In an IRC (internet relay chat) meeting of the Ubuntu collocation team this week, one member indicated that the source of the malicious attacks might have been a hacker using a Chinese IP address attempting to access the servers by brute force "for a long time now."
The servers, some of which were hosted by Canonical, the commercial sponsor of the Ubuntu project, were out of date, populated with various software, and missing security patches according to Ubuntu project leaders.
"An attacker could have gotten a shell through almost any of these sites" hosted on the downed servers, Ubuntu community manager Jono Bacon wrote in an online posting.
The community began to reboot the servers in a "safe state" this week in an attempt to recover the data stored on them.
"Unfortunately, the process was taking far longer than we would have hoped or liked due to a combination" of issues, Bacon wrote in the posting.
"[That included] having to use remote hands, arbitrary limits imposed by those remote hands and (relative) lack of bandwidth to copy data off site," he said.
During the Aug. 14 IRC meeting, the Ubuntu community gave location teams the option of migrating to the Canonical data center or remaining with the hosted/outsourced servers. The UK-based Canonical provides support, professional and engineering services and hardware and software certification for the Ubuntu variant of the open-source Linux operating system.
The benefits to moving to Canonical, noted Bacon, included better hardware and bandwidth and full time support from Canonical's sysadmin team, including software maintenance and integration into its existing backup infrastructure.
The tradeoffs, on the other hand, include no root access, access by per-user SSH key only with a limited number of accounts per location and software support restricted to a short list that includes the blogging platform Wordpress, the Ubuntu community forum Planet, and the wiki engine MoinMoin.