[Operators] Jabber.sk - stolen ejabberd databases
skupko.sk at gmail.com
Fri Aug 31 13:59:10 UTC 2012
On 08/31/2012 12:24 PM, Mathias Ertl wrote:
> Hi Peter,
> On Fri, Aug 31, 2012 at 02:01:06AM +0200, Peter Viskup wrote:
>> let me inform you all internal ejabberd databases of server
>> jabber.sk were stolen. Please inform us in case you will be facing
>> any suspicious activity from jabber.sk accounts. We already
>> performed infrastructure inventory and it looks like they were
>> interested only in ejabberd databases.
>> Attacker used IP 22.214.171.124 which is registered in Sweden and one
>> local system account was compromised.
>> Will inform you once will have some other important information for you.
> Did you find out how the attacker gained access? Was any Jabber software
> used to gain access?
> greetings, Mati
Hi Mathias and all,
at this time we do not have evidence about any Jabber software used to
gain access. They used weakness in our hosting infrastructure to access
some of our systems. But we do not know how they reached ejabberd
databases till now and the investigation is still ongoing.
It looks like they were interested only in ejabberd databases as they
didn't break any hosting service despite they got root access on one of
It could be related to activities of syrian people using our server on
I am going to contact owner of that IP and ask them for help to get more
information about this break attempt.
More information about the Operators