Gizmos Freeware Reviews  

Go Back   Gizmo's Freeware Forum > Freeware Forum > Linux

Reply
 
Thread Tools Display Modes
Old 09. Jul 2009, 08:00 AM   #1 (permalink)
Foundation Editor
 
tony's Avatar
 
Join Date: Apr 2008
Location: Lincolnshire (unfortunately)
Posts: 153
Default Centos WARNING

I haven't as yet tried any other Linux been to busy and waiting a while. I had tried Centos as I have tried many to see if I cold get a Linux working on my machine. However as you have guessed it fell at the first fence. BUt, I had an email this morning from them.....
--------------------------------------------------------------------------

on Friday evening, July 3rd (UTC) we found a few suspicious files on the
CentOS webserver. Upon investigating we found out that the files had
been put there through Xoops (the CMS www.centos.org runs on) - and that
this was possible due to a an administrative error which has been
corrected.

As far as we can see there has been no data or binary injected into the
system or taken from the system. The machine hasn't been used as a
source for sending spam (in the widest possible meaning) either.

We have been able to identify the source of the attacks, but have not
been able to find out if the files have been put there through a
compromised user account in the Xoops system.

Although we are fairly sure that there has been no such compromise, we
have enforced a password expiry on all accounts on the system.

wiki.centos.org and bugs.centos.org - though being on the same machine -
have not been affected by this.

The same is true for repositories and packages. The machines handling those
are nowhere near to www.centos.org and cannot be reached from there, either.

All users having an account on www.centos.org need to acquire a new
password through the "lost password" system of Xoops.

We are terribly sorry for any inconvenience this might cause you and
would like to apologize for that.

On behalf of the CentOS team,

Ralph Angenendt
tony is offline   Reply With Quote
Old 09. Jul 2009, 04:41 PM   #2 (permalink)
Senior Member
 
debtboy's Avatar
 
Join Date: May 2009
Location: ~/
Posts: 128
Default

(Ha! Ha! Ha!)
This actually makes sense...

It's difficult to compromise a Linux system after installation,
so they'll get you while downloading, before install.

Just hackers doing what they do...
(finding ways around things)
__________________
[I][B]Linux, the choice of a GNU generation[/B][/I]
debtboy is offline   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT +1. The time now is 12:47 AM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2019, vBulletin Solutions, Inc.