perfSONAR User Q&A and Other Discussion

[Jason Zurawski <>]

All;

The mail in question is in the archive:

https://lists.internet2.edu/sympa/arc/perfsonar-user/2014-04/msg00122.html

Thanks;

-jason

On Jun 17, 2014, at 4:22 PM, Andrew Lake 
<>
 wrote:

> Hi,
> 
> As a current workaround, I had luck following instructions sent around when 
> a Cacti CVE was announced a few months back. See the forwarded message 
> below. In theory any box updated since then should not need these patches, 
> so we need to find out what else is happening. In the meantime, below 
> should hopefully do the trick.
> 
> Thanks,
> Andy
> 
>  
> 
> On Jun 17, 2014, at 4:39 PM, "Wang, Yu" 
> <>
>  wrote:
> 
>>  
>> Our security team alerted us that our perfsonar box was hacked and defaced 
>> and may contain harmful contents. The defacer left their names on cacti 
>> graphs ‘settings’ page:
>>  
>> <image001.png>
>>  
>> After investigations, I found out that our server and mysql database were 
>> not compromised. The ‘defacer’ used ‘Cacti Graphs’ link to get to cacti 
>> guest page. Then went to ‘settings’; checked ‘Use Custom Fonts’; typed in 
>> their names and clicked ‘Save’.  
>>  
>> Since we have separate cacti server for our network, we never used cacti 
>> that came with perfsonar and left it with default configurations (allow 
>> guest access to graphs). I randomly checked several perfsonar sites and 
>> they all have this settings. My question is “Should we remove/disable 
>> guest access or disable ‘Cacti Graphs’ link by default?” Although this 
>> kind of action does no damage to server and database, it does put frowns 
>> on my supervisor’s face. Not mention I had to put down everything and 
>> spend a few hours to check server, database, and logs.
>>  
>> I am installing a couple of new perfsonar servers and cacti will not be 
>> included.
>>  
>> Thank you.
>>  
>> Yu Wang
>> ____________________________
>> Network Architect
>> Information Technology Services
>> The Florida State University
>> 850-645-6810
>>