Message14422

UW-HEP Help System

Issues
Show Unassigned
Show Critical
Show Urgent
Show Resolved
Show Open
Search

Login




Register
Lost your login?

Help
Roundup docs

Author wsmith
Recipients ajit, dan, dasu, help, rader, radtke, wcmaier, wsmith
Date 2008.07.01 08:37
Content
Dear Dan:
Could we remove the web-server? What would be the consequence?
Regards,
Wesley

On Jul 1, 2008, at 3:34 PM, Dan Bradley via UW-HEP Help System wrote:

>
> The condor-hosts ACL does include the web server.  It is just this:
>
>  128.104.28.0
>  128.104.29.0
>  128.105.0.0
>  198.51.254.0
>  198.51.255.0
>  128.104.3.0
>  128.104.202.0
>  128.104.32.0
>  144.92.101.0
>  144.92.180.0
>  144.92.181.0
>  144.92.182.0
>  144.92.183.0
>  128.104.55.0
>
> --Dan
>
> Sridhara Dasu via UW-HEP Help System wrote:
>> Dear Steve,
>>
>> This is quite disturbing.  The loose ACLs (i.e., free write access to
>> all nodes in condor-hosts) were set because we are using that method
>> for shared file system across multiple DNs of GLOW.  I put those
>> directories on web for convenience long ago but I don't really need
>> them now.  Your removing the link is just fine. It appears to me that
>> the "attack" is from one of the condor-hosts as I believe we don't  
>> let
>> the web server post files to our directories, do we?
>>
>> Regards,
>> Sridhara
>>
>> ---------------------------------------------------------------------
>> Prof. Sridhara Rao Dasu                         Department of Physics
>> dasu@hep.wisc.edu                             University of Wisconsin
>> http://www.hep.wisc.edu/~dasu                    4289 Chamberlin Hall
>> 608-262-3678 ( Office )                        1150 University Avenue
>> 408-829-6625 (Wireless)                        Madison, WI 53706, USA
>>
>>
>> On Jun 30, 2008, at 5:50 PM, rader@hep.wisc.edu wrote:
>>
>>
>>> It happened again--the cause was: the index.html I created
>>> *disappeared*!
>>>
>>> It appears the person abusing our system has exploited the
>>> ACLs on /afs/hep.wisc.edu/cms/data/rootFiles.
>>>
>>> Since /afs/hep/home/dasu/www/rootFiles was a symlink to the
>>> directory above, so I just removed it (the symlink.)  The
>>> loadave and the server is okay now.
>>>
>>> On a lark, I checked for "viagra" in the logs and,
>>> alas, found that we served up various URLs of the form
>>> http://www.hep.wisc.edu//dasu/rootFiles/*/viagra about 1500
>>> times during the last 32 days.
>>>
>>> I guess we're okay now, but we should be aware that it seems
>>> there's someobody out there who understands AFS and is
>>> using loose ACLs to "own" us.
>>>
>>> steve
>>> --
>>>
>>
>> ----------
>> status: unread -> chatting
>>
>> ______________________________________
>> UW-HEP Help System <help@hep.wisc.edu>
>> <https://help.hep.wisc.edu/issue5332>
>> ______________________________________
>
> ______________________________________
> UW-HEP Help System <help@hep.wisc.edu>
> <https://help.hep.wisc.edu/issue5332>
> ______________________________________

=====================================================================
| Prof. Wesley H.Smith | Ph: 608-262-4690 or 2281, Fax:608-263-0800 |
| High Energy Physics  | Physics Dept., University of Wisconsin     |
| 4275 Chamberlin Hall | 1150 University Ave.,Madison WI 53706-1390 |
| wsmith@hep.wisc.edu  | http://hep.wisc.edu/wsmith/                |
=====================================================================
History
Date User Action Args
2008-07-01 08:37:07wsmithsetrecipients: + help
2008-07-01 08:37:07wsmithlinkissue5332 messages
2008-07-01 08:37:07wsmithcreate