Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Looks like possibly a supply chain attack targeted specifically at Luke Jr's server:

https://twitter.com/naka_frodo/status/1609655813789949959/ph...



Let's see:

1) he thinks that "dedicated servers" are in any way secure

2) discovers malicious intrusion, but doesn't burn down the whole server and re-key everything

3) is supposed to be knowledgable enough to be a core Bitcoin developer but stays on a "dedicated server" after finding malicious intrusion.

This is highly suspect. Either you have stuff that's not worth much, and therefore you don't pay to physically colocate your own server, or at very least you don't pay enough to get a server from a smaller company where you're dealing with real humans with names and reputations... Or you're storing things that really matter, have a large value, or likely both, and you'd pay extra to get better things.

What kind of hubris would lead to continuing to use a compromised server, particularly when the compromise appears to have come from the hosting provider?

Perhaps we need to wait for more information, but from what I've seen so far, there's something not right here.


> What kind of hubris would lead to continuing to use a compromised server, particularly when the compromise appears to have come from the hosting provider?

"Appears to" to the incompetent victim of attack, "I dunno how it happened therefore it must be hosting provider".

He has found no avenue of attack, decided he must be perfect sysadmin so it couldn't be say just a plain 0-day or fact he didn't upgrade some software with security problem and went on blaming hosting provider.

... then continued to use not only same provider but same compromised server for months.

Smart guy ego at work


The salty posts about his hosting provider are confusing to me. He is paying $55/month and is expecting aid in forensics and audits? Is that normal for a low cost provider?

Edit: Also it sounds like he didn't immediately shut down the server after the first hack? That is completely insane. I understand you want to investigate but you are leaving yourself wide open leaving the system running. It's been compromised. End of story.


It’s not normal for any provider


To be fair, even if he was only paying $5 a month, if there was a tiny chance that the compromise was done by an employee, any reasonable provider would be all over it.


He had no proof aside from "I have found no proof therefore hosting provider must've did it".

Then in his arrogance he thought he's expert enough to "clean" the compromised server even when every security guy will tell you to take the data out and burn it to the ground if there is even a suspicion of compromise.


I do not understand any of this.

1. Was he storing important secrets on a random server somewhere? A PGP key? Why?

2. Before this went down, he noticed someone broke in TWICE and he didn't shut down the server? What was the rationale? Security wise, is there something preventing you from downloading what is important to you and wiping the whole thing?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: