[Gruppo-web] Fwd: Ubuntu Drupal sites down due to security incident
Dario Cavedon
dcavedon a gmail.com
Ven 31 Ott 2014 14:48:21 GMT
Inoltro anche qui un aggiornamento dai sysadmin di Canonical. Poca
roba. Speriamo si diano una mossa.
Dario
---------- Forwarded message ----------
From: Tom Haddon <tom.haddon a canonical.com>
Date: 2014-10-31 10:06 GMT+01:00
Subject: Re: Ubuntu Drupal sites down due to security incident
To: Dario Cavedon <dcavedon a gmail.com>, david.planella a ubuntu.com
Cc: edubuntu-council a lists.ubuntu.com, Consiglio Comunità Ubuntu-it
<consiglio a ubuntu-it.org>, Mailing list del Consiglio della comunità
<consiglio a liste.ubuntu-it.org>
On 31/10/14 08:55, Dario Cavedon wrote:
> Thanks for the email. We would like to provide our users with some
> updates about the progress with the fix. Is there any news?
Hi Dario,
First of all, we're sorry that the service was taken down without
notice. The advisory [1] was issued initially on October 15th, but a
later advisory was issued on October 29th [2]. It's also become clear
from looking at the "Why is it important to update now?" section of
https://www.drupal.org/node/2357241 that systematic attacks began on
drupal sites within 7 hours of the initial advisory being issued on
October 15th. The patch prepared by the Italian loco team was applied on
October 22nd at approximately 23:20, by which time systematic attacks
had been running for almost 7 days.
We therefore took the decision to take all drupal sites offline while we
investigated this. Doing the analysis and getting the site back to a
good state is a non-trivial exercise, but it's our current highest
priority issue. We are doing everything we can to get this and other
sites back up that we unfortunately had to take down as quickly as possible.
We agree the communication could be better, and we apologise for this.
We would also like to continue the discussions around migrating off this
server once we have the service restored as we think that will be
beneficial for both sides, but for the moment we're focusing all our
attention on getting the site back up.
We're currently running "drush drupalgeddon-test" to see if we can
confirm if the site was compromised and what kind of action is necessary
as a result of this. It's come up with what we believe to be some false
positives which seem to be perfectly legitimate files that haven't been
modified since before October 15th (http://css3pie.com/). We're
continuing to look into it and will get the site back up as soon as
we're confident we've understood the scope of the incident.
Thanks, Tom
[1] https://www.drupal.org/SA-CORE-2014-005
[2] https://www.drupal.org/PSA-2014-003
Maggiori informazioni sulla lista
Gruppo-web