I agree that this action was uncalled for.  At best it was not his 
responsibility to take action, and we will consider the appropriate 
repsonse.  Thank you for re-enabling news_admin, etc.

However, the announcement in question must also be considered.  Since it 
does appear to be a violation of our decision made 12-18-2007, it has 
been disabled pending admin discussion.  Please do not post any 
additional news items regarding tine until it has been cleared by at 
least one admin.  The request should be done via email to 
[EMAIL PROTECTED] to ensure that we have each been notified.  I 
don't see how else to handle this without allowing anarchy to persist.

Cornelius Weiss wrote:
> Hi devs,
>
> yesterday at 17:40 CET the egroupware.org website got hijacked by a  
> user named "Lutz Falkenburg".
>
> He managed to disable the newssection and some html blocks on the  
> frontpage and on the news page.
>
> The attack came from a valid egroupware.org account. This user had the  
> technical grants to do so, due to his membership of the groups  
> 'editors' and 'manaual'. He got this memberships about two years ago,  
> cause he offert do translate website and manaual into german language.
>
> However afaik this user never translated stuff, and kept inactive  
> about two years, till yesterday.
> As i was the one, granting this privileges, I applogize for missing to  
> remove the grants after it became clear that this user is mainly a jerk.
>
> In my function as being teamleader of the webmasters team, i  
> deactivated the account and restored our website.
>
> The same user also tried to rampage in the tine forum. We noticed  
> attacs from different IP's which lastely seem to come from the TOR  
> network.
>
> As a result i would like to implement a feature which prevents editing  
> egroupware.org website from TOR network or other known hijacked IP's.  
> If somone knows a PHP library for this task, please let me know.
>
> The atacker is a known jerk from the german users list, famous for  
> verbally attacking developers, admins and supporters of the project.  
> In the last days he uses the absence of ralf and labes himself as  
> 'official project member'. Unfortunally I cant remove him from the  
> lists, as i don't have the lists password. Ralf gave i to me before  
> his vacation last year but i can't find it in my records.
>
> In the next days i'll have a look at the access grants for the  
> egroupware.org website an remove not longer active translaters and  
> editor accounts.
>
> cu
> conny
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Microsoft
> Defy all challenges. Microsoft(R) Visual Studio 2008.
> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> _______________________________________________
> eGroupWare-core mailing list
> eGroupWare-core@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/egroupware-core
>   

-- 
Miles Lott
http://bandmix.com/milosch/


-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
eGroupWare-core mailing list
eGroupWare-core@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/egroupware-core

Reply via email to