by Swapnil Bhartiya

OpenSUSE site hacked; quickly restored

Opinion
Feb 07, 2017
HackingLinuxOpen Source

One of the openSUSE sites, news.opensuse.org, was compromised by hackers, but "there was no breach of any other part of openSUSEs infrastructure," says openSUSE chairman Richard Brown.rn

As the openSUSE team was enjoying FOSDEM in Brussels, Belgium, one of their sites, news.opensuse.org, was compromised by hackers. The site content was replaced with this code and the Kurdish flag:



  openSUSE News: Hacked By MuhmadEmad
  
href="https://news.opensuse.org/2017/02/01/opensuse-cloud-images-are-ripe-for-users/">


  

HaCkeD by MuhmadEmad
HaCkeD By  MuhmadEmad
Long Live to peshmarga

src="http://zonehmirrors.org/defaced/2015/11/14/demilosightings.com/kurdistantour.net/uploads/statics_image/kurdistan_flag_waving.gif" width="25%" />

KurDish HaCk3rS WaS Here

kurdlinux007@gmail.com FUCK ISIS !

The openSUSE team acted quickly to restore the site. When I talked to Richard Brown, openSUSE chairman, he said that “the server that hosts ‘news.opensuse.org’ is isolated from the majority of openSUSE infrastructure by design, so there was no breach of any other part of openSUSEs infrastructure, especially our build, test and download systems. Our offered downloads remain safe and consistent and there was no breach of any openSUSE contributor data.”

The team is still investigating the reason for the breach so I don’t have much information. The site ran a WordPress install and it seems that WordPress was compromised.

This site is not managed by the SUSE or openSUSE team. It is handled by the IT team of MicroFocus. However, Brown said that SUSE management certainly doesn’t want any such incident to happen again and they are considering moving the site to the infrastructure managed by SUSE and openSUSE team.

In most cases, the openSUSE-related sites are part of openSUSE infrastructure that is managed by the community members but also has the backing of the SUSE sysadmins. On the other hand, SUSE sites are part of the SUSE infrastructure and are fully managed by SUSE sysadmins.

This is not the first time an openSUSE site has been compromised, there was an instance earlier when openSUSE forums were compromised and hackers stole the forum user database. However, since the forum user database didn’t contain private information or passwords, there were no serious issues other than public embarrassment. As expected, that site was not managed by the openSUSE or SUSE teams.

In addition, as an openSUSE user, I have often encountered issues with servers. At times I have experienced downtime and really slow sites. I think it’s about time SUSE/openSUSE take over their infrastructure and invest in improving it.