From: Thomas L. <ta...@gm...> - 2012-12-30 13:10:10
|
I got an email today from Google to say that the ROX web-site contained spammy links. On investigation, I found some suspicious files on the server (a .htaccess which redirected things to "image.php", which contained a load of obfuscated PHP). The oldest ctime was Nov 11, 2012. This isn't very surprising; Drupal has regular security vulnerabilities and I don't have time at the moment to keep it properly patched. I have therefore exported the whole site to static HTML (using httrack). I also moved it back to sourceforge.net since, being static, database performance is no longer an issue: http://rox.sourceforge.net/desktop/ There should be no risk of anyone having installed malicious software from the site, since 0install always ensures the GPG signatures are correct when downloading software (and the signing key is not on the server). I will probably move ROX-Filer over to github at some point, along with anything else that needs updating in the future. Hopefully that's the end of it, but let me know if you spot anything suspicious. -- Dr Thomas Leonard http://0install.net/ GPG: 9242 9807 C985 3C07 44A6 8B9A AE07 8280 59A5 3CC1 GPG: DA98 25AE CAD0 8975 7CDA BD8E 0713 3F96 CA74 D8BA |