On Fri, Mar 11, 2011 at 7:30 PM, Richard Hipp <d...@sqlite.org> wrote:
> The origin of every artifact on a server, including the time it was > received and the IP address from which it was received, is recorded in the > rcvfrom table. The "log" link on the "Admin" pages shows you the most > recent entries. You can use this information in your analysis, and perhaps > determine an IP address (or range of addresses) to banish. You might also > use this to automatically shun much of the damage. This log can also be > used, for example, to see if the damage is coming from an anonymous user on > the open internet, or if it was pushed by someone with write permission on > your repositories. > Thanks for those tips - i'll definitely take a peek. To be on the safe side i'm just going to recreate the repo from known-clean sources. i won't lose any sleep over losing the historical info. There are no other non-default users on that repo, so it must (i assume) have come from the anonymous login. i have verified that the reader role had wiki/ticket write access. anonymous has Reader access, and so was able to hack as he liked. It seems to be simply a problem of lax permissions coupled with a disturbingly good bot. -- ----- stephan beal http://wanderinghorse.net/home/stephan/
_______________________________________________ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
