Re: [Jack-Devel] www.jackaudio.org defacement

Prev	Next Index
Date	Sat, 31 Dec 2011 19:31:02 +0200
From	Nedko Arnaudov <[hidden] at arnaudov dot name>
To	Paul Davis <[hidden] at linuxaudiosystems dot com>
Cc	[hidden] at lists dot jackaudio dot org
In-Reply-To	Paul Davis Re: [Jack-Devel] www.jackaudio.org defacement
Follow-Up	Paul Davis Re: [Jack-Devel] www.jackaudio.org defacement

Paul Davis <[hidden]> writes:

> for now, i've switched the user that the website "runs as", but made a
> different user the owner of all the files that comprise the website
> itself. in theory this should prevent web-vectored attacks from
> modifying any files. dreamhost does things slightly oddly AFAICT: i
> think the httpd server itself runs as "nobody" but any CGI scripts are
> executed as a specified user.
>
> i also changed all passwords (including database access passwords etc).
>
> we'll see how well this holds up against the pharma crackers.

http://trac.jackaudio.org/ is broken:

OperationalError: (1045, "Access denied for user 'jackdrupaldb'@'apache2-hok.addisababa.dreamhost.com' (using password: YES)")

-- 
Nedko Arnaudov <GnuPG KeyID: 5D1B58ED>

Prev	Next Index

1325352714.6510_0.ltw:2,a <87pqf4d4x5.fsf at arnaudov dot name>