Cacti (home)ForumsDocumentation
Cacti: offical forums and support
It is currently Mon Jun 26, 2017 10:39 am

All times are UTC - 5 hours




Post new topic This topic is locked, you cannot edit posts or make further replies.  [ 7 posts ] 
Author Message
 Post subject: Concerning Cacti.net Issues in the Month of October
PostPosted: Mon Nov 03, 2008 10:23 pm 
Offline
Developer/Forum Admin
User avatar

Joined: Mon Nov 17, 2003 6:35 pm
Posts: 5948
Location: Michigan, USA
As many of you may have noticed, we have been experiencing some issues with Cacti.net over the month of October.

On October 17th the server that was use to run Cacti.net was compromised and root access was gained. The intrusion was discovered on October 24th and the server was immediately powered down.

If you downloaded Cacti 0.8.7b from the Cacti.net website between Oct 17th and Oct 29th please re-download. There was a poor attempt to introduce a cross site scripting vulnerability on the login page. Yes, shame on us for not catching it, there is no excuse, but the code was faulty and did not work, as some users have experienced. All Cacti related data has been restored from an off site backup take prior to the intrusion.

Cacti.net is now running thanks to the quick work of Ian Berry, Tony Roman and Netwurx. We would like to thank Netwurx for providing us with Co-location and bandwidth on such short notice.

Over the next 2 months Cacti.net will experience some outages as we work to have multiple hosting sites for our websites and code repository. In the coming weeks we will be asking the community to help us out, as we will be in the market for some hardware and potentially some Co-Location space. If you are interested in donating hardware or Co-Location space to the Cacti Group, please email Tony Roman at roman@tonyroman.us.

Sincerely,

The Cacti Group

_________________
Tony Roman
Experience is what causes a person to make new mistakes instead of old ones.
There are only 3 way to complete a project: Good, Fast or Cheap, pick two.
With age comes wisdom, what you choose to do with it determines whether or not you are wise.


Last edited by rony on Sun Dec 14, 2008 11:20 pm, edited 1 time in total.

Top
 Profile  
 
 Post subject:
PostPosted: Tue Nov 04, 2008 3:24 am 
Offline
Cacti Guru User
User avatar

Joined: Thu Sep 16, 2004 5:53 am
Posts: 5111
Location: United Kingdom
Tony,

I think the link to this from the front page should be a bit more explicit about the tampered downloads. I wouldn't have made the connection between that and 'issues with Cacti.net'...

Also, what are the bandwidth/space (physical and disk) requirements for cacti.net, for those of us who might be able to donate colo?

_________________
Weathermap 0.98 is out! & QuickTree 0.2. Superlinks is over there now.
Some Other Cacti tweaks, including strip-graphs, icons and snmp/netflow stuff.
(Let me know if you have UK DevOps or Network Ops opportunities, too!)


Top
 Profile  
 
 Post subject:
PostPosted: Tue Nov 04, 2008 8:00 am 
Offline
Developer/Forum Admin
User avatar

Joined: Mon Nov 17, 2003 6:35 pm
Posts: 5948
Location: Michigan, USA
Thank Howie,

Main page Cacti.net page updated to reflect more information.

Concerning Co-location and bandwidth, please email roman@tonyroman.us. It's easier for me to sort through it all in one place.

_________________
Tony Roman
Experience is what causes a person to make new mistakes instead of old ones.
There are only 3 way to complete a project: Good, Fast or Cheap, pick two.
With age comes wisdom, what you choose to do with it determines whether or not you are wise.


Top
 Profile  
 
 Post subject:
PostPosted: Wed Nov 05, 2008 3:07 pm 
Offline
Cacti User

Joined: Sun Apr 02, 2006 3:56 pm
Posts: 61
Is there a specific file or files that we can check to see if it has the "bad" code in it? I downloaded Cacti recently but I would rather run a diff on one or 2 of the files to see if I need to replace the entire directory.


Top
 Profile  
 
 Post subject:
PostPosted: Wed Nov 05, 2008 5:39 pm 
Offline
Developer/Forum Admin
User avatar

Joined: Mon Nov 17, 2003 6:35 pm
Posts: 5948
Location: Michigan, USA
lib/auth.php

I don't have access to my diff for code specifics, but that is the modified file.

_________________
Tony Roman
Experience is what causes a person to make new mistakes instead of old ones.
There are only 3 way to complete a project: Good, Fast or Cheap, pick two.
With age comes wisdom, what you choose to do with it determines whether or not you are wise.


Top
 Profile  
 
 Post subject: Diff
PostPosted: Wed Nov 19, 2008 10:27 am 
Offline

Joined: Thu Oct 23, 2008 11:35 am
Posts: 2
Please provide a diff of the exploited code.

Its not practical to ask people to replace their code especially for those that have installed the plug-in architecture or made other config changes afterwards.


Top
 Profile  
 
 Post subject:
PostPosted: Wed Nov 19, 2008 10:52 am 
Offline
Developer/Forum Admin
User avatar

Joined: Mon Nov 17, 2003 6:35 pm
Posts: 5948
Location: Michigan, USA
Replace and repatch lib/auth.php

That is the only file affected.

_________________
Tony Roman
Experience is what causes a person to make new mistakes instead of old ones.
There are only 3 way to complete a project: Good, Fast or Cheap, pick two.
With age comes wisdom, what you choose to do with it determines whether or not you are wise.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic This topic is locked, you cannot edit posts or make further replies.  [ 7 posts ] 

All times are UTC - 5 hours


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  

Protected by Anti-Spam ACP Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group