Article source: http://voipfraud.net/en/node/2815
Hardware Servers Hack Via IPMI.
Recently a number of data centers have been facing up to various attacks/hacks of their hardware servers. The main aim of the hackers is to obtain root access with administrator's rights.
Theoretically, the data centers must secure the provided hardware against given attacks, but in practice - only few of them do.
Though, we'd like to warn all the market players against IPMI hacking that is widespread nowadays.
To hunt and detect the hacker is almost impossible for their making use of various proxy servers.
A recommendation by one of data centers Authorities:
"Related with the cases of servers hacking via IPMI (further reboot and user creating with administrative rights to the OS), and for the security of your server, it's highly recommended to change/update IPMI passwords for security reasons regularly, do not store passwords in your mailbox and/or browsers, as well as make sure you have an updated firmware versions.
There is a real vulnerability: http://fish2.com/ipmi/cipherzero.html
Please update IPMI Firmware to the latest version (there is a link to the IPMI firmware on the website of your motherboard's manufacturer) and change your password (using not less than 15 characters, including numbers, as well as small and capital letters). "
We’d like to add - please do never send passwords via Skype or any other open social apps and systems of communication! Only a single blunder will turn you into hackers' target. Further complaints and blames on your software and/or hardware providers will not compensate your losses.