|
|
| Author |
Message |
rony
Developer/Forum Admin
Joined: 17 Nov 2003
Posts: 5469
Location: Wisconsin, USA
|
 Posted: Mon Nov 03, 2008 10:23 pm Post subject: Concerning Cacti.net Issues in the Month of October |
 |
|
As many of you may have noticed, we have been experiencing some issues with Cacti.net over the month of October.
On October 17th the server that was use to run Cacti.net was compromised and root access was gained. The intrusion was discovered on October 24th and the server was immediately powered down.
If you downloaded Cacti 0.8.7b from the Cacti.net website between Oct 17th and Oct 29th please re-download. There was a poor attempt to introduce a cross site scripting vulnerability on the login page. Yes, shame on us for not catching it, there is no excuse, but the code was faulty and did not work, as some users have experienced. All Cacti related data has been restored from an off site backup take prior to the intrusion.
Cacti.net is now running thanks to the quick work of Ian Berry, Tony Roman and Netwurx. We would like to thank Netwurx for providing us with Co-location and bandwidth on such short notice.
Over the next 2 months Cacti.net will experience some outages as we work to have multiple hosting sites for our websites and code repository. In the coming weeks we will be asking the community to help us out, as we will be in the market for some hardware and potentially some Co-Location space. If you are interested in donating hardware or Co-Location space to the Cacti Group, please email Tony Roman at roman@disorder.com.
Sincerely,
The Cacti Group
Last edited by rony on Sun Dec 14, 2008 11:20 pm; edited 1 time in total |
|
| Back to top |
|
 |
Howie
Cacti Guru User
Joined: 16 Sep 2004
Posts: 2252
Location: United Kingdom
|
| Posted: Tue Nov 04, 2008 3:24 am Post subject: |
|
|
Tony,
I think the link to this from the front page should be a bit more explicit about the tampered downloads. I wouldn't have made the connection between that and 'issues with Cacti.net'...
Also, what are the bandwidth/space (physical and disk) requirements for cacti.net, for those of us who might be able to donate colo? |
|
| Back to top |
|
|
rony
Developer/Forum Admin
Joined: 17 Nov 2003
Posts: 5469
Location: Wisconsin, USA
|
| Posted: Tue Nov 04, 2008 8:00 am Post subject: |
|
|
Thank Howie,
Main page Cacti.net page updated to reflect more information.
Concerning Co-location and bandwidth, please email roman@disorder.com. It's easier for me to sort through it all in one place. |
|
| Back to top |
|
|
mrnoodle
Cacti User
Joined: 02 Apr 2006
Posts: 53
|
| Posted: Wed Nov 05, 2008 3:07 pm Post subject: |
|
|
| Is there a specific file or files that we can check to see if it has the "bad" code in it? I downloaded Cacti recently but I would rather run a diff on one or 2 of the files to see if I need to replace the entire directory. |
|
| Back to top |
|
|
rony
Developer/Forum Admin
Joined: 17 Nov 2003
Posts: 5469
Location: Wisconsin, USA
|
| Posted: Wed Nov 05, 2008 5:39 pm Post subject: |
|
|
lib/auth.php
I don't have access to my diff for code specifics, but that is the modified file. |
|
| Back to top |
|
|
felix9x
Joined: 23 Oct 2008
Posts: 2
|
| Posted: Wed Nov 19, 2008 10:27 am Post subject: Diff |
|
|
Please provide a diff of the exploited code.
Its not practical to ask people to replace their code especially for those that have installed the plug-in architecture or made other config changes afterwards. |
|
| Back to top |
|
|
rony
Developer/Forum Admin
Joined: 17 Nov 2003
Posts: 5469
Location: Wisconsin, USA
|
| Posted: Wed Nov 19, 2008 10:52 am Post subject: |
|
|
Replace and repatch lib/auth.php
That is the only file affected. |
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Register
Profile
Log in to check your private messages
Log in
