As we mentioned on our Telegram Group, Discord Server, Mastodon, and Twitter, the server the Drauger OS apt repo and website is on has had a security breach this week.
So far, we know the apt repository has NOT been messed with for fact, and it wasn’t any Drauger OS services that were hacked. Instead, it was one of the services provided by one of the other websites on the same server as Drauger OS.
When this service was breached, a phishing site was uploaded. But, the site has been taken down and an investigation of the account now to determine if the vulnerability was specific to that account or if it is site or even server wide is currently underway.
It also has come to our attention that our services are not in some form of isolated container. Normally on a web server each website is inside of a Virtual Machine, Docker container, or some other form of isolated environment. This is done to ensure the security of all sites on the server and protect the host server from being affected by a security breach. However, no form of isolation is being employed on our server, leaving us vulnerable.
I have discussed these issues with our web developer, and he knows about as much as we do at this point. We are currently looking for another hosting provider who will provide us with the bandwidth and disk space we need at the price we are looking for (Free).
Until then, all we can do is monitor our server and make consistent back-ups.
For more clarity, the specific site that was breached was a branch of our partner organization, CYGO Network, known as CYGO File. It is a file hosting service, similar to Google Drive, which uses NextCloud to provide some limited web-based file storage to members of the CYGO Network for free.
CYGO Network themselves are aware of the breach, are conducting the investigation, and are providing us with information as soon as it becomes available to them.
We apologize to all our users for this breach of security, and surely what is also a breach of trust for many of our users. We will work hard to re-secure our server and keep it secure, even if another site on our server is breached.
Lead Dev, Founder
Find us on Social Media!