Yes, the web-server was down for most of the day. Our sys-admins tell me this was a reaction to some enterprising soul who found a way to log himself in. (Memo to people designing search boxes: there should not be any way to cause a search to execute arbitrary perl commands as "apache". That is all.) After failing in his efforts to crack root, he decided we would make a good platform for denial-of-service attacks. (Charming fellow.) Fortunately, this was caught quite early; it could have been much, much worse.
We now resume regular service.
Posted at November 22, 2004 21:37 | permanent link