[Labs-l] Suspended instances and phpmyadmin
FastLizard4
fastlizard4 at gmail.com
Wed Feb 27 03:00:25 UTC 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Out of curiosity, is it also disallowed to install the latest version of
phpMyAdmin directly from the phpMyAdmin website?
- --
Signed,
Andrew "FastLizard4" Adams <https://en.wikipedia.org/wiki/User:FastLizard4>
On 2/26/2013 3:29 PM, Ryan Lane wrote:
> phpmyadmin is basically unmaintained in ubuntu. It has a large number of
> very nasty security vulnerabilities that are actively exploited. In the
> case of lucid, there's a spam network that exploits a system fully with
> the version of phpmyadmin that's shipped.
>
> We had a number of instances with phpmyadmin enabled, some of which were
> owned. We've suspended the following instances:
>
> i-0000033a.pmtpa.wmflabs (wikiversity-sandbox-frontend)
>
> i-0000046a.pmtpa.wmflabs (metavidwiki)
>
> i-000003a2.pmtpa.wmflabs (phabricator)
>
> i-00000458.pmtpa.wmflabs (centralauth-frontend)
>
> i-0000048a.pmtpa.wmflabs (glam-gwtoolset-apt)
>
> i-000001d7.pmtpa.wmflabs (resourceloader2-apache)
>
> i-0000039e.pmtpa.wmflabs (blamemaps-m1xsmall)
>
> In addition to disabling these instances, we've also disabled the
> phpmyadmin package. It'll now install a file into
> /var/www/phpmyadmin/index.html saying not to use phpmyadmin.
>
> - Ryan
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlEtdsgACgkQIUvvVwjDo7b8UACgsi5fjR9qmT9E5u5+ZFHhML49
hRkAoItYpCKMTY4qzzH1UfghPoHrUDDo
=MHyD
-----END PGP SIGNATURE-----
More information about the Labs-l
mailing list