Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
We detected a direct targeted attack that resulted in an exploit of several SourceForge.net servers, and have proactively shut down a handful of developer centric services to safeguard data and protect the majority of our services.
Our immediate priorities are to prevent further exposure and ensure data integrity. We have all hands on deck working on identifying the exploit vector or vectors, eliminating them, and restoring the impacted services.
I've got e-mail (dated Sat 29/Jan) form sourceforge.net, which I cannot tell whether it is a spam/phish mail.
Quote:
Hello,
We recently experienced a directed attack on SourceForge infrastructure
(http://sourceforge.net/blog/sourceforge-net-attack/) and so we are
resetting all passwords in the sf.net database -- just in case. We're
e-mailing all sf.net registered account holders to let you know about this
change to your account.
Our investigation uncovered evidence of password sniffing attempts. We have
no evidence to suggest that your password has been compromised. But, what
we definitely don't want is to find out in 2 months that passwords were
compromised and we didn't take action.
So, as a proactive measure we've invalidated your SourceForge.net account
password. To access the site again, you'll need to go through the email
recovery process and choose a shiny new password:
We appreciate your patience with us as we work to respond to this attack.
We'll be working through the weekend to get things back to normal as
quickly as possible.
Watch for updates on the service outages on our blog:
----------------------------------------------------------------------
SourceForge.net has made this mailing to you as a registered user of
the SourceForge.net site to convey important information regarding
your SourceForge.net account or your use of SourceForge.net services.
We make a small number of directed mailings to registered users each
year regarding their account or data, to help preserve the security of
their account or prevent loss of data or service access.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
SourceForge.net Servers Compromised
