[CentOS] CentOS-announce Digest, Vol 53, Issue 3
centos-announce-request at centos.org
centos-announce-request at centos.orgSat Jul 4 16:00:02 UTC 2009
- Previous message: [CentOS] modern motherboard for centos-5
- Next message: [CentOS] Question on security issue alert from recent centos-announce
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Send CentOS-announce mailing list submissions to centos-announce at centos.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.centos.org/mailman/listinfo/centos-announce or, via email, send a message with subject or body 'help' to centos-announce-request at centos.org You can reach the person managing the list at centos-announce-owner at centos.org When replying, please edit your Subject line so it is more specific than "Re: Contents of CentOS-announce digest..." Today's Topics: 1. Security Notice: Attempted Break-In on www.centos.org (Ralph Angenendt) ---------------------------------------------------------------------- Message: 1 Date: Sat, 4 Jul 2009 03:10:01 +0200 From: Ralph Angenendt <ralph at centos.org> Subject: [CentOS-announce] Security Notice: Attempted Break-In on www.centos.org To: CentOS Announce <centos-announce at centos.org> Message-ID: <20090704011000.GA2002 at br-online.de> Content-Type: text/plain; charset="us-ascii" Subject: Break-In attempt on www.centos.org Dear Users, on Friday evening, July 3rd (UTC) we found a few suspicious files on the CentOS webserver. Upon investigating we found out that the files had been put there through Xoops (the CMS www.centos.org runs on) - and that this was possible due to a an administrative error which has been corrected. As far as we can see there has been no data or binary injected into the system or taken from the system. The machine hasn't been used as a source for sending spam (in the widest possible meaning) either. We have been able to identify the source of the attacks, but have not been able to find out if the files have been put there through a compromised user account in the Xoops system. Although we are fairly sure that there has been no such compromise, we have enforced a password expiry on all accounts on the system. wiki.centos.org and bugs.centos.org - though being on the same machine - have not been affected by this. All users having an account on www.centos.org need to acquire a new password through the "lost password" system of Xoops. We are terribly sorry for any inconvenience this might cause you and would like to apologize for that. On behalf of the CentOS team, Ralph Angenendt -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: not available Url : http://lists.centos.org/pipermail/centos-announce/attachments/20090704/b369c720/attachment-0001.bin ------------------------------ _______________________________________________ CentOS-announce mailing list CentOS-announce at centos.org http://lists.centos.org/mailman/listinfo/centos-announce End of CentOS-announce Digest, Vol 53, Issue 3 **********************************************
- Previous message: [CentOS] modern motherboard for centos-5
- Next message: [CentOS] Question on security issue alert from recent centos-announce
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list