Re: Raphael Hertzog 2006-09-06 <[EMAIL PROTECTED]> > Alioth's web server was unavailable for most of the 5th of september. It was > simply stopped because we discovered that some script kiddies were running an > IRC proxy. After thorough investigation, we discovered that they exploited a > pmwiki security hole[1] to deface some web pages, to install some malicious > php > pages which in turn were used to setup the IRC proxy. [...] > On a related matter, we're preparing the move of Alioth to a new (and bigger) > machine (called wagner.debian.org), and we'll make use of that opportunity to > further strengthen the security measures as well as add more security checks.
In that light, wouldn't it make sense to keep svn.debian.org separate from the highly exposed http://*.alioth.debian.org services? Christoph -- [EMAIL PROTECTED] | http://www.df7cb.de/
signature.asc
Description: Digital signature
