# Hetzner has been compromised



## WelltodoInformalCattle (Jun 6, 2013)

I received the following e-mail from Hetzner and was also linked to it by someone in #vpsboard:



> Dear Client
> 
> At the end of last week, Hetzner technicians discovered a "backdoor" in one
> of our internal monitoring systems (Nagios).
> ...


----------



## drmike (Jun 6, 2013)

Hetzner's write up is what I'd like to see other providers describing when compromised (the nature, some details, cleanup and post-event actions).

Compare this to what we've seen from all the other providers like CVPS.

As for Hetzner, doubt they have one compromise and this is likely the start of multiple successful attacks.


----------



## jarland (Jun 6, 2013)

Very detailed and professional. Hope they manage to get a good picture of how it originally infected the system and share the information with the developers who can patch it up quickly.


----------



## WelltodoInformalCattle (Jun 6, 2013)

buffalooed said:


> Compare this to what we've seen from all the other providers like CVPS.


I'm all for CVPS-bashing but you really can't compare CVPS with Hetzner to be honest.


----------



## drmike (Jun 6, 2013)

WelltodoInformalCattle said:


> I'm all for CVPS-bashing but you really can't compare CVPS with Hetzner to be honest.


 No doubt, two different entities all together.

Just pointing to the right way to deal with issues vs. the patently wrong way.  Textbook style examples of the bookends.


----------



## wlanboy (Jun 6, 2013)

Perfect reaction. I really want to know how that could happen. This is really a first class hack.

Still waiting for the smart guys to find a way to detect binaries that are only modified in RAM.


----------

