[plug] opensource.wa.gov.au WTF?!

Phillip Twiss phillip.twiss at det.wa.edu.au
Fri Jun 20 16:47:58 WST 2008


Hmmm

	Ok, I tried the web site and its down..

	Wow, greg34 has been busy!!  He's not the only one but seems to be the most prolific.

	DNS still looks correct, anyone ran nmap against it?

	Interestingly enough, the meeting room booking system still seems to be alive and active ( totally different IP range though, now appears to be on a PerthIX IP range ).

	I remember looking at the website a couple of months ago and it was not working then.  Looks like someone used a vulnerability in Zope/Plone to achieve this ( Probably no-one had patched/updated the machine since I handed it over to iVEC in late 2006.  NOTE: this is just my assumption.  I am just guessing at the attack vector after 5 minutes of googling around, it might have been a SQL injection attack, dunno, don't care anymore :} ).

	Also the web page itself had changed, dunno if they reloaded the server ( or even a different server! ) with another version of zope/plone or even some other software

	I haven't tried to trace the dates etc of this hack ( hey :}  not my job anymore :} ) but there seemed to be a few from July 2007 for greg34 in particular.

	As an aside, did anyone from the list attend the event they held either late last year or earlier this year?  Cant remember the dates, that's the last time I saw the web site working :}.

	If you did, how was it?

	Regards

	Phill Twiss

	P.S.  Hi Robby :}  Given up on windows yet?

	

-----Original Message-----
From: plug-bounces at plug.org.au [mailto:plug-bounces at plug.org.au] On Behalf Of Paul Antoine
Sent: Friday, 20 June 2008 3:33 PM
To: plug at plug.org.au
Subject: Re: [plug] opensource.wa.gov.au WTF?!

We don't bite... really!  So you needn't be TOO afraid ;-)

P.

Robby Cribbes wrote:
> Hey Tomasz,
>
> Just in relation to the closure of OSWA, I am aware of this, albeit not the plug archive, but the news page mention you guys got, as well as talking to Phil, before he left.
> However, initially it would appear the OSWA website was hacked, at wherever-it-is, and was used to host warez downloads, then was just subsequently dropped, from what I can see.
>
> However, as to the stupid question point, I fear I may have to 'suck it up' as you may say, and post here. :)
>
> Or even better yet, attend a seminar, and not document my mistakes....(May be good to meet a few new faces.)
>
> Cheers,
>
> Rob
>
>
>
>
>
>
> -----Original Message-----
> From: plug-bounces at plug.org.au [mailto:plug-bounces at plug.org.au] On Behalf Of Tomasz Grzegurzko
> Sent: Friday, 20 June 2008 12:24 PM
> To: plug at plug.org.au
> Subject: Re: [plug] opensource.wa.gov.au WTF?!
>
> On Fri, Jun 20, 2008 at 12:18 PM, Robby Cribbes <Robby at cribbes.com> wrote:
>> Hey Guys,
>>
>> I am yet another long time lurker, and first time poster, and yes, I'm from the so called 'big apple' (from the thread last week or so,) actually not far from CCGS in Claremont. Between my friends I'm referred to as (scary yes) the windows guru of sorts, but also Cisco.--But I'm here for bettering my Linux understanding- as well as interoperability between the OS's.
>>
>> I apologise to the list mods, the previous e-mail I sent to the list, was quarantined, due to an aliasing error on my end, and stupidly I didn't click the right button to delete the original, so it should be in awaiting-approval, and can be deleted please!
>>
>>
>> Anywho, the main reason for my post, is recently I've tried accessing the http://www.opensource.wa.gov.au site, only to be met with a timeout. Ok, not a problem, so I Google it for the cache. Then I find something mentioning greg34, and free software downloads. If I Keep looking I find ads for "free MP3's" and "hot mommas in stockings" or something to that effect, usually put on Asian warez sites(-well not a good sign for a government website). But no website itself. And I can't find anything else in relation Linux, and Perth, apart from basically PLUG.
>>
>> I've dealt with Phil @OSWA a few times, and often would be the subject of questions I would not dare actually post to a mailing list, as I do wish to have a career at some point. Usually to be met nicely with a full explanation of why I'm wrong, and the actual theory behind it.
>>
>>
>> So does anyone here know what's going on with this? Is there another group coming into existence, which I haven't heard about? Or are we basically on our own in this? (Apart from resources already able to be used here in Perth. Albeit without support from the government?)
>>
>>
>>
>> Cheers,
>>
>> Rob
>>
>> Disturbthepeace at iinet.net.au
>> robby at cribbes.com
>>
>
> Sad story about OSWA. You'll find discussions about it in earlier plug
> archives. To cut to the chase, you may have to overcome your fear and
> post to the list when you need Linux help :)
>
> Regards,
> Tomasz
> _______________________________________________
> PLUG discussion list: plug at plug.org.au
> http://www.plug.org.au/mailman/listinfo/plug
> Committee e-mail: committee at plug.linux.org.au
>
> ________________________________________
> This email and any files transmitted with it are confidential and may contain privileged or copyright protected information. You must not present this message to another party without gaining permission from the sender. If you are not the intended recipient you must not copy, distribute or use this email or the information contained in it for any purpose other than to notify us.
>
> If you have received this message in error, please notify the sender immediately, and delete this email from your system. We do not guarantee that this material is free from viruses or any other defects although due care has been taken to minimise the risk.
> _______________________________________________
> PLUG discussion list: plug at plug.org.au
> http://www.plug.org.au/mailman/listinfo/plug
> Committee e-mail: committee at plug.linux.org.au
_______________________________________________
PLUG discussion list: plug at plug.org.au
http://www.plug.org.au/mailman/listinfo/plug
Committee e-mail: committee at plug.linux.org.au




More information about the plug mailing list