88C79C9C7006B791982DA01154...
However, as a precaution I have shut down my tor exit. I will request a clean Ubuntu image and reinstall my tor exit this weekend. I will generate new server keys just to be sure. My mail is hosted on the same system, I won't have access to this email address for a few days.
// Yoriz
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
participants (3)
-
Jon -
Lunar -
Yoriz