On 12/29/24 19:51, Zach van Rijn via cfarm-users wrote:
Dear CFarm User,
It has come to our attention that Compile Farm resources have
(in general) been abused in pursuit of cryptocurrency mining.
Was this one incident or multiple incidents? By the same user or
multiple accounts? Long-standing or new accounts?
Can you say which hosts were abused in this way?A first guess would be
that they went for the larger x86 nodes, but I would like more details.
This could be a concerning development or just another day on the Internet.
[...]
We understand that, occasionally, an account may be compromised
(which means one's private key is compromised), and that such
use may not be intentional. We will therefore investigate and
decide how to proceed, starting with immediate account lockdown.
The only possible excuse would be that the user's private SSH key had
been stolen. I certainly hope the implicated user(s) are innocent and
would be willing to come forward. Figuring out how their keys were
stolen might help the rest of us protect ourselves better.
(Unless the victim had the worst security practices in the group, there
are others who could benefit from the same lessons.)
That the keys were stolen *should* be obvious from the sshd logs: the
miners would have been started from a different IP block than the
legitimate user uses ... unless the theft was indirect (malware gaining
access to an unlocked SSH agent somehow) and the illicit access was
relayed through the legitimate user's machine.
As a general reminder, please do not perform any sensitive tasks
on CFarm machines; these machines are not considered secure. We
provide (with the generous help of various administrators around
the world) a service to make machines available for use, with no
guarantee of privacy or security.
If this was not simply a matter of crooks talking their way into compile
farm accounts, I am very concerned because this means security
assessments involving "that machine is not interesting" need to be
reevaluated if the crooks are now looking to steal any scrap of CPU time
that they can.
(I have lost count of the number of times I have been told not to worry
about a machine because it holds nothing of value.)
-- Jacob
_______________________________________________
cfarm-users mailing list
cfarm-users@lists.tetaneutral.net
https://lists.tetaneutral.net/listinfo/cfarm-users
