OpenSUSE site hacked; quickly restored

One of the openSUSE sites, news.opensuse.org, was compromised by hackers, but "there was no breach of any other part of openSUSEs infrastructure," says openSUSE chairman Richard Brown.

world hack gerd altmann
Gerd Altmann

As the openSUSE team was enjoying FOSDEM in Brussels, Belgium, one of their sites, news.opensuse.org, was compromised by hackers. The site content was replaced with this code and the Kurdish flag:

<html>
<head>
  <title>openSUSE News: Hacked By MuhmadEmad</title>
  <base
href="https://news.opensuse.org/2017/02/01/opensuse-cloud-images-are-ripe-for-users/">
</head>
<body id="msgFeedSummaryBody" selected="false">
  <p><title><br />
HaCkeD by MuhmadEmad<br />
</title></p>
<div style="text-align: center"><font size="6" face="comic sans
ms"><b>HaCkeD By  MuhmadEmad</b></font></div>
<div style="text-align: center"><font size="5" face="comic sans
ms"><b><br /></b></font></div>
<div style="text-align: center"><font size="5" face="comic sans
ms"><b>Long Live to peshmarga <br /></b></font></div>
<div style="text-align: center"></div>
<p><div style="text-align: center"><img
src="http://zonehmirrors.org/defaced/2015/11/14/demilosightings.com/kurdistantour.net/uploads/statics_image/kurdistan_flag_waving.gif"
width="25%" /></div>
<div style="text-align: center"></div>
<p><div style="text-align: center"><font size="5" face="comic sans
ms"><b></p>
<p>
KurDish HaCk3rS WaS Here</p>
<p> kurdlinux007@gmail.com <br /> FUCK ISIS ! </p>
</body>
</html>

The openSUSE team acted quickly to restore the site. When I talked to Richard Brown, openSUSE chairman, he said that “the server that hosts ‘news.opensuse.org’ is isolated from the majority of openSUSE infrastructure by design, so there was no breach of any other part of openSUSEs infrastructure, especially our build, test and download systems. Our offered downloads remain safe and consistent and there was no breach of any openSUSE contributor data.”

The team is still investigating the reason for the breach so I don’t have much information. The site ran a WordPress install and it seems that WordPress was compromised.

This site is not managed by the SUSE or openSUSE team. It is handled by the IT team of MicroFocus. However, Brown said that SUSE management certainly doesn’t want any such incident to happen again and they are considering moving the site to the infrastructure managed by SUSE and openSUSE team.

In most cases, the openSUSE-related sites are part of openSUSE infrastructure that is managed by the community members but also has the backing of the SUSE sysadmins. On the other hand, SUSE sites are part of the SUSE infrastructure and are fully managed by SUSE sysadmins.

This is not the first time an openSUSE site has been compromised, there was an instance earlier when openSUSE forums were compromised and hackers stole the forum user database. However, since the forum user database didn’t contain private information or passwords, there were no serious issues other than public embarrassment. As expected, that site was not managed by the openSUSE or SUSE teams.

In addition, as an openSUSE user, I have often encountered issues with servers. At times I have experienced downtime and really slow sites. I think it’s about time SUSE/openSUSE take over their infrastructure and invest in improving it.

This article is published as part of the IDG Contributor Network. Want to Join?

SUBSCRIBE! Get the best of CIO delivered to your email inbox.