Menu
▾
▴
Re: [Bacula-devel] Web site down
|
From: Kern S. <ke...@si...> - 2008-10-03 15:43:04
|
On Friday 03 October 2008 16:43:54 Andres Moya wrote: > Can also recommend use some virtualization if it is physical box, > Small isolated container is always easier to maintain. Now VMWare ESXi > coming free, there is also openvz for linux and jails subsystem for BSD. > Even new version of PHP can be issue with bugs in scripts itself Thanks for the suggestions. > > P.S. VMWare especially nice for testing distributed systems like > bacula :) Yes, I use VMware server here to maintain a test farm of a lot of distributions for regression testing ... For us it doesn't make too much sense to put the web server into a VM because of the extra administration, and it is virtually the only thing running on the machine. I do believe that we have the problem under control and the web site is now back up, but it may go up and down a bit as we add additional security ... Regards, Kern > > On Fri, 2008-10-03 at 17:04 +0300, Yuri Timofeev wrote: > > Hm, wesite now is up. > > http://www.bacula.org/ worked. > > > > Do you need assistance in the system administration server? > > I can help. > > > > 2008/10/3 Arno Lehmann <al...@it...>: > > > Hello, > > > > > > we, that is, the team of people caring for the bacula.org web server, > > > noticed an attempted to exposure of information. > > > > > > The attempt succeeded but only got unimportant information. We believe > > > this was just a first scan for possible vulnerabilities. > > > > > > Until we resolve the underlying security problem, the web server will > > > remain down. > > > > > > By the way: The vulnerability uses a well-known feature (or rather, > > > problem) of php. Php is the script language that creates the pages > > > shown to the user. > > > > > > It seems that the script, which was, as far as I can tell, donated by > > > someone a while ago obviously was never checked for security... we do > > > that now, and we will implement procedures to ensure more security > > > auditing before we deploy any software in the future. > > > > > > Thanks for your patience, > > > > > > Arno Lehmann > > > > > > -- > > > Arno Lehmann > > > IT-Service Lehmann > > > Sandstr. 6, 49080 Osnabrück > > > www.its-lehmann.de > > > > > > ----------------------------------------------------------------------- > > >-- This SF.Net email is sponsored by the Moblin Your Move Developer's > > > challenge Build the coolest Linux based applications with Moblin SDK & > > > win great prizes Grand prize is a trip for two to an Open Source event > > > anywhere in the world > > > http://moblin-contest.org/redirect.php?banner_id=100&url=/ > > > _______________________________________________ > > > Bacula-devel mailing list > > > Bac...@li... > > > https://lists.sourceforge.net/lists/listinfo/bacula-devel > > ------------------------------------------------------------------------- > This SF.Net email is sponsored by the Moblin Your Move Developer's > challenge Build the coolest Linux based applications with Moblin SDK & win > great prizes Grand prize is a trip for two to an Open Source event anywhere > in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ > _______________________________________________ > Bacula-devel mailing list > Bac...@li... > https://lists.sourceforge.net/lists/listinfo/bacula-devel |