[jdev] IMPORTANT: JSF/JabberStudio Service Update
Dan Plesse
dplesse at optonline.net
Wed Jan 26 15:38:13 CST 2005
Thanks for the update peter.
I just found out that under services: Network Functions, service name:
cfgPrn was loading at startup c:\windows\system32\spool\nt\svchost.exe
which was a backdoor. Who and how did [they] do that? I also had a
folder called "USA AutoSpeedTester" with HideRun.exe. Apparently someone
needed to know how fast my connection was too.
-----Original Message-----
From: jdev-bounces at jabber.org [mailto:jdev-bounces at jabber.org] On Behalf Of
Peter Saint-Andre
Sent: Wednesday, January 26, 2005 3:49 PM
To: jdev at jabber.org; jadmin at jabber.org; juser at jabber.org; members at jabber.org
Subject: [jdev] IMPORTANT: JSF/JabberStudio Service Update
Last week I announced a service outage related to the machine that
hosts both the www.jabber.org website and the JabberStudio service.
This message contains further information about the matter.
The machine (hades.jabber.org) was cracked approximately one year ago
by means of an automated rootkit. Based on the evidence of the initial
investigation by the admin team for this machine, the rootkit was not
used to view or modify any files. Furthermore, we have found no
evidence of instrusion into the other machines that are part of the
jabber.org infrastructure (e.g., the production jabber server or the
mailing list server).
The affected machine has been rebuilt and fully locked down, and access
has been restricted to a handful of admins, who are actively working
on the transition to new server machines that the Jabber Software
Foundation purchased recently.
Developers who use JabberStudio for their projects MUST follow the
instructions posted at http://www.jabberstudio.org/ in order to validate
their code. Only validated code will be restored to JabberStudio! If you
have questions about the JabberStudio service, please direct them to
Thomas Muldowney (a.k.a. temas).
I am working to restore the complete www.jabber.org website, and will do
so as soon as I am comfortable with the security profile of the website
code. Hopefully that will happen by the end of this week, but security
is a higher priority than speed at this point.
Thank you for your patience. Do not hesitate to contact me via email or
Jabber if you have any questions.
Peter
--
Peter Saint-Andre
stpeter at jabber.org
_______________________________________________
jdev mailing list
jdev at jabber.org
http://mail.jabber.org/mailman/listinfo/jdev
More information about the JDev
mailing list