On Monday 2017-04-17 20:19:17 Kern Sibbald wrote: > Hello, > > All the tables are good. However someone emptied it. > > I think this is the command that did it. > > 37.123.133.148 - - [16/Apr/2017:09:19:39 +0100] "POST > /manage_proj_delete.php HTTP/1.1" 200 504 > > Any comments?
I think I found the source of the problem: https://www.mantisbt.org/bugs/view.php?id=22739 https://www.mantisbt.org/bugs/view.php?id=22690 In short: "attackers can hijack accounts if only supplying the user ID and username". Date Submitted: 2017-04-08 10:07 Fixed in Version: 1.3.10 It seems that same goes for 2.3.1. -- Josip Deanovic ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
