Page 1 of 1
Meteoplug server down and possibly hacked?!
Posted: Sun Aug 22, 2021 8:54 am
by gcams
I woke this morning to find my meteoplug stations offline. When I went to connect to meteoplug I see the following very disturbing message:
- Screenshot 2021-08-22 075324.png (9.76 KiB) Viewed 8834 times
Has MeteoPlug been hacked?
Edit: I believe the issue started only about 2 hours ago. Meteoplug went dark around 6:14am UK time (05:14 UTC) based on my logs, etc. Furthermore, it appears the meteoplug server has been hit with the
JungleSec ransomware.
Re: Meteoplug server down and possibly hacked?!
Posted: Sun Aug 22, 2021 9:46 am
by frabey
Scheint ein etwas größeres Problem zu sein.
Eine kurze Antwort von Boris wäre nicht schlecht.
Re: Meteoplug server down and possibly hacked?!
Posted: Mon Aug 23, 2021 7:59 am
by gcams
Is there any update on this situation? I see the meteoplug webpage is back online, but weather data services are all still down?
Re: Meteoplug server down and possibly hacked?!
Posted: Mon Aug 23, 2021 8:11 am
by bubulino
Hi gcams
meteoplug.com ist NICHT online (jedenfalls bei mir nicht).
Mir ist klar, dass die ganze Energie in das Reparieren des Systems gesteckt wird. Dennoch sollte man sich als Betreiber und Hersteller 2 Minuten Zeit nehmen und hier im Forum informieren. Insbesondere, weil wir Wiederverkäufer DUTZENDE Mails beantworten müssen. Den Kunden mitzuteilen: "Eigentlich weiss ich nichts" ist absolut nicht cool.
Grüsse Bubulino
Re: Meteoplug server down and possibly hacked?!
Posted: Mon Aug 23, 2021 10:13 am
by gcams
bubulino wrote: ↑Mon Aug 23, 2021 8:11 am
meteoplug.com is NOT online (at least not for me).
You are correct, the meteoplug service is not online for me either. Sorry if my post was confusing, I just meant the wiki had been put back online. e.g.
https://wiki.meteoplug.com/wiki/index.php/Introduction
But the actual Meteoplug application itself is still offline for me too.
Re: Meteoplug server down and possibly hacked?!
Posted: Mon Aug 23, 2021 5:44 pm
by bubulino
48h blackout without ANY Information
Sorry, this is a NoGo.
Re: Meteoplug server down and possibly hacked?!
Posted: Mon Aug 23, 2021 6:59 pm
by admin
As I am on vacation it will take until Monday next week to have physical access to the server again.
Currently I cannot login, to check details. I will post here, when I have more clarity.
Re: Meteoplug server down and possibly hacked?!
Posted: Tue Aug 24, 2021 7:49 am
by gcams
Thanks for the update Boris!
For folks watching this thread, Boris has made a comprehensive announcement here in case you've not seen it:
viewtopic.php?f=63&t=15893
Re: Meteoplug server down and possibly hacked?!
Posted: Tue Aug 24, 2021 2:30 pm
by admin
We have now closed the IPMI backdoor via remote operations. Next step will be to restore from backups, which are complete disk images. Looks like the ransomware encryption did not have worked on these as we talk about files with 2 TB size. There are still things that can go southwards (when backups are somehow impacted although it does not look like this so far). Stay tuned on this unwanted drama how good fights evil.
Re: Meteoplug server down and possibly hacked?!
Posted: Tue Aug 24, 2021 4:16 pm
by Rutishauser
Danke für den Einsatz, ich drücke die Daumen!
Viel Erfolg!
