[pydotorg-www] [Infrastructure] [PSF-Members] Wiki news?

M.-A. Lemburg mal at egenix.com
Fri Jan 18 11:06:29 CET 2013 

On 17.01.2013 00:47, M.-A. Lemburg wrote:
> Unfortunately, the logs for the important Dec 28
> appear to have been overwritten by some other files, so I can't
> tell for sure whether the same attack as for the Debian wiki
> was used, but it is highly likely:
> 
> http://wiki.debian.org/DebianWiki/SecurityIncident2012
> 
> The moinexec.py action plugin mentioned there was used on our
> wiki VM as well.

Update:

A full disk scan revealed more details on the used plugin:
I could find a partial .pyc file which included the timestamp

Wed Jul 25 16:08:14 2012 GMT

If you compare that to the findings of the Debian admins,
this suggests that either the plugin was copied over to
the server as PYC file (in which case, the timestamp doesn't
mean much), or the PYC file was compiled by the Python on
the wiki server after a .py file was installed. The latter
is more likely given the analysis of the Debian system breach.

In other words, the backdoor will likely have been open for
several months.

Reimar has nearly finished the work on the wiki markup conversion
of the HTML files I had extracted from archive.org and yahoo.com.

We'll install these on top of the June/Juli 2012 backup of
the wiki in the next few days.

I also have a number of recovered wiki markup text files from
the VM, but without any date or filename information. These can
be used for manual recovery of single important pages that
were not available in the archive dumps.

Note that I cannot simply upload those pages somewhere, because
the VM hosted the public wikis as well as the private PSF ones
and the files are a mix of all these wikis.

-- 
Marc-Andre Lemburg
eGenix.com

Professional Python Services directly from the Source  (#1, Jan 18 2013)
>>> Python Projects, Consulting and Support ...   http://www.egenix.com/
>>> mxODBC.Zope/Plone.Database.Adapter ...       http://zope.egenix.com/
>>> mxODBC, mxDateTime, mxTextTools ...        http://python.egenix.com/
________________________________________________________________________
2013-01-22: Python Meeting Duesseldorf ...                  4 days to go

::::: Try our mxODBC.Connect Python Database Interface for free ! ::::::

   eGenix.com Software, Skills and Services GmbH  Pastor-Loeh-Str.48
    D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
           Registered at Amtsgericht Duesseldorf: HRB 46611
               http://www.egenix.com/company/contact/

More information about the pydotorg-www mailing list