A number of Ubuntu servers maintained by so-called Local Community teams around the world have been compromised and had to be shut down over the weekend to prevent them from attacking other machines. Ubuntu community leaders said that five of the eight LoCo servers, which are sponsored by Canonical, a services firm that caters to open-source projects, had been actively attacking other machines on the Internet and an investigation revealed a number of serious security problems with the servers. The servers all were running out-of-date versions of Ubuntu and were missing security patches. The machines also were accepting unsecured inbound FTP connections and had not been upgraded past a nearly two year-old version of Ubuntu, which “probably allowed the attacker to gain root,” Canonical administrator James Troup wrote in an email detailing the Ubuntu attack.
As a result of the attacks, Canonical is encouraging the LoCo teams to migrate their servers to Canonical’s data center, which would entail some tighter security restrictions, including: no root access; access by per-user SSH key only; and restrictions on the kinds of software run on the server. The Ubuntu team is still working to bring all of the servers back online.