French hoster hacked via Shellshock bug in Bash

Eight hundred servers hosted by French hosting company OVH were hacked using the Shellshock vulnerability in Bash. Then the servers launched an internal ddos ​​attack, which resulted in an overloaded network.

The 800 hacked servers were housed in OVH’s data center in Roubaix. It is unclear whether these are 800 physical or virtual servers, and who was responsible for their security, OVH itself or one of its customers. It is clear that the attackers entered via Shellshock, a vulnerability in Bash that allows attackers to run their own code on a system. In the case of the OVH hack, you could do that as root.

The hacked servers then launched an internal DDOs attack on an OVH data center in Beauharnois, Canada. That attack generated 100 gigabits per second of traffic, while OVH’s connection between its French and Canadian data centers can handle up to 60 gigabits per second. As a result, the internal network of the hoster became clogged, OVH itself says on its status page.

The data center even had to be cut off from the rest of the network. It is unknown how long the problems lasted in total and how many websites were down as a result. It is also not clear how the eight hundred hacked servers are now.

It is not the first time that the Shellshock bug has been exploited in practice by attackers: at the beginning of October, criminals had already managed to break into servers of Yahoo, Lycos and Winzip in this way. The vulnerability is especially dangerous in servers that connect to the Internet and call the shell.