Posted by Steve on Wed 12 Jul 2006 at 19:14
Several people have asked for information about the unavailability of one of the Debian projects main servers, gluck. This machine has been taken offline due to being compromised.
This is not the first time that a machine has been compromised, the last time was in November 2003. Then the compromise was detected via the use of a filesystem integrity checker, right now we don't know how this intrusion was detected.
So far the details available are pretty brief, as you can see in the following announcement message:
Hopefully more details will be made available after the cleanup, as promised in the message. The last compromise was the result of a sniffed password and a previously unknown vulnerability in the GNU/Linux kernel - I hope this time there isn't another zero-day floating around.
In the meantime the following services are disabled/unavailable:
More updates as they happen..