23 Jul
2005
23 Jul
'05
10:08 a.m.
There are pretty strong indications that the reactos.com box was cracked. It
took part in a DDoS attack. As a consequence, it was isolated from the
network. Unfortunately, I'm on vacation right now so I don't have physical
access to the box and am unable to fix/reinstall.
For the moment, I've moved the mailing lists to a backup box. I am not
moving the website, since it seems the attack was carried out via the
website (a vulnerability in one of the php script packages we use). I'll put
up a dummy page informing visitors.
Not sure how far along the release of 0.2.7 is, but I'd like to suggest to
put it off for at least another week, until I'm back and can sort things
out.
Apologies for the inconvenience, Ge van Geldorp.
23 Jul
23 Jul
10:27 a.m.
Ge van Geldorp wrote:
For the moment, I've moved the mailing lists to a
backup box. I am not
moving the website, since it seems the attack was carried out via the
website (a vulnerability in one of the php script packages we use). I'll put
up a dummy page informing visitors.
Am I the only one thinking this is the perfect moment to put up the new
static webpage along with the new design *hint hint* ?
5:26 p.m.
Hi Ge
--- Ge van Geldorp <gvg(a)reactos.com> wrote:
Apologies for the inconvenience, Ge van Geldorp.
No apologies needed, these things are a fact of life. I think this is a good time for the
web team
to look at some sort of CMS system that uses generated static content to handle
slashdotting and
maybe reduce the chance of a future compromise.
Thanks
Steven
____________________________________________________
Start your day with Yahoo! - make it your home page
http://www.yahoo.com/r/hs
6:45 p.m.
Do you think that the use of newer server software would be an option. I
would like to see the new system use some sort of directory service, apache
2.0, PHP, Perl, and POP or IMAP mail provided to users and developers.
Something like someone(a)users.reactos.com, someone(a)developers.reactos.com,
someone(a)admin.reactos.com, and ros-dev(a)lists.reactos.com, this would
separate the different types of people involved in the project. I think that
the lists could even possibly used to link to member email also so if a user
sends an email to ros-web(a)lists.reactos.com the email would go directly to
someone-on-the-web-team(a)admin.reactos.com. This would provide great
integration as well as a centralized place to check one's email. Just a few
thoughts...
-----Original Message-----
From: ros-dev-bounces(a)reactos.com [mailto:ros-dev-bounces@reactos.com] On
Behalf Of Ge van Geldorp
Sent: Saturday, July 23, 2005 5:09 AM
To: 'ReactOS Development List'; 'ReactOS General List'
Subject: [ros-dev] Reactos.com problems
There are pretty strong indications that the reactos.com box was cracked. It
took part in a DDoS attack. As a consequence, it was isolated from the
network. Unfortunately, I'm on vacation right now so I don't have physical
access to the box and am unable to fix/reinstall.
For the moment, I've moved the mailing lists to a backup box. I am not
moving the website, since it seems the attack was carried out via the
website (a vulnerability in one of the php script packages we use). I'll put
up a dummy page informing visitors.
Not sure how far along the release of 0.2.7 is, but I'd like to suggest to
put it off for at least another week, until I'm back and can sort things
out.
Apologies for the inconvenience, Ge van Geldorp.
_______________________________________________
Ros-dev mailing list
Ros-dev(a)reactos.com
http://reactos.com:8080/mailman/listinfo/ros-dev
30 Jul
30 Jul
6:02 p.m.
I'm back from vacation and intend to reinstall the reactos.com box tomorrow
(Sunday morning GMT). It will be some time before all services are back to
normal, the IP address is still blocked at the network level and it will
probably be Monday evening before it is unblocked.
My plan is to reinstall using Fedora Core 4. If anyone doing (or planning to
do) active work on the website would prefer another distribution, please
email me privately (dont want to start a distribution war here...).
Gé van Geldorp.
-----Original Message-----
From: ros-dev-bounces(a)reactos.com
[mailto:ros-dev-bounces@reactos.com] On Behalf Of Ge van Geldorp
Sent: Saturday, July 23, 2005 12:09
To: 'ReactOS Development List'; 'ReactOS General List'
Subject: [ros-dev] Reactos.com problems
There are pretty strong indications that the reactos.com box
was cracked. It took part in a DDoS attack. As a consequence,
it was isolated from the network. Unfortunately, I'm on
vacation right now so I don't have physical access to the box
and am unable to fix/reinstall.
For the moment, I've moved the mailing lists to a backup box.
I am not moving the website, since it seems the attack was
carried out via the website (a vulnerability in one of the
php script packages we use). I'll put up a dummy page
informing visitors.
Not sure how far along the release of 0.2.7 is, but I'd like
to suggest to put it off for at least another week, until I'm
back and can sort things out.
Apologies for the inconvenience, Ge van Geldorp.
_______________________________________________
Ros-dev mailing list
Ros-dev(a)reactos.com
http://reactos.com:8080/mailman/listinfo/ros-dev
6:19 p.m.
I would like to see FC4 with OpenLDAP, PHP, Perl,IMAP, and MySQL installed.
I was thinking someone could do an OpenLDAP implementation of MailMan and a
login system, as well as using OpenLDAP in their directory services in their
email composition programs. The OpenLDAP implementation would allow the web
team, development team, and users. This would allow customization of
credentials in the Reactos.com system. If developers need to post code
authentication would provide that, I am still working on my site, which will
be more of a CMS portal system than what reactos.com once was. My site would
also be able to allow people to upload bug fixes for public or private
review, documentation library as well as API library based on the one at
svn.reactos.com/api(something), it would utilize PHP and MySQL to maintain
information about users and statistics, as well as actual page text also. An
OpenLDAP implementation of MailMan would be a plus because "developers"
ros-dev(a)reactos.com would be sent to only developers, and sent to a server
account that utilized an IMAP protocol, this is easier for one email to be
read my multiple people, and not sent to possibly hundreds (just a little
aspect of bandwidth conservation). I think if Reactos.com offered email
services also much like (MSN, or Hotmail) we would gain some ground in the
development field.
What is the actual hardware look like for reactos.com?
Just a rant,
Rick Langschultz
-----Original Message-----
From: ros-dev-bounces(a)reactos.com [mailto:ros-dev-bounces@reactos.com] On
Behalf Of Ge van Geldorp
Sent: Saturday, July 30, 2005 1:03 PM
To: 'ReactOS Development List'
Subject: RE: [ros-dev] Reactos.com problems
I'm back from vacation and intend to reinstall the reactos.com box tomorrow
(Sunday morning GMT). It will be some time before all services are back to
normal, the IP address is still blocked at the network level and it will
probably be Monday evening before it is unblocked.
My plan is to reinstall using Fedora Core 4. If anyone doing (or planning to
do) active work on the website would prefer another distribution, please
email me privately (dont want to start a distribution war here...).
Gé van Geldorp.
-----Original Message-----
From: ros-dev-bounces(a)reactos.com
[mailto:ros-dev-bounces@reactos.com] On Behalf Of Ge van Geldorp
Sent: Saturday, July 23, 2005 12:09
To: 'ReactOS Development List'; 'ReactOS General List'
Subject: [ros-dev] Reactos.com problems
There are pretty strong indications that the reactos.com box
was cracked. It took part in a DDoS attack. As a consequence,
it was isolated from the network. Unfortunately, I'm on
vacation right now so I don't have physical access to the box
and am unable to fix/reinstall.
For the moment, I've moved the mailing lists to a backup box.
I am not moving the website, since it seems the attack was
carried out via the website (a vulnerability in one of the
php script packages we use). I'll put up a dummy page
informing visitors.
Not sure how far along the release of 0.2.7 is, but I'd like
to suggest to put it off for at least another week, until I'm
back and can sort things out.
Apologies for the inconvenience, Ge van Geldorp.
_______________________________________________
Ros-dev mailing list
Ros-dev(a)reactos.com
http://reactos.com:8080/mailman/listinfo/ros-dev
_______________________________________________
Ros-dev mailing list
Ros-dev(a)reactos.com
http://reactos.com:8080/mailman/listinfo/ros-dev
7125
days inactive
7132
days old
5 comments
4 participants
participants (4)
-
Ge van Geldorp -
mf -
Rick Langschultz -
Steven Edwards