subject:"Re\: http\:\/\/www.dragonflybsd.org\/ is hacked\?\?"

Re: http://www.dragonflybsd.org/ is hacked??

2009-10-19 Thread Saifi Khan

On Mon, 19 Oct 2009, lhmwzy wrote:

 http://www.dragonflybsd.org/
 
 DragonFly BSD
 

No i don't think so !

if i understand correctly (iiuc) then it's a wiki and somebody
may have spammed the front page.

In the IRC log, it appears that corecode|polachok observed this
and fixed the front page.


thanks
Saifi.

Re: http://www.dragonflybsd.org/ is hacked??

2009-10-19 Thread Simon 'corecode' Schubert


Saifi Khan wrote:

On Mon, 19 Oct 2009, lhmwzy wrote:


http://www.dragonflybsd.org/

DragonFly BSD


Thanks for the notice!


No i don't think so !

if i understand correctly (iiuc) then it's a wiki and somebody
may have spammed the front page.

In the IRC log, it appears that corecode|polachok observed this
and fixed the front page.


It was a defacement through an exploit in ikiwiki, because the markup 
had not been changed.  We're looking into it.


cheers
  simon

--
  3 the future  +++  RENT this banner advert  +++   ASCII Ribbon   /\
  rock the past  +++  space for low CHF NOW!1  +++ Campaign \ /
Party Enjoy Relax   |   http://dragonflybsd.org  Against  HTML   \
Dude 2c 2 the max   !   http://golden-apple.biz   Mail + News   / \

Re: http://www.dragonflybsd.org/ is hacked??

2009-10-19 Thread Saifi Khan

On Mon, 19 Oct 2009, Simon 'corecode' Schubert wrote:

 Saifi Khan wrote:
  On Mon, 19 Oct 2009, lhmwzy wrote:
  
   http://www.dragonflybsd.org/
   
   DragonFly BSD
 
 Thanks for the notice!
 
  No i don't think so !
  
  if i understand correctly (iiuc) then it's a wiki and somebody
  may have spammed the front page.
  
  In the IRC log, it appears that corecode|polachok observed this
  and fixed the front page.
 
 It was a defacement through an exploit in ikiwiki, because the markup had not
 been changed.  We're looking into it.
 
 cheers
   simon
 

Hi Simon:

In most cases the wiki software does not need to run as root.

You mention the possibility of an exploit, the stuff documented at 
http://ikiwiki.info/security/ talks about a 'pending git backend audit'.


thanks
Saifi.

Re: http://www.dragonflybsd.org/ is hacked??

2009-10-19 Thread Simon 'corecode' Schubert


Saifi Khan wrote:

In most cases the wiki software does not need to run as root.


It is not running as root.

You mention the possibility of an exploit, the stuff documented at 
http://ikiwiki.info/security/ talks about a 'pending git backend audit'.


Seems polachok raced me with restoring the site, so I had the impression 
that the html had been changed, but not the mkdn.  Seems that was not 
the case, so no exploit.


cheers
  simon

--
  3 the future  +++  RENT this banner advert  +++   ASCII Ribbon   /\
  rock the past  +++  space for low CHF NOW!1  +++ Campaign \ /
Party Enjoy Relax   |   http://dragonflybsd.org  Against  HTML   \
Dude 2c 2 the max   !   http://golden-apple.biz   Mail + News   / \

Re: http://www.dragonflybsd.org/ is hacked??

Re: http://www.dragonflybsd.org/ is hacked??

Re: http://www.dragonflybsd.org/ is hacked??

Re: http://www.dragonflybsd.org/ is hacked??

4 matches

Site Navigation

Mail list logo

Footer information