Re: [Jack-Devel] Fwd: Re: jackaudio.org website shut down due to hacking

hi

drupal, wordpress, etc.
in my memories the jackaudio.org size was relatively static, so there's no
strong need for a database and frameworks.

paul, can you dump out the informations of interest in a reasonable format
to read by other tools?

it would be good to have the whole site in a github repository that offers
all the pull/update beauty. pushing a copy of the (verified) static
generated output to jackaudio.org is easy.

the preferred format for the data to render to html would be asciidoc.
easy to write, not a big stack of tools needed to render, well to extend.

if that fits your needs, i'd invest some time to get the existing data
into asciidoc format and help on the deploy scripts.

best regards
tom

On Mon, June 2, 2014 14:54, Paul Davis wrote:
> On Mon, Jun 2, 2014 at 3:45 AM, Graham Goode <[hidden]> wrote:
>
>
>> And if you didn't, here is the WayBackTime Machine's backup from
>> February 2014...
>>
>>
>
> If the issue was just backups, it wouldn't have been much of an issue.
> But
> when I read the break-in/exploit code, it was clear that the people
> responsible had either already modified SQL tables or had the capacity
> too.
>
> Dreamhost makes it more or less impossible to run the web server as
> different user from the owner of static files, and in a case of poor
> system admin, the same SQL user is used for DB access as for DB creation.
>
> So having access to the files/pages/drupal nodes is one thing (we still
> have/had that before the hack, they just added pharma spam), but the site
> was fundamentally unsafe because there is no way of knowing what they put
>  into the DB, or how long ago this crack was added.
>
> --p
> 
> Jack-Devel mailing list
> [hidden]
> http://lists.jackaudio.org/listinfo.cgi/jack-devel-jackaudio.org
>
>

1401745765.18707_0.ltw:2,a <51647225086713a8e84fb5c07e69f866.squirrel at ips73 dot ips dot ch>