<-- home

Gameserver hack (the falcon has fallen)

Hello friends,

our beloved game server (falcon.socialnerds.org) has been compromised by a hacker. I learned about it when network access was blocked by the hosting provider today. We don’t know exactly how this came to pass but falcon was infected by malware which installed the so called Bill Gates Botnet (here is a very detailed report about it).

Usually these attacks try to brute-force their way into the root account. Though i cannot see how this was possible since we had password authentication and root login disabled right from the beginning.

In the end i was able to clean out the malware and recover all game server data. Though since the attacker could have left more mailicious code i decided to get rid of falcon and setup a brand new server at endeavour.socialnerds.org.

Also i hardened the ssh config of all other machines and implemented stronger passwords (i’m also thinking fail2ban).