-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Out of curiosity, is it also disallowed to install the latest version of phpMyAdmin directly from the phpMyAdmin website? - -- Signed, Andrew "FastLizard4" Adams <https://en.wikipedia.org/wiki/User:FastLizard4>
On 2/26/2013 3:29 PM, Ryan Lane wrote: > phpmyadmin is basically unmaintained in ubuntu. It has a large number of > very nasty security vulnerabilities that are actively exploited. In the > case of lucid, there's a spam network that exploits a system fully with > the version of phpmyadmin that's shipped. > > We had a number of instances with phpmyadmin enabled, some of which were > owned. We've suspended the following instances: > > i-0000033a.pmtpa.wmflabs (wikiversity-sandbox-frontend) > > i-0000046a.pmtpa.wmflabs (metavidwiki) > > i-000003a2.pmtpa.wmflabs (phabricator) > > i-00000458.pmtpa.wmflabs (centralauth-frontend) > > i-0000048a.pmtpa.wmflabs (glam-gwtoolset-apt) > > i-000001d7.pmtpa.wmflabs (resourceloader2-apache) > > i-0000039e.pmtpa.wmflabs (blamemaps-m1xsmall) > > In addition to disabling these instances, we've also disabled the > phpmyadmin package. It'll now install a file into > /var/www/phpmyadmin/index.html saying not to use phpmyadmin. > > - Ryan -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlEtdsgACgkQIUvvVwjDo7b8UACgsi5fjR9qmT9E5u5+ZFHhML49 hRkAoItYpCKMTY4qzzH1UfghPoHrUDDo =MHyD -----END PGP SIGNATURE----- _______________________________________________ Labs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/labs-l
