Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[eclipse.org-committers] Webmaster update: PHP, Bugzilla problems 
Greetings,

We currently have two infrastructure issues you should be aware about:

1. A Website defacing tool was found installed and operational on one of
our servers. The URL parameter on a project's PHP download page wasn't
being properly sanitized, and it was exploited to download and execute a
defacing tool. Fortunately, no damage was done.

As a result, I've tightened up PHP (again). Among other things, we
(collectively) can no longer open URLs (fopen "http://";, include
"http://"; ...) and we can no longer write files to the filesystem
(except in the designated area).

Also, some tools, such as wget, curl, ping and traceroute have been
disabled on our servers.


2. We currently have a serious issue with our master MySQL database
server. For some reason, MySQL ceases to process queries, queueing them
up until the server exhausts its available connections. As of yet, we do
not know the reason for this behaviour, but it seems to happen every
24-72 hours. This affects Bugzilla, the Wiki, and portions of our
website that rely on database connectivity to function.


I apologize for the inconvenience (and frustration) this causes, and I'm
doing everything I can to make sure the infrastructure is stable and
operational (and making sure we don't get 0wn3d).


If you have any questions or comments, please don't hesitate to contact me.


Denis



--

Eclipse WebMaster - webmaster@xxxxxxxxxxx
Questions? Consult the WebMaster FAQ at
http://wiki.eclipse.org/index.php/Webmaster_FAQ
View my status at http://wiki.eclipse.org/index.php/WebMaster

Back to the top