On 17.01.2013 00:47, M.-A. Lemburg wrote: > Unfortunately, the logs for the important Dec 28 > appear to have been overwritten by some other files, so I can't > tell for sure whether the same attack as for the Debian wiki > was used, but it is highly likely: > > http://wiki.debian.org/DebianWiki/SecurityIncident2012 > > The moinexec.py action plugin mentioned there was used on our > wiki VM as well.
Update: A full disk scan revealed more details on the used plugin: I could find a partial .pyc file which included the timestamp Wed Jul 25 16:08:14 2012 GMT If you compare that to the findings of the Debian admins, this suggests that either the plugin was copied over to the server as PYC file (in which case, the timestamp doesn't mean much), or the PYC file was compiled by the Python on the wiki server after a .py file was installed. The latter is more likely given the analysis of the Debian system breach. In other words, the backdoor will likely have been open for several months. Reimar has nearly finished the work on the wiki markup conversion of the HTML files I had extracted from archive.org and yahoo.com. We'll install these on top of the June/Juli 2012 backup of the wiki in the next few days. I also have a number of recovered wiki markup text files from the VM, but without any date or filename information. These can be used for manual recovery of single important pages that were not available in the archive dumps. Note that I cannot simply upload those pages somewhere, because the VM hosted the public wikis as well as the private PSF ones and the files are a mix of all these wikis. -- Marc-Andre Lemburg eGenix.com Professional Python Services directly from the Source (#1, Jan 18 2013) >>> Python Projects, Consulting and Support ... http://www.egenix.com/ >>> mxODBC.Zope/Plone.Database.Adapter ... http://zope.egenix.com/ >>> mxODBC, mxDateTime, mxTextTools ... http://python.egenix.com/ ________________________________________________________________________ 2013-01-22: Python Meeting Duesseldorf ... 4 days to go ::::: Try our mxODBC.Connect Python Database Interface for free ! :::::: eGenix.com Software, Skills and Services GmbH Pastor-Loeh-Str.48 D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg Registered at Amtsgericht Duesseldorf: HRB 46611 http://www.egenix.com/company/contact/ _______________________________________________ pydotorg-www mailing list pydotorg-www@python.org http://mail.python.org/mailman/listinfo/pydotorg-www