Thanks Jordan for your diligence and an excellent "beside manner" with the Linode support technicians!

// Matt

On Tue, May 27, 2014 at 10:43 AM, Yar <> wrote:
Last week the server had a compromise. We are pretty sure
that it was caused by an outdated Tor which I had stupidly installed
from Ubuntu's repos instead of from Tor was running as
a client and serving some .onion addresses but was not any kind of
relay or middle/exit node.

On Monday (May 19) Linode started getting complaints that our ip
address was scanning parts of the internet for port 22. At that point
we started auditing and upgrading some neglected services. We also
started filtering and logging outgoing iptables. The next day we
caught another scan in progress and realized it was probably the
"debian-tor" user, so we switched to the more up-to-date package from We haven't seen another scan since then.

We will keep most outgoing packets filtered at least until we switch
to a new server. That's going to happen soon, as soon as sudoroom has
a proper debit card. We can open up specific ports meanwhile if you
need them.

The drama is probably over but this is just to let you all know that happened.
sudo-sys mailing list