Kite server hacked
Written by Mooneer Salem on Friday 17th of July, 2009 in General with 10 comments
Tonight, a rootkit was discovered on the VM hosting this Web site. As a result, we have moved SVN, Trac and the main Web site to a new machine earlier than we anticipated. If you see this, you are viewing the site on the new machine; the old VM has been taken down to contain the damage. Apologies for the inconvenience this has caused.
Please let us know if you see anything weird or broken on any of the sites. Thanks!
Comments
Any idea how it got there?
That’s kind of scary. Good to see it’s been handled right away. :)
@Rowan: Looks like they got in through dovecot/PHP, possibly through an OpenSSL vulnerability (since dovecot was SSL-only). I’ve moved Kite’s email to Google, so the only major thing that should be running now is Apache. :)
Cannot checkout svn code…...
Error: Can’t connect to host ‘svn.lifeafterking.org’: No connection could be made because the target machine actively refused it.
@Taylor: the issue should be fixed now. Sorry about that!
Cool! So have you started development on 1.1/1.2 yet?
I second Taylors question!
svn down again.
Sorry, it’s back up again. I really need to create a system startup script for svnserve, but I digress.
Anyway, I’m working on some performance optimizations at the moment. I’ve played around with switching to an LLVM based framework for 1.1/1.2, but nothing concrete yet. LLVM’s in C++, so I’m wondering if it would be better to redo the standard library in C++ as well. shrug
Sounds good! I can’t wait to see some of your progress!