in reply to Re (tilly) 1: search.cpan.org site attacked? Why?
in thread search.cpan.org site attacked? Why?

With recent high profile but non-destructive attacks on Sourceforge [and] Apache

While this looks bad, these sites were comprimised due to poor administration of Sourceforge, which was claimed to be comprimised through exodus.

So while these may reflect poorly on the software, they should reflect on the Admins. Apache handled the attack well, with quick detection, little downtime, and by making sure their software repository was not affected.

The only thing that I'm curious about is if the attacks are linked in anyway related... was the attacker the same, was access gained via the same method?

Also, If you find a security proplem with a site, why exploit it? Why not let the Admins know, and allow them to fix the problem? I guess I just don't understand why make the attacks at all.

-xPhase

Edit by tye

  • Comment on Re: Re (tilly) 1: search.cpan.org site attacked? Why?

In Section Meditations