1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Hetzner Hacked!

Discussion in 'Off Topic' started by The Forum Heroes, Jun 7, 2013.

  1. The Forum Heroes

    The Forum Heroes Well-Known Member

    Though I have not had a server with them in a long time, I still receive mailing from them. Just got this one a bit ago.

    Full text of the email sent to cutomers:
    Dear Client

    At the end of last week, Hetzner technicians discovered a "backdoor" in one of our internal monitoring systems (Nagios).

    An investigation was launched immediately and showed that the administration interface for dedicated root servers (Robot) had also been affected. Current findings would suggest that fragments of our client database had been copied externally.

    As a result, we currently have to consider the client data stored in our Robot as compromised.

    To our knowledge, the malicious program that we have discovered is as yet unknown and has never appeared before.

    The malicious code used in the "backdoor" exclusively infects the RAM. First analysis suggests that the malicious code directly infiltrates running Apache and sshd processes. Here, the infection neither modifies the binaries of the service which has been compromised, nor does it restart the service which has been affected.

    The standard techniques used for analysis such as the examination of checksum or tools such as "rkhunter" are therefore not able to track down the malicious code.

    We have commissioned an external security company with a detailed analysis of the incident to support our in-house administrators. At this stage, analysis of the incident has not yet been completed.

    The access passwords for your Robot client account are stored in our database as Hash (SHA256) with salt. As a precaution, we recommend that you change your client passwords in the Robot.

    With credit cards, only the last three digits of the card number, the card type and the expiry date are saved in our systems. All other card data is saved solely by our payment service provider and referenced via a pseudo card number. Therefore, as far as we are aware, credit card data has not been compromised.

    Hetzner technicians are permanently working on localising and preventing possible security vulnerabilities as well as ensuring that our systems and infrastructure are kept as safe as possible. Data security is a very high priority for us. To expedite clarification further, we have reported this incident to the data security authority concerned.

    Furthermore, we are in contact with the Federal Criminal Police Office (BKA) in regard to this incident.

    Naturally, we shall inform you of new developments immediately.

    We very much regret this incident and thank you for your understanding and trust in us.

    A special FAQs page has been set up at http://wiki.hetzner.de/index.php/Security_Issue/en to assist you with further enquiries.

    Kind regards

    Martin Hetzner
    Adam Howard likes this.
  2. Sador

    Sador Well-Known Member

    Good explanation by them.

    That said:

  3. Slavik

    Slavik XenForo Moderator Staff Member

    At least they actually found it, though knowing how long they've been vunerable would be the next question.
    Adam Howard likes this.
  4. Adam Howard

    Adam Howard Well-Known Member

    How about bank data (debit note)? Is this compromised?
    Bank details are encrypted (two-way) in the database. However, it cannot be excluded that the attacker/s have also been able to obtain access to the key.

    ^ This is the big on

    Anyone here using Hertz should really think about canceling their debit card, bank card, credit card, and if you used any bank account numbers for payment (bill pay or wire transfer for example), you may want to close your bank account and open a new one. :coffee:

    Attached Files:

    BlackJacket likes this.
  5. ManagerJosh

    ManagerJosh Well-Known Member

    Hertz or Hetzner?
    SneakyDave likes this.
  6. RickM

    RickM Well-Known Member

    Dont Hertz do car rental, not server rental :cautious::p
    SneakyDave likes this.
  7. whynot

    whynot Well-Known Member

    No, Hertz Is the best salami on Earth:

    goyo likes this.
  8. Adam Howard

    Adam Howard Well-Known Member

    I'm really, really bad with names.

    I dated my ex wife for about 2 weeks before I could remember her name. I kept calling her hun (mostly), but also honey, sweetie, babe, ect... Her name was Heather.

    Took 2 weeks to remember that fact.... Really bad with names.
  9. Tracy Perry

    Tracy Perry Well-Known Member

    Does that have anything to do with the fact that she's an ex? :ROFLMAO:

Share This Page