ProHoster > Блог > Kev tswj hwm > dockerhub hacked

dockerhub hacked

dockerhub hacked

Ob peb teev dhau los, qee cov neeg siv ntawm DockerHub tau xa email nrog cov ntsiab lus hauv qab no:

"Hnub Thursday, Plaub Hlis 25, 2019, peb tau tshawb pom qhov tsis raug tso cai nkag mus rau ib qho ntawm DockerHub databases, uas khaws qee cov ntaub ntawv tsis yog nyiaj txiag rau cov neeg siv. Thaum tshawb pom, peb tam sim ntawd tau ua txhua kauj ruam tsim nyog los tiv thaiv cov neeg siv cov ntaub ntawv.

Thiab tam sim no peb xav qhia cov ntaub ntawv uas peb tuaj yeem nrhiav tau thaum lub sijhawm tshawb nrhiav, suav nrog cov nyiaj DockerHub tau cuam tshuam dab tsi thiab lawv cov tswv yuav tsum ua li cas tam sim no.

Nov yog qhov peb tau tswj kom paub tias:

Thaum lub sijhawm luv luv ntawm kev nkag mus rau DockerHub cov ntaub ntawv tsis pub lwm tus paub, cov ntaub ntawv tsis pub lwm tus paub ntawm kwv yees li 190 tus lej (tsawg dua 000% ntawm cov neeg siv kev pabcuam) tuaj yeem raug nthuav tawm. Cov ntaub ntawv suav nrog cov npe siv thiab tus password hashes ntawm ib feem me me ntawm cov neeg siv saum toj no, nrog rau GitHub thiab BitBucket tokens siv rau lub thawv ntim khoom siv.

Yuav ua li cas tam sim no:

- Peb thov kom cov neeg siv hloov cov passwords ntawm DockerHub thiab lwm tus account siv tib lo lus zais.

- Cov neeg siv uas siv cov kev tsim kho tsis siv neeg uas yuav raug cuam tshuam los ntawm qhov no tau rov pib dua tokens thiab nkag mus rau cov yuam sij. Peb kuj hais kom lawv xyuas lawv cov chaw cia khoom rau ib qho kev ua ub ua no tsis ntev los no.

- Txhawm rau nrhiav seb yuav tshuaj xyuas cov haujlwm tsis txaus ntseeg ntawm koj tus lej GitHub thiab BitBucket li cas hauv 24 teev dhau los, ua raws cov kev txuas help.github.com/en/articles/reviewing-your-security-log и bitbucket.org/blog/new-audit-logs-give-you-the-who-what-when-and-where

- Qhov no tuaj yeem cuam tshuam koj cov kev tsim kho tam sim no los ntawm peb qhov kev pabcuam pib tsim. Tej zaum koj kuj yuav xav tau unlink thiab relink koj cov nyiaj GitHub thiab BitBucket. Qhov no yog sau kom meej ntawm no. docs.docker.com/docker-hub/builds/link-source

Peb, nyob rau hauv lem, yuav txhim kho peb cov kev ruaj ntseg systems thiab tshuaj xyuas peb cov cai. Peb kuj tau teeb tsa cov kev ntsuas ntxiv txhawm rau taug qab cov haujlwm tsis raug cai yav tom ntej.

Peb tseem tab tom tshawb xyuas qhov xwm txheej thiab yuav hloov kho koj thaum muaj cov ntsiab lus ntxiv. "

Raws li ib txwm muaj, peb xyuas peb tus kheej xa ntawv, peb cov nyiaj hauv cov kev pabcuam qhia, thiab rov tsim cov passwords. Peb yuav hloov kho cov ntawv tshaj tawm no thaum muaj cov ntaub ntawv tshiab.

Tsuas yog cov neeg siv sau npe tuaj yeem koom nrog hauv daim ntawv ntsuam xyuas. Kos npe rau hauvthov.

Koj puas tau txais tsab ntawv zoo sib xws?

  • Yog

  • Tsis

  • Kuv tsis muaj DockerHub account

26 cov neeg siv pov npav. 2 cov neeg siv tau txwv.

Tau qhov twg los: www.hab.com

Ntxiv ib saib