[EMAIL PROTECTED] wrote: > [EMAIL PROTECTED] wrote: --snip--
> As far as I can tell, the machine was compromised on 2006-09-02. So it was compromised for over a month. > Irritatingly we didn't find out until just after logrotate had deleted > the logs for around the time of the attack. Murphy strikes again. :-( > It wasn't a very subtle rootkit -- installing a version of netstat with > different command line options, for example... > > > 5. Verifying that such a thing has not happened can be very > > difficult, particularly if the date and other details of the > > compromise cannot be accurately determined. > > I guess you should find out from the author of whatever you downloaded > what the checksums should have been for what you downloaded and check > that against what you downloaded. > > If you don't still have the downloaded files, I can tell you what the > md5's of the files in the back up are. I don't think that would help in the case of Pywin32 since the Sourceforge dates for build 210 are 9/22. I emailed Mark Hammond but have not heard anything back yet. > > 6. Many organisations give image and pr a higher priority > > than the safety of their customers/users and wave off security > > breechs with "don't worry, everything is fine. We're sure > > nothing has been touched" when in fact they have no idea. > > There is no organization behind python.net. > > I am a volunteer. I help run python.net in my spare time. Organizations do not have to be formal or official to exhibit similar behavior. > > 7. I have seen no public statements or information about > > this leading me to wonder about the stuation and how it's > > being handled, hence my seeking of further information. > > I'm sorry, I'm busy trying to get the server going again. I understand, and appreciate your (and the other people involved) efforts. I know it must be a royal pain in the ass. But I am still responsible for the code I (and my clients) run so I had to ask. > > But, I am still completely at a loss why you, he, or anyone, > > based on the information presented so far,.would conclude > > that the python security problem is unrelated. > > Why would it be? For all it's position in the community, there aren't > actually many python web apps running on python.net, certainly not as > root... That's what one would hope but to assume that without better information (such as you just provided) would be foolish. Thanks again for taking the time to answer my questions. -- http://mail.python.org/mailman/listinfo/python-list
