News | Mail Archive | OS Software Downloads Ad Info ::
Subject: Databases | Java | Linux | Open Source | XML | Data | Tech


Contribute:
· News/Reviews/Release
· Submit a New App!

Misc:
· My Account
· Editorial Feedback
· Logout
Login
 Username
 Password
 Remember me


 Become a Member!
 Login Problems?
News via email
Enter your Email
Recently Updated Mail Archives
jquery-ui
dev.ofbiz.apache.org
fedora-docs-commits
web2py
general
sqlite-users
general.incubator.apache.org
help-liquidwar6-gnu
chromium-reviews
GoogleMapsAPI
users-cxf-apache
RubyonRailsTalk
solr-user.lucene.apache.org
CakePHP
discuss-gnuradio-gnu
jmeter-user.jakarta.apache.org
sap-jobs-sap-faq
ilug-tvm
users-wicket.apache.org
linux-media
Popular Mail Lists: windows linux solaris osx ubuntu fedora enterprise crm ruby python java xml perl php cvs subversion version contol db
database mysql postgresql mobile telephony voip apple apache
all
sitemap (mail)



Posted Sep 07, 2006

Debian Server Hacked

      
From the /Me Shakes Fist dept.:
Alioth's web server was unavailable for most of the 5th of september. It was simply stopped because we discovered that some script kiddies were running an IRC proxy. After thorough investigation, we discovered that they exploited a pmwiki security hole[1] to deface some web pages, to install some malicious php pages which in turn were used to setup the IRC proxy.

Two pmwiki instances have been put offline, the corresponding project administrators are already aware of that.

This security alert is over, however we have way too many projects running some custom-installed web applications. We're going to review everything that is installed and come up with suggestion to use the packaged (and thus security-supported) version of the web applications when possible. We'll probably ask some projects to stop using some web apps and/or to switch to
another supported one.

However, it would be of great help if all project administrators could check what they have installed [2] and remove whatever they are not using. Remember that a service like alioth is of great use for everybody, but its openness is also its weakness: do not forget the security implications of your actions. And if you find something suspicious, please don't hesitate to inform admin@alioth.debian.org.

Migration of Alioth to a new host
---------------------------------

On a related matter, we're preparing the move of Alioth to a new (and bigger)
machine (called wagner.debian.org), and we'll make use of that opportunity to
further strengthen the security measures as well as add more security checks.

This move will let us merge costa.d.o (svn/bzr/arch/git.d.o), and haydn.d.o
(alioth.debian.org) on a single host. This also means that the transition can't
be 100% transparent as we will only keep home directories and cron jobs from
haydn.d.o. The files from costa will be made available on the new host during a
transition period but it wouldn't hurt if you could already clean up your home
directories and put costa files that you'd like to keep on alioth.

There's no fixed date for the move yet, but it's likely to happen in the
upcoming weeks. We'll send another notice in time.

Thanks for your comprehension and for your help!

Raphael H.
on behalf of the Alioth admins

debian-devel-announce
Login/Become a Member! | 0 Comments
Threshold
Comments are owned by the poster. We aren't responsible for their content.


Advertise With Us! | Comments are property of their posters.
Copyrighted (c) 2009, but we're happy to let you use what you wish with attribution. OSDir.com
All logos and trademarks are the property of their respective owners.
OSDir is an inevitable website. super tiny logo | Contact | Privacy Policy

Page created in 0.240182 seconds.