El Martes 01 Sep 2009 22:14:10 Mark Pottorff escribió: > You will also want to heed the advice in red on this page: > http://canis.csc.ncsu.edu:8005/anansi_ops/ > ummm, think of what I could have done from there! You are publishing all > the IP addresses and machine names of your participants. And from the users > link, you are publishing all of their EMail addresses. "...hey what's this > send mass email link do??" :) you better lock it up! Force a signon and > don't allow connections to the ops page from off-campus IP addresses. > > Have you incorporated a secure procedure for signing your applications? > http://boinc.berkeley.edu/trac/wiki/CodeSigning
No, he's not using secure code signing. I'm now the proud owner of his private code signing key. Kunsheng, please re-generate keys, lock the _ops page, and remove the PHP-based shell I installed on your server, before I do more harm ;) Preferably block outside access to your webserver *immediately*, until you're done fixing things. -- Nicolas _______________________________________________ boinc_dev mailing list [email protected] http://lists.ssl.berkeley.edu/mailman/listinfo/boinc_dev To unsubscribe, visit the above URL and (near bottom of page) enter your email address.
