Re: Raphael Hertzog 2006-09-06 <20060906102554.GL13426@ouaza.com> > Alioth's web server was unavailable for most of the 5th of september. It was > simply stopped because we discovered that some script kiddies were running an > IRC proxy. After thorough investigation, we discovered that they exploited a > pmwiki security hole[1] to deface some web pages, to install some malicious php > pages which in turn were used to setup the IRC proxy. [...] > On a related matter, we're preparing the move of Alioth to a new (and bigger) > machine (called wagner.debian.org), and we'll make use of that opportunity to > further strengthen the security measures as well as add more security checks. In that light, wouldn't it make sense to keep svn.debian.org separate from the highly exposed http://*.alioth.debian.org services? Christoph -- cb@df7cb.de | http://www.df7cb.de/
Attachment:
signature.asc
Description: Digital signature