[Juser] IMPORTANT: JSF/JabberStudio Service Update

Peter Saint-Andre stpeter at jabber.org
Wed Jan 26 14:49:10 CST 2005

Last week I announced a service outage related to the machine that 
hosts both the www.jabber.org website and the JabberStudio service. 
This message contains further information about the matter.

The machine (hades.jabber.org) was cracked approximately one year ago
by means of an automated rootkit. Based on the evidence of the initial 
investigation by the admin team for this machine, the rootkit was not
used to view or modify any files. Furthermore, we have found no 
evidence of instrusion into the other machines that are part of the
jabber.org infrastructure (e.g., the production jabber server or the
mailing list server). 

The affected machine has been rebuilt and fully locked down, and access
has been restricted to a handful of admins, who are actively working
on the transition to new server machines that the Jabber Software 
Foundation purchased recently.

Developers who use JabberStudio for their projects MUST follow the
instructions posted at http://www.jabberstudio.org/ in order to validate
their code. Only validated code will be restored to JabberStudio! If you
have questions about the JabberStudio service, please direct them to
Thomas Muldowney (a.k.a. temas).

I am working to restore the complete www.jabber.org website, and will do
so as soon as I am comfortable with the security profile of the website
code. Hopefully that will happen by the end of this week, but security
is a higher priority than speed at this point.

Thank you for your patience. Do not hesitate to contact me via email or
Jabber if you have any questions.


Peter Saint-Andre
stpeter at jabber.org

More information about the JUser mailing list