There are pretty strong indications that the reactos.com box was cracked. It took part in a DDoS attack. As a consequence, it was isolated from the network. Unfortunately, I'm on vacation right now so I don't have physical access to the box and am unable to fix/reinstall. For the moment, I've moved the mailing lists to a backup box. I am not moving the website, since it seems the attack was carried out via the website (a vulnerability in one of the php script packages we use). I'll put up a dummy page informing visitors. Not sure how far along the release of 0.2.7 is, but I'd like to suggest to put it off for at least another week, until I'm back and can sort things out.
Apologies for the inconvenience, Ge van Geldorp.
Ge van Geldorp wrote:
For the moment, I've moved the mailing lists to a backup box. I am not moving the website, since it seems the attack was carried out via the website (a vulnerability in one of the php script packages we use). I'll put up a dummy page informing visitors.
Am I the only one thinking this is the perfect moment to put up the new static webpage along with the new design *hint hint* ?
Hi Ge
--- Ge van Geldorp gvg@reactos.com wrote:
Apologies for the inconvenience, Ge van Geldorp.
No apologies needed, these things are a fact of life. I think this is a good time for the web team to look at some sort of CMS system that uses generated static content to handle slashdotting and maybe reduce the chance of a future compromise.
Thanks Steven
____________________________________________________ Start your day with Yahoo! - make it your home page http://www.yahoo.com/r/hs
Do you think that the use of newer server software would be an option. I would like to see the new system use some sort of directory service, apache 2.0, PHP, Perl, and POP or IMAP mail provided to users and developers. Something like someone@users.reactos.com, someone@developers.reactos.com, someone@admin.reactos.com, and ros-dev@lists.reactos.com, this would separate the different types of people involved in the project. I think that the lists could even possibly used to link to member email also so if a user sends an email to ros-web@lists.reactos.com the email would go directly to someone-on-the-web-team@admin.reactos.com. This would provide great integration as well as a centralized place to check one's email. Just a few thoughts...
-----Original Message----- From: ros-dev-bounces@reactos.com [mailto:ros-dev-bounces@reactos.com] On Behalf Of Ge van Geldorp Sent: Saturday, July 23, 2005 5:09 AM To: 'ReactOS Development List'; 'ReactOS General List' Subject: [ros-dev] Reactos.com problems
There are pretty strong indications that the reactos.com box was cracked. It took part in a DDoS attack. As a consequence, it was isolated from the network. Unfortunately, I'm on vacation right now so I don't have physical access to the box and am unable to fix/reinstall. For the moment, I've moved the mailing lists to a backup box. I am not moving the website, since it seems the attack was carried out via the website (a vulnerability in one of the php script packages we use). I'll put up a dummy page informing visitors. Not sure how far along the release of 0.2.7 is, but I'd like to suggest to put it off for at least another week, until I'm back and can sort things out.
Apologies for the inconvenience, Ge van Geldorp.
_______________________________________________ Ros-dev mailing list Ros-dev@reactos.com http://reactos.com:8080/mailman/listinfo/ros-dev
I'm back from vacation and intend to reinstall the reactos.com box tomorrow (Sunday morning GMT). It will be some time before all services are back to normal, the IP address is still blocked at the network level and it will probably be Monday evening before it is unblocked. My plan is to reinstall using Fedora Core 4. If anyone doing (or planning to do) active work on the website would prefer another distribution, please email me privately (dont want to start a distribution war here...).
Gé van Geldorp.
-----Original Message----- From: ros-dev-bounces@reactos.com [mailto:ros-dev-bounces@reactos.com] On Behalf Of Ge van Geldorp Sent: Saturday, July 23, 2005 12:09 To: 'ReactOS Development List'; 'ReactOS General List' Subject: [ros-dev] Reactos.com problems
There are pretty strong indications that the reactos.com box was cracked. It took part in a DDoS attack. As a consequence, it was isolated from the network. Unfortunately, I'm on vacation right now so I don't have physical access to the box and am unable to fix/reinstall. For the moment, I've moved the mailing lists to a backup box. I am not moving the website, since it seems the attack was carried out via the website (a vulnerability in one of the php script packages we use). I'll put up a dummy page informing visitors. Not sure how far along the release of 0.2.7 is, but I'd like to suggest to put it off for at least another week, until I'm back and can sort things out.
Apologies for the inconvenience, Ge van Geldorp.
Ros-dev mailing list Ros-dev@reactos.com http://reactos.com:8080/mailman/listinfo/ros-dev
I would like to see FC4 with OpenLDAP, PHP, Perl,IMAP, and MySQL installed. I was thinking someone could do an OpenLDAP implementation of MailMan and a login system, as well as using OpenLDAP in their directory services in their email composition programs. The OpenLDAP implementation would allow the web team, development team, and users. This would allow customization of credentials in the Reactos.com system. If developers need to post code authentication would provide that, I am still working on my site, which will be more of a CMS portal system than what reactos.com once was. My site would also be able to allow people to upload bug fixes for public or private review, documentation library as well as API library based on the one at svn.reactos.com/api(something), it would utilize PHP and MySQL to maintain information about users and statistics, as well as actual page text also. An OpenLDAP implementation of MailMan would be a plus because "developers" ros-dev@reactos.com would be sent to only developers, and sent to a server account that utilized an IMAP protocol, this is easier for one email to be read my multiple people, and not sent to possibly hundreds (just a little aspect of bandwidth conservation). I think if Reactos.com offered email services also much like (MSN, or Hotmail) we would gain some ground in the development field.
What is the actual hardware look like for reactos.com?
Just a rant, Rick Langschultz
-----Original Message----- From: ros-dev-bounces@reactos.com [mailto:ros-dev-bounces@reactos.com] On Behalf Of Ge van Geldorp Sent: Saturday, July 30, 2005 1:03 PM To: 'ReactOS Development List' Subject: RE: [ros-dev] Reactos.com problems
I'm back from vacation and intend to reinstall the reactos.com box tomorrow (Sunday morning GMT). It will be some time before all services are back to normal, the IP address is still blocked at the network level and it will probably be Monday evening before it is unblocked. My plan is to reinstall using Fedora Core 4. If anyone doing (or planning to do) active work on the website would prefer another distribution, please email me privately (dont want to start a distribution war here...).
Gé van Geldorp.
-----Original Message----- From: ros-dev-bounces@reactos.com [mailto:ros-dev-bounces@reactos.com] On Behalf Of Ge van Geldorp Sent: Saturday, July 23, 2005 12:09 To: 'ReactOS Development List'; 'ReactOS General List' Subject: [ros-dev] Reactos.com problems
There are pretty strong indications that the reactos.com box was cracked. It took part in a DDoS attack. As a consequence, it was isolated from the network. Unfortunately, I'm on vacation right now so I don't have physical access to the box and am unable to fix/reinstall. For the moment, I've moved the mailing lists to a backup box. I am not moving the website, since it seems the attack was carried out via the website (a vulnerability in one of the php script packages we use). I'll put up a dummy page informing visitors. Not sure how far along the release of 0.2.7 is, but I'd like to suggest to put it off for at least another week, until I'm back and can sort things out.
Apologies for the inconvenience, Ge van Geldorp.
Ros-dev mailing list Ros-dev@reactos.com http://reactos.com:8080/mailman/listinfo/ros-dev
_______________________________________________ Ros-dev mailing list Ros-dev@reactos.com http://reactos.com:8080/mailman/listinfo/ros-dev
-
Ge van Geldorp -
mf -
Rick Langschultz -
Steven Edwards