[CentOS-announce] Security Notice: Attempted Break-In on www.centos.org

Sat Jul 4 01:10:01 UTC 2009
Ralph Angenendt <ralph at centos.org>

Subject: Break-In attempt on www.centos.org

Dear Users,

on Friday evening, July 3rd (UTC) we found a few suspicious files on the
CentOS webserver. Upon investigating we found out that the files had
been put there through Xoops (the CMS www.centos.org runs on) - and that
this was possible due to a an administrative error which has been

As far as we can see there has been no data or binary injected into the
system or taken from the system. The machine hasn't been used as a
source for sending spam (in the widest possible meaning) either. 

We have been able to identify the source of the attacks, but have not
been able to find out if the files have been put there through a
compromised user account in the Xoops system. 

Although we are fairly sure that there has been no such compromise, we
have enforced a password expiry on all accounts on the system.

wiki.centos.org and bugs.centos.org - though being on the same machine -
have not been affected by this.

All users having an account on www.centos.org need to acquire a new
password through the "lost password" system of Xoops.

We are terribly sorry for any inconvenience this might cause you and
would like to apologize for that.

On behalf of the CentOS team,

Ralph Angenendt
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: <http://lists.centos.org/pipermail/centos-announce/attachments/20090704/b369c720/attachment-0004.sig>