Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[eclipse.org-committers] Webmaster update: PHP, Bugzilla problems 
Greetings,

We currently have two infrastructure issues you should be aware about:
1. A Website defacing tool was found installed and operational on one of our servers. The URL parameter on a project's PHP download page wasn't being properly sanitized, and it was exploited to download and execute a defacing tool. Fortunately, no damage was done.
As a result, I've tightened up PHP (again). Among other things, we (collectively) can no longer open URLs (fopen "http://";, include "http://"; ...) and we can no longer write files to the filesystem (except in the designated area).
Also, some tools, such as wget, curl, ping and traceroute have been disabled on our servers.
2. We currently have a serious issue with our master MySQL database server. For some reason, MySQL ceases to process queries, queueing them up until the server exhausts its available connections. As of yet, we do not know the reason for this behaviour, but it seems to happen every 24-72 hours. This affects Bugzilla, the Wiki, and portions of our website that rely on database connectivity to function.
I apologize for the inconvenience (and frustration) this causes, and I'm doing everything I can to make sure the infrastructure is stable and operational (and making sure we don't get 0wn3d). 


If you have any questions or comments, please don't hesitate to contact me.


Denis



--

Eclipse WebMaster - webmaster@xxxxxxxxxxx
Questions? Consult the WebMaster FAQ at http://wiki.eclipse.org/index.php/Webmaster_FAQ 
View my status at http://wiki.eclipse.org/index.php/WebMaster

Back to the top