Guest User


a guest
Jun 6th, 2013
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. ---------- Forwarded message ----------
  2. From: <>
  3. Date: Thu, Jun 6, 2013 at 6:05 PM
  4. Subject: Important Hetzner Online Client Information
  5. To:
  9. Dear Client
  11. At the end of last week, Hetzner technicians discovered a "backdoor" in one
  12. of our internal monitoring systems (Nagios).
  14. An investigation was launched immediately and showed that the administration
  15. interface for dedicated root servers (Robot) had also been affected. Current
  16. findings would suggest that fragments of our client database had been copied
  17. externally.
  19. As a result, we currently have to consider the client data stored in our Robot
  20. as compromised.
  22. To our knowledge, the malicious program that we have discovered is as yet
  23. unknown and has never appeared before.
  25. The malicious code used in the "backdoor" exclusively infects the RAM. First
  26. analysis suggests that the malicious code directly infiltrates running Apache
  27. and sshd processes. Here, the infection neither modifies the binaries of the
  28. service which has been compromised, nor does it restart the service which has
  29. been affected.
  31. The standard techniques used for analysis such as the examination of checksum
  32. or tools such as "rkhunter" are therefore not able to track down the malicious
  33. code.
  35. We have commissioned an external security company with a detailed analysis of
  36. the incident to support our in-house administrators. At this stage, analysis
  37. of the incident has not yet been completed.
  39. The access passwords for your Robot client account are stored in our database
  40. as Hash (SHA256) with salt. As a precaution, we recommend that you change your
  41. client passwords in the Robot.
  43. With credit cards, only the last three digits of the card number, the card type
  44. and the expiry date are saved in our systems. All other card data is saved
  45. solely by our payment service provider and referenced via a pseudo card number.
  46. Therefore, as far as we are aware, credit card data has not been compromised.
  48. Hetzner technicians are permanently working on localising and preventing possible
  49. security vulnerabilities as well as ensuring that our systems and infrastructure
  50. are kept as safe as possible. Data security is a very high priority for us. To
  51. expedite clarification further, we have reported this incident to the data
  52. security authority concerned.
  54. Furthermore, we are in contact with the Federal Criminal Police Office (BKA) in
  55. regard to this incident.
  57. Naturally, we shall inform you of new developments immediately.
  59. We very much regret this incident and thank you for your understanding and
  60. trust in us.
  62. A special FAQs page has been set up at
  63. to assist you with further
  64. enquiries.
  66. Kind regards
  68. Martin Hetzner
  70. Hetzner Online AG
  71. Stuttgarter Str. 1
  72. 91710 Gunzenhausen / Germany
  73. Tel: +49 (9831) 61006-1
  74. Fax: +49 (9831) 61006-2
  79. Register Court: Registergericht Ansbach, HRB 3204
  80. Management Board: Dipl. Ing. (FH) Martin Hetzner
  81. Chairwoman of the Supervisory Board: Diana Rothhan
RAW Paste Data