[Clipart] Re: openclipart.org hacked? what happened???
Bryce Harrington
bryce at bryceharrington.org
Tue Feb 28 10:29:20 PST 2006
On Tue, Feb 28, 2006 at 10:46:49AM +0200, Nicu Buculei wrote:
> I browsed *all* the subdirectories under clipart_web and i am pretty
> confident there is nothing looking like warez - i.e. large files
> (usually in an archived format, rar or zip, nor mp3, avi, mpg)
Actually, I'm fairly sure we've made it impossible to upload those type
of files into the system itself. More likely would be an exploit in
wordpress or mediawiki that they could use to put files on the server.
But in either case these should have showed up in the access logs, but I
could not find evidence of it. Just our own files being downloaded.
> A wild guess: is possible the increased traffic was due to cchost
> serving instead of thumbnails full size images scaled from html? I guess
> will should find out this by looking in the logs.
I wondered about this too. Google started spidering cchost and that
resulted in a lot of hits, but I think they throttle themselves, and it
was also intermittent, whereas daniels said the traffic he saw was
continuous. So I think kees' theory of it being someone's broken
download client is more likely.
> >Anyhow, the log is viewable here:
> >
> >/var/log/apache2/clipart.freedesktop.org-access.log.1
>
> I asked more than once on this list if f.d.o. provides any log analyzer,
> is situations like this such a tool would be useful, even if it is
> something simple like Webalizer.
That would help a lot. We went through the logs by hand but it's hard
to get a feel for the problem quickly that way.
Bryce
More information about the clipart
mailing list