More specifically, my primary server at home was hacked. It was running Ubuntu 6.06.1, Dapper Drake Server Edition LTS. The server was penetrated at 17:55 on June 29th, 2008:
Jun 29 17:55:54 vault sshd: Accepted password for webcam from 18.104.22.168 port 16754 ssh2
So what happened? Well, apparently a recent OpenSSH update reset my /etc/ssh/sshd_config so my server accepted password authentication. Because the only way into my home network is via VPN (OpenSwan) and SSH, both of which use certificates and public key authentication, I was not too concerned about using strong passwords for accounts inside the network. Unfortunately for me, when sshd decided to accept password authentication attempts I was promptly hacked.
I’ve rebuilt my server using Ubuntu 8.04.1, Hardy Heron Server Edition LTS. I promptly installed OSSEC-HIDS to help prevent something like this from happening again.
Anyway, if you haven’t heard from me in the past few days or if I’ve sounded terse, it is because I’ve been little annoyed at the punk who decided to hack me.