[cvsnt] hacked

Javier Godinez godinezj at gmail.com
Tue Sep 26 16:21:19 BST 2006

Community technical support mailing list was retired 2010 and replaced with a professional technical support team. For assistance please contact: Pre-sales Technical support via email to sales@march-hare.com.

Well, the problem is that the hackers have been using the machine (IRC
Bot) longer than I've been working here. It is really pretty sad, from
the logs, I was able to determine that they have been inside for about
six months. I don't think they hacked CVSNT itself, but simply guessed
a password for the postgres account, I am not sure, and no one seems
to know why they postgres account had login access. In any case, they
have asked me to formulate a plan (uh) to cleanse our source code. I
realize that this will be a long and hard task for some of the people
here.

Thanks for your help,

Javier Godinez

On 9/25/06, Andreas Tscharner <andreas.tscharner at metromec.ch> wrote:
> Javier Godinez wrote:
> > We recently had a break in on our CVS Server.
>
> What CVS version? CVS or CVSNT? Was it the CVS(NT) Server program that
> was compromised or the machine, CVS(NT) runs on?
> > Does anyone have any ideas on what options there are to perform a
> > source code audit?
>
> Which source? CVS(NT) source? The source you managed with CVS(NT)?
> > I am looking for tools/services/any ideas on how to attack this problem.
> > If anyone has any guidance, it will be truly appreciated.
>
> http://mixter.void.ru/vulns.html
> is one page.
>
> (I suggest you want to audit your own source code)
> I think you should have some backups of your CVS(NT) repository; in this
> case a simple compare with the "last known good"(tm) version could be a
> solution...
>
> Best regards
>         Andreas
> --
> Andreas Tscharner                          andreas.tscharner at metromec.ch
> ------------------------------------------------------------------------
> And the beast shall come forth surrounded by a roiling cloud of
> vengeance. The house of the unbelievers shall be razed and they shall be
> scorched to the earth. Their tags shall blink until the end of days.
>                                              -- The Book of Mozilla 12:10
> _______________________________________________
> cvsnt mailing list
> cvsnt at cvsnt.org cvsnt downloads at march-hare.com @CVSNT on Twitter CVSNT on Facebook
> http://www.cvsnt.org/cgi-bin/mailman/listinfo/cvsnt https://www.march-hare.com/cvspro/en.asp#downcvs
>

More information about the cvsnt mailing list
Download the latest CVSNT, TortosieCVS, WinCVS etc. for Windows 8 etc.
@CVSNT on Twitter   CVSNT on Facebook