Community
- Command Central
- MVP Program
- Monthly Mission
- Blogs
- Groups
- Events
- Media Vault
Products
- Observability
- Network Management
- Application Management
- IT Security
- IT Service Management
- System Management
- Database Management
Content Exchange
- SolarWinds Platform
- Server & Application Monitor
- Database Performance Analyzer
- Server Configuration Monitor
- Network Performance Monitor
- Network Configuration Manager
- SQL Sentry
- Web Help Desk
Free Tools & Trials

Latest Hack of Serv-U - Any News from SW?

Latest Hack of Serv-U - Any News from SW on the versions, extent, patches, and possible threat evaluation/detection*

*How do we know if we've been hacked unless a hacker tells me?

Yes, today, in case anyone hasn't seen an earlier this year version of Serv-U is reported hacked
https://www.theregister.com/2021/11/10/stor_a_file_ransomware_attack_solarwinds_serv_u/#:~:text=Stor%2Da%2DFile%2C%20a,that%20it%20refused%20to%20pay

Find more posts tagged with

Accepted answers

All comments

calc2014

It looks like this relates to a hack of someone using the old 15.2.3 HF1 which was patched by Solarwinds a while back (HF2). I dont think its a new vulnerability but an article about an old one?

Here is the excerpt from the previous hotfix for this..

=======================================
SolarWinds® Serv-U® 15.2.3.742 HotFix 2
=======================================

This SolarWinds hot fix addresses the following functionality issue:
* Unauthenticated Remote Code Execution in SSH protocol

jeffpahf

calc2014, thanks for the re-post of the link originally provided; those details are understood

the question is...

*How do we know if we've been hacked unless a hacker tells me?

In the article they didn't pay, which means there was an ask/notice from the hacker(s), so how would we know if we've been hacked ahead of time; and in the past this was directed to our AV vendor, but I'm not sure there shouldn't be some component w/in Serv-U to thwart intrusion.

Expanding further, if a file arrives in a Serv-U folder, is there a way w/in Serv-U (by api or other) to document the file arrived and when it leaves has not been altered?

calc2014

Hi @jeffpahf- that would be the same for any software that has had a zero-day vulnerability. If you contact Solarwinds support they will assist you with logs etc to assess this for you.

Not limited to Serv-U, if you wanted to check any file is what you expected when downloading from the internet, you could do a hash check on the file before & after upload/download to ensure it is an exact match. An example of that in PowerShell can be found here, however it would not be a function of a SFTP Server to do this as you may want to also ensure it has not been changed in transit, like the days of standard unencrypted HTTP.