perfSONAR User Q&A and Other Discussion

["Wang, Yu" <>]

 

Our security team alerted us that our perfsonar box was hacked and defaced and may contain harmful contents. The defacer left their names on cacti graphs ‘settings’ page:

 

 

After investigations, I found out that our server and mysql database were not compromised. The ‘defacer’ used ‘Cacti Graphs’ link to get to cacti guest page. Then went to ‘settings’; checked ‘Use Custom Fonts’; typed in their names and clicked ‘Save’.  

 

Since we have separate cacti server for our network, we never used cacti that came with perfsonar and left it with default configurations (allow guest access to graphs). I randomly checked several perfsonar sites and they all have this settings. My question is “Should we remove/disable guest access or disable ‘Cacti Graphs’ link by default?” Although this kind of action does no damage to server and database, it does put frowns on my supervisor’s face. Not mention I had to put down everything and spend a few hours to check server, database, and logs.

 

I am installing a couple of new perfsonar servers and cacti will not be included.

 

Thank you.

 

Yu Wang

____________________________

Network Architect

Information Technology Services

The Florida State University

850-645-6810