[Labs-l] Suspended instances and phpmyadmin
Ryan Lane
rlane at wikimedia.org
Tue Feb 26 23:29:49 UTC 2013
phpmyadmin is basically unmaintained in ubuntu. It has a large number of
very nasty security vulnerabilities that are actively exploited. In the
case of lucid, there's a spam network that exploits a system fully with the
version of phpmyadmin that's shipped.
We had a number of instances with phpmyadmin enabled, some of which were
owned. We've suspended the following instances:
i-0000033a.pmtpa.wmflabs (wikiversity-sandbox-frontend)
i-0000046a.pmtpa.wmflabs (metavidwiki)
i-000003a2.pmtpa.wmflabs (phabricator)
i-00000458.pmtpa.wmflabs (centralauth-frontend)
i-0000048a.pmtpa.wmflabs (glam-gwtoolset-apt)
i-000001d7.pmtpa.wmflabs (resourceloader2-apache)
i-0000039e.pmtpa.wmflabs (blamemaps-m1xsmall)
In addition to disabling these instances, we've also disabled the
phpmyadmin package. It'll now install a file into
/var/www/phpmyadmin/index.html saying not to use phpmyadmin.
- Ryan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wikimedia.org/pipermail/labs-l/attachments/20130226/e989e677/attachment.html>
More information about the Labs-l
mailing list