[Haskell-cafe] Status update on {code, trac, projects, planet, community}.haskell.org

On Wed, 2011-02-02 at 01:33 +0000, Duncan Coutts wrote: > All, > > As you will be aware, some of the *.haskell.org websites have been down > recently, specifically: > > code.haskell.org > trac.haskell.org > projects.haskell.org > planet.haskell.org > community.haskell.org [...] > We have not yet re-enabled user login accounts, nor re-enabled access > to code repositories. We will send a further update when these are > re-enabled, or procedures for people to re-enable them are finalised. Logging in ========== We have restored ssh logins for around 250 user accounts (ie darcs push will work). If you are not one of those 250 and you cannot log in then you will need to email support at community.haskell.org. Give your real name, your unix user name and attach your current ssh public key. Once you have logged in ======================= Personal webspace ----------------- public URL: http://code.haskell.org/~$username/ server-side: ~/public_html(-disabled) You will notice that your ~/public_html directory has been renamed to ~/public_html-disabled. There is a slim possibility that the data was altered when the server was compromised. We recommend that you check it first and then to restore use: mv ~/public_html-disabled ~/public_html Code repositories ----------------- public URL: http://code.haskell.org/$projname/ server-side: /srv/code/$projname/ or: /srv/srv-from-nun/code/{checked-failed,checked-strayfiles}/$projname/ Similarly, many code repositories (44) have not been re-enabled. Ones that we could check automatically have already been restored. If the /srv/code/$project directory for your project is empty or missing then you will find it in one of the directories in /srv/srv-from-nun/code/, either checked-failed/ if "darcs check" failed on that repository, or in checked-strayfiles/ if the repository contains extra unrecorded files that we could not check automatically. You should check that you are satisfied that the repository contains just what you expect and then email support at community.haskell.org to ask for it to be moved back to the usual location. Project websites ---------------- public URL: http://projects.haskell.org/$projname/ server-side: /srv/projects/${projname/ or: /srv/srv-from-nun/projects/$projname/ If the /srv/projects/$project directory for your project is empty or missing then will find the project website in /srv/srv-from-nun/projects/$project. You should check that you are satisfied that the website directory contains just what you expect and then email support at community.haskell.org to ask for it to be moved back to the usual location. Explanation =========== We believe that when the server was compromised, the attacker was mainly interested in collecting usernames and passwords. Since we do not use password based logins, we think the attacker was not successful in this. However we are unable to trust any of the ~/.ssh/authorized_keys because the attacker could have modified them to give access at a later date. We were able to verify the ~/.ssh/authorized_keys for around 250 users by comparing the current file against the key that was originally submitted in the account creation request. People who have added keys or changed keys since initial account creation have not had their login access restored and they must resend their current key. For html, css, javascript files etc, there was the slight concern that the attacker may have defaced sites or made malicious files available for download. While we have not found any instance of this so far, we need the help of project owners to check this. Duncan (On behalf of the Haskell infrastructure team)