Debian server cracked yet again
There has once again been a break-in on a server with Alioth from the Devian project. Since the beginning of the week, script kiddies have been exploiting a publicised hole in PmWiki to plant their own PHP code and thereby install an IRC proxy. Whether further modifications of the system have been successful and which measures have been taken to assess this were not provided in the administrators' posting.
Alioth is an infrastructure server that, like SourceForge, provides Debian projects with resources such as web space, CVS and discussion forums. The server was offline on September 5, although the admins have since lifted the red alarm status. The next step is then to reduce the uncontrolled growth of web applications on the server. All of the project's active web applications are to be inspected and where possible be replaced by pre-fabricated solutions with security support.