• v7.8 5aa34af6dc

    a released this 2022-01-28 23:55:50 +00:00 | 30 commits to main since this release

    Yes, we were hacked. It should never have happened, but now we all know that exozyme security needs some improvements. Fortunately the attacker was not able to do anything except for mine cryptocurrency so your accounts should all be safe. Here's a summary of the changes we've made so far:

    • Require SSH keys for SSH logins #103: This will definitely prevent "minecraft"-style hacks from happening again, but make sure you create an SSH key and add it to your account using exohub.

    • Lock down root #103: The root user no longer has a password and cannot be logged into.

    • Better brute-force prevention #104: Pretty self-explanatory, and fortunately, many of our services already have built-in brute force prevention mechanisms.

    • Stronger password requirements #103: This is still a WIP, but we're currently trying to root out weak passwords.

    • Other bug fixes #102: As usual, we also fixed some other security-unrelated bugs.

    Downloads