Comments (3)
Hmm. Our snap repos being compromised seems unlikely. The snaps being served from our repositories are the ones we uploaded during our last release a month ago and this has not changed since then according to the metrics offered to us by the snapcraft website.
It's possible that something else in the chain has been compromised (e.g. Ubuntu's snapd or core snaps, our GitHub repo, one of our Python dependencies included in the snaps, etc.), but I'd then expect to see similar reports of this which I have not. We have hundreds of thousands of people using the certbot snap, tens of thousands using the certbot-dns-route53 snap, and so far you're the only one who has reported this. I also tried to reproduce this on a fresh Ubuntu 20.04 VPS without success.
Because of all this, I unfortunately expect the compromise is elsewhere. Your VPS provider/image? SSH key/password guessed or leaked?
I'll leave this open to see if you or anyone else can provide us with more info pointing to a potential source of the problem, but as of right now, I think everything looks OK on our end.
from certbot.
Thanks, good to know u guys have taked a look on this, we feeled morally obligated to ask about, just in case.
We have uninstalled all snap related software and -of course- stopped the miner. Until now, we have not detected any new suspicious logs or activity on the server. Will let u know if something new happens (than can validate or discard a snap repo related problem).
from certbot.
I also encountered a similar problem to you. I installed certbot about last week, and then on December 25th I found that all the files on my server were encrypted and I needed to pay to decrypt them. It had been a long time before that. I have not installed any other software, and have not even logged into the server.
from certbot.
Related Issues (20)
- Custom DNS server for domain resolution only without DNS authentication HOT 2
- Investigate nightly CI failures HOT 1
- --no-auto-renew flag results in manual renew failure with misleading error message HOT 1
- How do I fix Some challenges have failed. HOT 1
- Revocation Reason Should be Requested HOT 1
- Support for Angie (nginx) HOT 2
- certbot-dns-ovh: old DNS entries are not removed, leading to a renewal failure HOT 3
- snapcraft builds: rewrite build_remote.py to be resilient to snapcraft output changes
- upgrade dependencies
- upgrade openssl in our docker images
- stop releasing the windows installer HOT 2
- Look into replacing Boulder tests w/ Pebble tests (or removing it entirely) HOT 4
- live/example.com is not updated atomically HOT 1
- 'dict' object has no attribute 'newNonce'
- Support for mismatched domains for DNS-01 Providers (For CNAME setups) HOT 1
- certbot raises AttributeError("can't set attribute") when it means "too many failed authorizations" HOT 3
- Please prevent old versions of Certbot from appearing in Debian/Ubuntu apt HOT 2
- I m getting the same error i have done everything correct but still don;t know whats wrong ? HOT 1
- Feature Request: Add file extensions to the ACME challenge files
- Feature Request: Add a .txt file extension to the ACME challenge files HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from certbot.