[plug] opensource.wa.gov.au WTF?!

Ronald Jones ronald3791 at gmail.com
Fri Jun 20 20:35:23 WST 2008 

On 20/06/2008, at 4:47 PM, Phillip Twiss wrote:

> 	Ok, I tried the web site and its down..
>
> 	Wow, greg34 has been busy!!  He's not the only one but seems to be  
> the most prolific.
>
> 	DNS still looks correct, anyone ran nmap against it?
>
> 	Interestingly enough, the meeting room booking system still seems  
> to be alive and active ( totally different IP range though, now  
> appears to be on a PerthIX IP range ).
>
> 	I remember looking at the website a couple of months ago and it was  
> not working then.  Looks like someone used a vulnerability in Zope/ 
> Plone to achieve this ( Probably no-one had patched/updated the  
> machine since I handed it over to iVEC in late 2006.  NOTE: this is  
> just my assumption.  I am just guessing at the attack vector after 5  
> minutes of googling around, it might have been a SQL injection  
> attack, dunno, don't care anymore :} ).

Yes, the OpensourceWA server is down.

iVEC kept it going, but after the event last year there was no further  
action/funding for it it, and it seemed silly to maintain a web page  
for an organization that did not exist and was getting further out of  
date. And it got hacked :)

The booking system was adopted by the Innovation Centre.

> 	Also the web page itself had changed, dunno if they reloaded the  
> server ( or even a different server! ) with another version of zope/ 
> plone or even some other software
>
> 	I haven't tried to trace the dates etc of this hack ( hey :}  not  
> my job anymore :} ) but there seemed to be a few from July 2007 for  
> greg34 in particular.
>
> 	As an aside, did anyone from the list attend the event they held  
> either late last year or earlier this year?  Cant remember the  
> dates, that's the last time I saw the web site working :}.
>
> 	If you did, how was it?

It was fine.

There was a guy from Google there. One of the most interesting I  
thought was from the National Archives of Australia, and how they were  
using ODF to store documents so they can be read 20-30 years from now.

There is the wrap up from the co-organisers, http://pipka.org/blog/2007/11/05/open-source-wa-symposium-wrap-up/

Ron

>
>
> -----Original Message-----
> From: plug-bounces at plug.org.au [mailto:plug-bounces at plug.org.au] On  
> Behalf Of Paul Antoine
> Sent: Friday, 20 June 2008 3:33 PM
> To: plug at plug.org.au
> Subject: Re: [plug] opensource.wa.gov.au WTF?!
>
> We don't bite... really!  So you needn't be TOO afraid ;-)
>
> P.
>
> Robby Cribbes wrote:
>> Hey Tomasz,
>>
>> Just in relation to the closure of OSWA, I am aware of this, albeit  
>> not the plug archive, but the news page mention you guys got, as  
>> well as talking to Phil, before he left.
>> However, initially it would appear the OSWA website was hacked, at  
>> wherever-it-is, and was used to host warez downloads, then was just  
>> subsequently dropped, from what I can see.
>>
>> However, as to the stupid question point, I fear I may have to  
>> 'suck it up' as you may say, and post here. :)
>>
>> Or even better yet, attend a seminar, and not document my  
>> mistakes....(May be good to meet a few new faces.)
>>
>> Cheers,
>>
>> Rob
>>
>>
>>
>>
>>
>>
>> -----Original Message-----
>> From: plug-bounces at plug.org.au [mailto:plug-bounces at plug.org.au] On  
>> Behalf Of Tomasz Grzegurzko
>> Sent: Friday, 20 June 2008 12:24 PM
>> To: plug at plug.org.au
>> Subject: Re: [plug] opensource.wa.gov.au WTF?!
>>
>> On Fri, Jun 20, 2008 at 12:18 PM, Robby Cribbes <Robby at cribbes.com>  
>> wrote:
>>> Hey Guys,
>>>
>>> I am yet another long time lurker, and first time poster, and yes,  
>>> I'm from the so called 'big apple' (from the thread last week or  
>>> so,) actually not far from CCGS in Claremont. Between my friends  
>>> I'm referred to as (scary yes) the windows guru of sorts, but also  
>>> Cisco.--But I'm here for bettering my Linux understanding- as well  
>>> as interoperability between the OS's.
>>>
>>> I apologise to the list mods, the previous e-mail I sent to the  
>>> list, was quarantined, due to an aliasing error on my end, and  
>>> stupidly I didn't click the right button to delete the original,  
>>> so it should be in awaiting-approval, and can be deleted please!
>>>
>>>
>>> Anywho, the main reason for my post, is recently I've tried  
>>> accessing the http://www.opensource.wa.gov.au site, only to be met  
>>> with a timeout. Ok, not a problem, so I Google it for the cache.  
>>> Then I find something mentioning greg34, and free software  
>>> downloads. If I Keep looking I find ads for "free MP3's" and "hot  
>>> mommas in stockings" or something to that effect, usually put on  
>>> Asian warez sites(-well not a good sign for a government website).  
>>> But no website itself. And I can't find anything else in relation  
>>> Linux, and Perth, apart from basically PLUG.
>>>
>>> I've dealt with Phil @OSWA a few times, and often would be the  
>>> subject of questions I would not dare actually post to a mailing  
>>> list, as I do wish to have a career at some point. Usually to be  
>>> met nicely with a full explanation of why I'm wrong, and the  
>>> actual theory behind it.
>>>
>>>
>>> So does anyone here know what's going on with this? Is there  
>>> another group coming into existence, which I haven't heard about?  
>>> Or are we basically on our own in this? (Apart from resources  
>>> already able to be used here in Perth. Albeit without support from  
>>> the government?)
>>>
>>>
>>>
>>> Cheers,
>>>
>>> Rob
>>>
>>> Disturbthepeace at iinet.net.au
>>> robby at cribbes.com
>>>
>>
>> Sad story about OSWA. You'll find discussions about it in earlier  
>> plug
>> archives. To cut to the chase, you may have to overcome your fear and
>> post to the list when you need Linux help :)
>>
>> Regards,
>> Tomasz
>> _______________________________________________
>> PLUG discussion list: plug at plug.org.au
>> http://www.plug.org.au/mailman/listinfo/plug
>> Committee e-mail: committee at plug.linux.org.au
>>
>> ________________________________________
>> This email and any files transmitted with it are confidential and  
>> may contain privileged or copyright protected information. You must  
>> not present this message to another party without gaining  
>> permission from the sender. If you are not the intended recipient  
>> you must not copy, distribute or use this email or the information  
>> contained in it for any purpose other than to notify us.
>>
>> If you have received this message in error, please notify the  
>> sender immediately, and delete this email from your system. We do  
>> not guarantee that this material is free from viruses or any other  
>> defects although due care has been taken to minimise the risk.
>> _______________________________________________
>> PLUG discussion list: plug at plug.org.au
>> http://www.plug.org.au/mailman/listinfo/plug
>> Committee e-mail: committee at plug.linux.org.au
> _______________________________________________
> PLUG discussion list: plug at plug.org.au
> http://www.plug.org.au/mailman/listinfo/plug
> Committee e-mail: committee at plug.linux.org.au
>
> _______________________________________________
> PLUG discussion list: plug at plug.org.au
> http://www.plug.org.au/mailman/listinfo/plug
> Committee e-mail: committee at plug.linux.org.au

More information about the plug mailing list