Hi Edward, The security issues I am referring to are related to vulnerabilities in component libraries of DHIS2, as you note. They have nothing to due with the underlying operating system itself, so even if you move to Windows, you will not be any safer, as the vulnerabilities exist in the DHIS2 software itself.
Perhaps moving your server prevented the attack from happening again? Regardless, Hazelcast is no longer in use, so I think once you upgrade, that problem should disappear. Regards, Jason On Fri, Jul 28, 2017 at 12:16 PM, Edward Robinson < erobin...@projectbalance.com> wrote: > Hi Jason, indeed, upgrading the instance is very high on the priority > list. This is a server that we have taken over. It had been compromised > previously on Linux with a well known bitcoin mining zero-day vulnerability > affecting out of date struts instances. That has since been sorted out. A > second server running Windows has not been affected. We had migrated this > machine to a Windows box as a short term solution since the zero-day script > was written to specifically target Linux. Since Upgrading is a time > consuming process, we are scheduling it for ‘as soon as possible’ beginning > this weekend. It will happen off-line, incrementally, until we are up to > date but it’s not likely to be complete in the next few days. > > For now, is there anything obviously amiss in the reported output from > ‘about DHIS2’? > > > > Thanks! > > Ed > > > > *From:* Jason Pickering [mailto:jason.p.picker...@gmail.com] > *Sent:* Friday, 28 July 2017 11:58 AM > *To:* Edward Robinson <erobin...@projectbalance.com> > *Cc:* dhis2-users <dhis2-users@lists.launchpad.net> > *Subject:* Re: [Dhis2-users] Hazelcast instance not active > > > > Hi Edward, > > > > You would be well advised to upgrade that instance as soon as possible. > There are number of very serious security issues which have been fixed in > later versions, but not as far as I know, as far back as 2.16. It would not > surprise me at all of your server had been compromised, which might explain > why this is happening. I would carefully check the server logs for any > strange activity, but would recommend that you upgrade to a later version > as soon as possible, where a number of security problems have been recently > rectified. > > > > Regards, > > Jason > > > > > > On Fri, Jul 28, 2017 at 11:55 AM, Edward Robinson < > erobin...@projectbalance.com> wrote: > > For reference, this is my setup according to the ‘about DHIS2’ page: > > > > *From:* Dhis2-users [mailto:dhis2-users-bounces+erobinson= > projectbalance....@lists.launchpad.net] *On Behalf Of *Edward Robinson > *Sent:* Friday, 28 July 2017 11:48 AM > *To:* dhis2-users <dhis2-users@lists.launchpad.net> > *Subject:* [Dhis2-users] Hazelcast instance not active > > > > For the past two days I’ve woken up to this after logging in to DHIS2 > (2.16) on Windows: > > *HTTP Status 500 - Hazelcast instance is not active!* > > I’m not sure what’s causing it and I need to investigate the logs but I > wondered if anything obvious comes to mind from the user group – has anyone > else experienced this and what should I look out for? > > I’ll reboot the server (sorts it out) and continue with some urgent work > then investigate what may be causing this. > > > > Thanks! > > > > Ed > > > > > _______________________________________________ > Mailing list: https://launchpad.net/~dhis2-users > Post to : dhis2-users@lists.launchpad.net > Unsubscribe : https://launchpad.net/~dhis2-users > More help : https://help.launchpad.net/ListHelp > > > > > > -- > > Jason P. Pickering > email: jason.p.picker...@gmail.com > tel:+46764147049 <+46764147049> > -- Jason P. Pickering email: jason.p.picker...@gmail.com tel:+46764147049
_______________________________________________ Mailing list: https://launchpad.net/~dhis2-users Post to : dhis2-users@lists.launchpad.net Unsubscribe : https://launchpad.net/~dhis2-users More help : https://help.launchpad.net/ListHelp
