Pier site change from hacker ?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Pier site change from hacker ?

dario trussardi
Hi,

i have a development site based on Pier3 run on Gemstone environment ( 3.1.0.2 ).

The server is based on Ubuntu server 10.04 LTS.

Now i do some performance test and the site answer at public web request.

Yesterday and today  i have found some pier  page change from ??? one hacker ???


One attached   page changes   report:


Structure Command Date Time User
/missione Edit 01/10/2013 6:40:55 open

/missione Edit 01/09/2013 21:8:20 open

where i note  the user is not set.


The pier is created  from  PRDistribution subclass where the creation instance do:

self rootPage enumerator with; all; do: [ :each | each outgoingReferences do: [ :link | (link isKindOf: PRInternalLink) ifTrue: [ link target: nil ] ]. each securityDecoration owner: self kernel users anyOne. each securityDecoration group: self kernel groups anyOne ].



The Pier user name and password are change by default.

The Gemstone DataCurator and SystemUser  passwords are  change.

Someone considerations about it?

Thanks,

Dario



Reply | Threaded
Open this post in threaded view
|

Re: Pier site change from hacker ?

Dale Henrichs
Dario,

I am not aware of any ways to bypass Pier security ... given that pier artifacts are involved, I assume that they haven't hacked into your system at the os level ... so it has to be coming in through the web ...

I guess that you should make sure that you only have the pier application registered with seaside and that you are using a variant of the WAGemStoneProductionErrorHandler ... if you are using one of the debugging error handlers, then there is the danger that someone can get access to an inspector from the outside world.

Dale

----- Original Message -----
| From: "Dario Trussardi" <[hidden email]>
| To: "beta discussion Gemstone Seaside" <[hidden email]>
| Sent: Thursday, January 10, 2013 2:09:36 AM
| Subject: [GS/SS Beta] Pier site change from hacker ?
|
| Hi,
|
|
| i have a development site based on Pier3 run on Gemstone environment
| ( 3.1.0.2 ).
|
|
| The server is based on Ubuntu server 10.04 LTS.
|
|
| Now i do some performance test and the site answer at public web
| request.
|
|
| Yesterday and today i have found some pier page change from ??? one
| hacker ???
|
|
|
|
| One attached page changes report:
|
|
|
|
| Structure Command Date Time User
|
| /missione Edit 01/10/2013 6:40:55 open
|
|
| /missione Edit 01/09/2013 21:8:20 open
|
|
|
| where i note the user is not set.
|
|
|
|
| The pier is created from PRDistribution subclass where the creation
| instance do:
|
|
| self rootPage enumerator with; all; do: [ :each | each
| outgoingReferences do: [ :link | (link isKindOf: PRInternalLink)
| ifTrue: [ link target: nil ] ]. each securityDecoration owner: self
| kernel users anyOne. each securityDecoration group: self kernel
| groups anyOne ].
|
|
|
|
|
|
| The Pier user name and password are change by default.
|
|
| The Gemstone DataCurator and SystemUser passwords are change.
|
|
|
| Someone considerations about it?
|
|
| Thanks,
|
|
| Dario
|
|
|
|
|
|
|