[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Security incident on Alioth and other Alioth news

Re: Raphael Hertzog 2006-09-06 <20060906102554.GL13426@ouaza.com>
> Alioth's web server was unavailable for most of the 5th of september. It was
> simply stopped because we discovered that some script kiddies were running an
> IRC proxy. After thorough investigation, we discovered that they exploited a
> pmwiki security hole[1] to deface some web pages, to install some malicious php
> pages which in turn were used to setup the IRC proxy.
> On a related matter, we're preparing the move of Alioth to a new (and bigger)
> machine (called wagner.debian.org), and we'll make use of that opportunity to
> further strengthen the security measures as well as add more security checks. 

In that light, wouldn't it make sense to keep svn.debian.org separate
from the highly exposed http://*.alioth.debian.org services?

cb@df7cb.de | http://www.df7cb.de/

Attachment: signature.asc
Description: Digital signature

Reply to: