phpmyadmin is basically unmaintained in ubuntu. It has a large number of very nasty security vulnerabilities that are actively exploited. In the case of lucid, there's a spam network that exploits a system fully with the version of phpmyadmin that's shipped.
We had a number of instances with phpmyadmin enabled, some of which were owned. We've suspended the following instances: i-0000033a.pmtpa.wmflabs (wikiversity-sandbox-frontend) i-0000046a.pmtpa.wmflabs (metavidwiki) i-000003a2.pmtpa.wmflabs (phabricator) i-00000458.pmtpa.wmflabs (centralauth-frontend) i-0000048a.pmtpa.wmflabs (glam-gwtoolset-apt) i-000001d7.pmtpa.wmflabs (resourceloader2-apache) i-0000039e.pmtpa.wmflabs (blamemaps-m1xsmall) In addition to disabling these instances, we've also disabled the phpmyadmin package. It'll now install a file into /var/www/phpmyadmin/index.html saying not to use phpmyadmin. - Ryan
_______________________________________________ Labs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/labs-l
