[Systems] /srv/upload/activities2 was world-writable!

Sam P. sam at sam.today
Mon Feb 15 06:09:37 EST 2016


Just to clarify,

* Changed that folder's perms to 444 (read only for all)
* Some things depend on aslo2 data (socialhelp things, webhook things), so
they need to be migrated
* I don't think that anybody uses the aslo2 service in any real way, but I
will check the nginx logs

On Mon, Feb 15, 2016 at 10:02 PM Sam P. <sam at sam.today> wrote:

> It's for ALSO2, and wow, I thought that I had dodgy stuff happening, but I
> didn't know it was that dodgy.
>
> I'll defiantly invest some time to clean up that mess asap.  (Like kill it)
>
> On Mon, Feb 15, 2016 at 5:46 AM Bernie Innocenti <bernie at codewiz.org>
> wrote:
>
>> What's this directory for, and why was it world-writable?
>>
>> This is very dangerous, people could have abused it to upload warez over
>> anonymous ftp.
>>
>> Anyway, I disabled the ftp service since it seems that these days we're
>> only getting connections from suspicious IPs (most were from china).
>>
>> --
>>  _ // Bernie Innocenti
>>  \X/  http://codewiz.org
>> _______________________________________________
>> Systems mailing list
>> Systems at lists.sugarlabs.org
>> http://lists.sugarlabs.org/listinfo/systems
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sugarlabs.org/archive/systems/attachments/20160215/f5d941ac/attachment.html>


More information about the Systems mailing list