one of our hosted website has been hacked. The website-editors website 
was a leftover of some past experiments of moving to 
Plone. For some reason the service has been kept up and running since 
several months without anyone looking at it, that means two things:

- the software has been left there unmaintained.
- no security fixes have been applied, thus the attackers used a 
  security hole on the Plone software to get access to the server.

We've been looking and reviewing the relevant log files and we 
didn't notice anything strange, but we plan to rebuild the machine 
really soon to be extremely sure no leftovers are there on the box 

The host (socket) currently serves, more details to come 
in the near future when it will be time to switch wgo to a new host.




Debian Developer,
Fedora / EPEL packager,
GNOME Sysadmin,
GNOME Foundation Membership & Elections Committee Chairman


Attachment: signature.asc
Description: Digital signature

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]