[SAC] LDAP users still being created during maintainance
Frank Warmerdam
warmerdam at pobox.com
Wed May 11 09:05:24 PDT 2016
I did this.
People need to create IDs!
On May 11, 2016 8:46 AM, "Sandro Santilli" <strk at keybit.net> wrote:
> I spotted a new user which was created _after_ we put the form
> back to maintainance mode. The POST was directly done to the
> renamed script. I think the renamed script URL was at some point
> found in the form but I don't know who made the change.
>
> The files modification dates are (UTC):
>
> May 10 06:41 for the renamed script with exposed new url
> May 9 13:39 for the renamed script with no exposed new url
> May 9 18:31 when the form was put in maintainance mode
>
> The POST to renamed script happened 24 hours after the exposed url
>
> 11/May/2016:05:54:01 -0700
>
> And resulted in the creation of a "vvk" user (with .ru email address):
>
> createTimestamp: 20160511125401Z
>
> The POST came from ip 77.242.110.178, which also issued a GET
> for the the renamed-form URL at:
>
> 11/May/2016:05:51:36 -0700
>
> The very first request to the renamed script was issued on
>
> [09/May/2016:22:59:33 -0700] from 173.247.202.130
> That is: May 10 05:59 UTC
>
> For now I removed the execute bit from the disabled script, but let
> me know if it was an "internal" backdoor legitimately used.
>
> --strk;
> _______________________________________________
> Sac mailing list
> Sac at lists.osgeo.org
> http://lists.osgeo.org/mailman/listinfo/sac
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/sac/attachments/20160511/67a1f509/attachment.html>
More information about the Sac
mailing list