SO IMAGINE YOU REALLY LOVE OPEN SOURCE; you've poured yourself a glass of claret from a wine box and have settled into a night of perusing Linux.org. You feel a tingle of excitement as you type in the URL - you're old skool - but that sours to despair as you see a defaced website greet your eyes.
Yep, it looks like someone managed to get into the Linux.org website's domain name service (DNS) settings and point the domain to another server that served up a defaced webpage, which depending on when you may have accessed it, greeted visitors with racial slurs, an obscene picture and a protest against the revised Linux kernel developer code of conduct.
"Someone was able to get into the registrar account for our domain and point DNS to another server -- as well as lock us out from changing it. They pointed the domain name to a pretty rude page for most of the evening until Cloudflare stepped in and blocked the domain for us," Linux.org said.
"After a lot of back and forth with our registrar, we were able to get things back under our control. I'd like to point out that our server environment was not touched so there are no worries about your data. We've gone over security protocols and are tightening things up that may have slipped through in the past."
On Reddit, one of the Linux.org admins explained that a combination of publicly available information and failure to implement two-factor authentication lead to the hacker getting access to the site
"It's a good lesson - after this happened, I MFA'd all my stuff to be sure. I think it was a combination of public whois info and no MAF that lead to this. There's always one thing - they found the weakest link and exploited it," said the admin.
One thing to note is that the underlying database and production environment for the website wasn't touched or accessed, meaning no data has been breached, but simply the homepage was defaced thanks to some DNS redirecting.
Everything is back to normal now, but the hackers motivations for defacing the site don't seem to be clear; maybe they were just really bored. But the whole situation does serve to highlight that two or multi-factor authentication is pretty handy when you're running a site that you want to keep clean and tidy and out of the meddling reach of ne'er-do-wells. µ
Hashes to hashes
Team Green cranks the Super GPU machine
Also, the moon on a stick