Concerning Cacti.net Issues in the Month of October

Important information about Cacti developments that all users should be interested in.

Moderators: Moderators, Developers

Locked
Author
Message
User avatar
rony
Developer/Forum Admin
Posts: 6016
Joined: Mon Nov 17, 2003 6:35 pm
Location: Michigan, USA
Contact:

Concerning Cacti.net Issues in the Month of October

#1 Post by rony » Mon Nov 03, 2008 10:23 pm

As many of you may have noticed, we have been experiencing some issues with Cacti.net over the month of October.

On October 17th the server that was use to run Cacti.net was compromised and root access was gained. The intrusion was discovered on October 24th and the server was immediately powered down.

If you downloaded Cacti 0.8.7b from the Cacti.net website between Oct 17th and Oct 29th please re-download. There was a poor attempt to introduce a cross site scripting vulnerability on the login page. Yes, shame on us for not catching it, there is no excuse, but the code was faulty and did not work, as some users have experienced. All Cacti related data has been restored from an off site backup take prior to the intrusion.

Cacti.net is now running thanks to the quick work of Ian Berry, Tony Roman and Netwurx. We would like to thank Netwurx for providing us with Co-location and bandwidth on such short notice.

Over the next 2 months Cacti.net will experience some outages as we work to have multiple hosting sites for our websites and code repository. In the coming weeks we will be asking the community to help us out, as we will be in the market for some hardware and potentially some Co-Location space. If you are interested in donating hardware or Co-Location space to the Cacti Group, please email Tony Roman at [email protected].

Sincerely,

The Cacti Group
Last edited by rony on Sun Dec 14, 2008 11:20 pm, edited 1 time in total.
[size=117][i][b]Tony Roman[/b][/i][/size]
[size=84][i]Experience is what causes a person to make new mistakes instead of old ones.[/i][/size]
[size=84][i]There are only 3 way to complete a project: Good, Fast or Cheap, pick two.[/i][/size]
[size=84][i]With age comes wisdom, what you choose to do with it determines whether or not you are wise.[/i][/size]

User avatar
Howie
Cacti Guru User
Posts: 5327
Joined: Thu Sep 16, 2004 5:53 am
Location: United Kingdom
Contact:

#2 Post by Howie » Tue Nov 04, 2008 3:24 am

Tony,

I think the link to this from the front page should be a bit more explicit about the tampered downloads. I wouldn't have made the connection between that and 'issues with Cacti.net'...

Also, what are the bandwidth/space (physical and disk) requirements for cacti.net, for those of us who might be able to donate colo?
Weathermap 0.98 is out! & QuickTree 1.0. Superlinks is over there now (and built-in to Cacti 1.x).
Some Other Cacti tweaks, including strip-graphs, icons and snmp/netflow stuff.
(Let me know if you have UK DevOps or Network Ops opportunities, too!)

User avatar
rony
Developer/Forum Admin
Posts: 6016
Joined: Mon Nov 17, 2003 6:35 pm
Location: Michigan, USA
Contact:

#3 Post by rony » Tue Nov 04, 2008 8:00 am

Thank Howie,

Main page Cacti.net page updated to reflect more information.

Concerning Co-location and bandwidth, please email [email protected]. It's easier for me to sort through it all in one place.
[size=117][i][b]Tony Roman[/b][/i][/size]
[size=84][i]Experience is what causes a person to make new mistakes instead of old ones.[/i][/size]
[size=84][i]There are only 3 way to complete a project: Good, Fast or Cheap, pick two.[/i][/size]
[size=84][i]With age comes wisdom, what you choose to do with it determines whether or not you are wise.[/i][/size]

mrnoodle
Cacti User
Posts: 59
Joined: Sun Apr 02, 2006 3:56 pm

#4 Post by mrnoodle » Wed Nov 05, 2008 3:07 pm

Is there a specific file or files that we can check to see if it has the "bad" code in it? I downloaded Cacti recently but I would rather run a diff on one or 2 of the files to see if I need to replace the entire directory.

User avatar
rony
Developer/Forum Admin
Posts: 6016
Joined: Mon Nov 17, 2003 6:35 pm
Location: Michigan, USA
Contact:

#5 Post by rony » Wed Nov 05, 2008 5:39 pm

lib/auth.php

I don't have access to my diff for code specifics, but that is the modified file.
[size=117][i][b]Tony Roman[/b][/i][/size]
[size=84][i]Experience is what causes a person to make new mistakes instead of old ones.[/i][/size]
[size=84][i]There are only 3 way to complete a project: Good, Fast or Cheap, pick two.[/i][/size]
[size=84][i]With age comes wisdom, what you choose to do with it determines whether or not you are wise.[/i][/size]

felix9x
Posts: 2
Joined: Thu Oct 23, 2008 11:35 am

Diff

#6 Post by felix9x » Wed Nov 19, 2008 10:27 am

Please provide a diff of the exploited code.

Its not practical to ask people to replace their code especially for those that have installed the plug-in architecture or made other config changes afterwards.

User avatar
rony
Developer/Forum Admin
Posts: 6016
Joined: Mon Nov 17, 2003 6:35 pm
Location: Michigan, USA
Contact:

#7 Post by rony » Wed Nov 19, 2008 10:52 am

Replace and repatch lib/auth.php

That is the only file affected.
[size=117][i][b]Tony Roman[/b][/i][/size]
[size=84][i]Experience is what causes a person to make new mistakes instead of old ones.[/i][/size]
[size=84][i]There are only 3 way to complete a project: Good, Fast or Cheap, pick two.[/i][/size]
[size=84][i]With age comes wisdom, what you choose to do with it determines whether or not you are wise.[/i][/size]

Locked