Hi, one of our hosted website has been hacked. The website-editors website was a leftover of some past experiments of moving www.gnome.org to Plone. For some reason the service has been kept up and running since several months without anyone looking at it, that means two things: - the software has been left there unmaintained. - no security fixes have been applied, thus the attackers used a security hole on the Plone software to get access to the server. We've been looking and reviewing the relevant log files and we didn't notice anything strange, but we plan to rebuild the machine really soon to be extremely sure no leftovers are there on the box anymore. The host (socket) currently serves www.gnome.org, more details to come in the near future when it will be time to switch wgo to a new host. -- Cheers, Andrea Debian Developer, Fedora / EPEL packager, GNOME Sysadmin, GNOME Foundation Membership & Elections Committee Chairman Homepage: http://people.gnome.org/~av
Attachment:
signature.asc
Description: Digital signature