[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bacula-devel] Web site down


On Friday 03 October 2008 16:43:54 Andres Moya wrote:
> Can also recommend use some virtualization if it is physical box,
> Small isolated container is always easier to maintain. Now VMWare ESXi
> coming free, there is also openvz for linux and jails subsystem for BSD.
> Even new version of PHP can be issue with bugs in scripts itself

Thanks for the suggestions.

>
> P.S. VMWare especially nice for testing distributed systems like
> bacula :)

Yes, I use VMware server here to maintain a test farm of a lot of 
distributions for regression testing ...

For us it doesn't make too much sense to put the web server into a VM because 
of the extra administration, and it is virtually the only thing running on 
the machine.  

I do believe that we have the problem under control and the web site is now 
back up, but it may go up and down a bit as we add additional security ...

Regards,

Kern



>
> On Fri, 2008-10-03 at 17:04 +0300, Yuri Timofeev wrote:
> > Hm, wesite now is up.
> > http://www.bacula.org/ worked.
> >
> > Do you need assistance in the system administration server?
> > I can help.
> >
> > 2008/10/3 Arno Lehmann <al@xxxxxxxxxxxxxx>:
> > > Hello,
> > >
> > > we, that is, the team of people caring for the bacula.org web server,
> > > noticed an attempted to exposure of information.
> > >
> > > The attempt succeeded but only got unimportant information. We believe
> > > this was just a first scan for possible vulnerabilities.
> > >
> > > Until we resolve the underlying security problem, the web server will
> > > remain down.
> > >
> > > By the way: The vulnerability uses a well-known feature (or rather,
> > > problem) of php. Php is the script language that creates the pages
> > > shown to the user.
> > >
> > > It seems that the script, which was, as far as I can tell, donated by
> > > someone a while ago obviously was never checked for security... we do
> > > that now, and we will implement procedures to ensure more security
> > > auditing before we deploy any software in the future.
> > >
> > > Thanks for your patience,
> > >
> > > Arno Lehmann
> > >
> > > --
> > > Arno Lehmann
> > > IT-Service Lehmann
> > > Sandstr. 6, 49080 Osnabrück
> > > www.its-lehmann.de
> > >
> > > -----------------------------------------------------------------------
> > >-- This SF.Net email is sponsored by the Moblin Your Move Developer's
> > > challenge Build the coolest Linux based applications with Moblin SDK &
> > > win great prizes Grand prize is a trip for two to an Open Source event
> > > anywhere in the world
> > > http://moblin-contest.org/redirect.php?banner_id=100&url=/
> > > _______________________________________________
> > > Bacula-devel mailing list
> > > Bacula-devel@xxxxxxxxxxxxxxxxxxxxx
> > > https://lists.sourceforge.net/lists/listinfo/bacula-devel
>
> -------------------------------------------------------------------------
> This SF.Net email is sponsored by the Moblin Your Move Developer's
> challenge Build the coolest Linux based applications with Moblin SDK & win
> great prizes Grand prize is a trip for two to an Open Source event anywhere
> in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
> _______________________________________________
> Bacula-devel mailing list
> Bacula-devel@xxxxxxxxxxxxxxxxxxxxx
> https://lists.sourceforge.net/lists/listinfo/bacula-devel



-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Bacula-devel mailing list
Bacula-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/bacula-devel


This mailing list archive is a service of Copilotco.