[Python-Dev] FYI - wiki.python.org compromised

Aluísio Augusto Silva Gonçalves kalug at kalug.net
Tue Jan 8 05:12:59 CET 2013


Can this possibly be related to the exploit on the Debian wiki (
http://lwn.net/Articles/531726/ )?



On Tue, Jan 8, 2013 at 1:38 AM, Brian Curtin <brian at python.org> wrote:
>
> On December 28th, an unknown attacker used a previously unknown remote
> code exploit on http://wiki.python.org/. The attacker was able to get
> shell access as the "moin" user, but no other services were affected.
>
> Some time later, the attacker deleted all files owned by the "moin"
> user, including all instance data for both the Python and Jython
> wikis. The attack also had full access to all MoinMoin user data on
> all wikis. In light of this, the Python Software Foundation encourages
> all wiki users to change their password on other sites if the same one
> is in use elsewhere. We apologize for the inconvenience and will post
> further news as we bring the new and improved wiki.python.org online.
>
> If you have any questions about this incident please contact
> jnoller at python.org. Thank you for your patience.
> _______________________________________________
> Python-Dev mailing list
> Python-Dev at python.org
> http://mail.python.org/mailman/listinfo/python-dev


More information about the Python-Dev mailing list