Re: http://www.dragonflybsd.org/ is hacked??
On Mon, 19 Oct 2009, lhmwzy wrote: http://www.dragonflybsd.org/ DragonFly BSD No i don't think so ! if i understand correctly (iiuc) then it's a wiki and somebody may have spammed the front page. In the IRC log, it appears that corecode|polachok observed this and fixed the front page. thanks Saifi.
Re: http://www.dragonflybsd.org/ is hacked??
Saifi Khan wrote: On Mon, 19 Oct 2009, lhmwzy wrote: http://www.dragonflybsd.org/ DragonFly BSD Thanks for the notice! No i don't think so ! if i understand correctly (iiuc) then it's a wiki and somebody may have spammed the front page. In the IRC log, it appears that corecode|polachok observed this and fixed the front page. It was a defacement through an exploit in ikiwiki, because the markup had not been changed. We're looking into it. cheers simon -- 3 the future +++ RENT this banner advert +++ ASCII Ribbon /\ rock the past +++ space for low CHF NOW!1 +++ Campaign \ / Party Enjoy Relax | http://dragonflybsd.org Against HTML \ Dude 2c 2 the max ! http://golden-apple.biz Mail + News / \
Re: http://www.dragonflybsd.org/ is hacked??
On Mon, 19 Oct 2009, Simon 'corecode' Schubert wrote: Saifi Khan wrote: On Mon, 19 Oct 2009, lhmwzy wrote: http://www.dragonflybsd.org/ DragonFly BSD Thanks for the notice! No i don't think so ! if i understand correctly (iiuc) then it's a wiki and somebody may have spammed the front page. In the IRC log, it appears that corecode|polachok observed this and fixed the front page. It was a defacement through an exploit in ikiwiki, because the markup had not been changed. We're looking into it. cheers simon Hi Simon: In most cases the wiki software does not need to run as root. You mention the possibility of an exploit, the stuff documented at http://ikiwiki.info/security/ talks about a 'pending git backend audit'. thanks Saifi.
Re: http://www.dragonflybsd.org/ is hacked??
Saifi Khan wrote: In most cases the wiki software does not need to run as root. It is not running as root. You mention the possibility of an exploit, the stuff documented at http://ikiwiki.info/security/ talks about a 'pending git backend audit'. Seems polachok raced me with restoring the site, so I had the impression that the html had been changed, but not the mkdn. Seems that was not the case, so no exploit. cheers simon -- 3 the future +++ RENT this banner advert +++ ASCII Ribbon /\ rock the past +++ space for low CHF NOW!1 +++ Campaign \ / Party Enjoy Relax | http://dragonflybsd.org Against HTML \ Dude 2c 2 the max ! http://golden-apple.biz Mail + News / \