DragonFly users List (threaded) for 2009-10
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]

Re: http://www.dragonflybsd.org/ is hacked??

From:	Saifi Khan <saifi.khan@xxxxxxxxxxxxxxx>
Date:	Mon, 19 Oct 2009 17:22:19 +0530 (IST)

On Mon, 19 Oct 2009, Simon 'corecode' Schubert wrote:

> Saifi Khan wrote:
> > On Mon, 19 Oct 2009, lhmwzy wrote:
> > 
> > > http://www.dragonflybsd.org/
> > > 
> > > DragonFly BSD
> 
> Thanks for the notice!
> 
> > No i don't think so !
> > 
> > if i understand correctly (iiuc) then it's a wiki and somebody
> > may have spammed the front page.
> > 
> > In the IRC log, it appears that corecode|polachok observed this
> > and fixed the front page.
> 
> It was a defacement through an exploit in ikiwiki, because the markup had not
> been changed.  We're looking into it.
> 
> cheers
>   simon
> 

Hi Simon:

In most cases the wiki software does not need to run as root.

You mention the possibility of an exploit, the stuff documented at 
http://ikiwiki.info/security/ talks about a 'pending git backend audit'.

thanks
Saifi.

Follow-Ups:
- Re: http://www.dragonflybsd.org/ is hacked??
  - From: "Justin C. Sherrill" <justin@shiningsilence.com>
- Re: http://www.dragonflybsd.org/ is hacked??
  - From: "Simon 'corecode' Schubert" <corecode@fs.ei.tum.de>

References:
- http://www.dragonflybsd.org/ is hacked??
  - From: lhmwzy <lhmwzy@gmail.com>
- Re: http://www.dragonflybsd.org/ is hacked??
  - From: Saifi Khan <saifi.khan@datasynergy.org>
- Re: http://www.dragonflybsd.org/ is hacked??
  - From: "Simon 'corecode' Schubert" <corecode@fs.ei.tum.de>

[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]