Just recently, Linux.org owners had to bear with a seriously embarrassing situation when they noticed someone meddling with their website. Allegedly, some hackers defaced Linux.org and a couple more related domains as a protest against the new Linux Kernel code of conduct.
Hackers Defaced Linux.org Following DNS Hijack
This Friday, some hackers defaced Linux.org website with weird messages and a more awkward (rather obscene) picture. This was quite an embarrassing situation for the owner Michelle McLagan as it took some time to figure out what happened.
After defacing the web page, a tweet supposedly from the hacker’s Twitter account confirmed their access to McLagan’s network account. This made them take down all related websites as well, including linuxonline.com, linuxhq.com, linux.org as well as McLagan’s personal website.
The hacker put up the message “G3T 0WNED L1NUX N3RDZ” along with an NSFW “goatse” image on the hacked website. After the incident, the Linux.org admin confirmed the incident on Reddit, revealing the details. As disclosed, it was merely a DNS hijacking incident where the site’s DNS redirected the traffic to some other website.
Linux.org isn’t the official Linux website. But it has somehow earned a credible stance as it serves as a friendly platform for people to discuss and resolve their issues.
Probably… Time For MFA!
Linux admins have confirmed again that the site hacking incident remained confined to DNS only. However, it took them some time to recover their website. As stated on a Linux.org thread.
“Yesterday afternoon around 5pm EST someone was able to get into the registrar account for our domain and point DNS to another server – as well as lock us out from changing it… After a lot of back and forth with our registrar, we were able to get things back under our control.”
Nonetheless, they confirmed that the hijacking did not affect any sensitive databases.
“I’d like to point out that our server environment was not touched so there are no worries about your data.”
They have assured that security will be tightened. In the Reddit post shared earlier, the admin clearly stated,
“Lesson learned – MFA all the things.”
They also realized that this should have been done in the first place. Nonetheless, they now have implemented all such steps. As stated in a response to a comment,
“It’s a good lesson – after this happened, I mfa’d all my stuff to be sure. I think it was a combination of public whois info and no mfa that lead to this. There’s always one thing – they found the weakest link and exploited it.”
Site defacement usually comes as a protest in response to any enraging issue. The present incident links back to the new Linux Kernel developer’s code of conduct.