The Museum of HP Calculators

HP Forum Archive 15

[ Return to Index | Top of Index ]

RIP OpenRPN?
Message #1 Posted by . on 24 Jan 2006, 3:38 a.m.

Either OpenRPN is dead, or their site has been hacked. Have a look

      
Re: RIP OpenRPN?
Message #2 Posted by Eric Smith on 24 Jan 2006, 3:56 a.m.,
in response to message #1 by .

My browser says it needs a plugin. I'm not about to install a plugin just for that; what does the site say?

            
Re: RIP OpenRPN?
Message #3 Posted by Arnaud Amiel on 24 Jan 2006, 4:11 a.m.,
in response to message #2 by Eric Smith

It looks like the site was highjacked and I would certainly not download anything this site wants me to download. Nor give access to the dodgy signed java applet.

Arnaud

            
Re: RIP OpenRPN?
Message #4 Posted by Howard Owen on 24 Jan 2006, 1:35 p.m.,
in response to message #2 by Eric Smith

It's Java it wants. On my i686 Firefox 1.5 on FC4 with the latest JRE, I get "Null Pointer Exception" so you are probably safe even with Java installed, Eric. 8)

      
Re: RIP OpenRPN?
Message #5 Posted by Hugh Evans on 24 Jan 2006, 5:01 a.m.,
in response to message #1 by .

Yes, the site has been hijacked... again. This happens from time to time. Everything should be up and running later today.

-Hugh

            
Re: RIP OpenRPN?
Message #6 Posted by Eric Smith on 24 Jan 2006, 5:45 p.m.,
in response to message #5 by Hugh Evans

What OS and web server are you running on your server?

                  
Re: RIP OpenRPN?
Message #7 Posted by Les Bell on 24 Jan 2006, 6:05 p.m.,
in response to message #6 by Eric Smith

Looks like:

Apache/2.0.49 (Unix) mod_perl/1.99_08 Perl/v5.8.0 mod_ssl/2.0.49 OpenSSL/0.9.7d PHP/4.3.4 DAV/2

running on Linux, to me. With PostNuke as the CMS. Postnuke has a long and dishonorable history of SQL injection, cross-site scripting, directory traversal and other vulnerabilities. Apache 2's mod_dav has had its own problems, too.

Best,

--- Les
[http://www.lesbell.com.au]

                        
Re: RIP OpenRPN?
Message #8 Posted by Geir Isene on 25 Jan 2006, 1:18 a.m.,
in response to message #7 by Les Bell

PostNuke is a fork of PHPNuke (which has a remarkably bad security track - I used to have my Site on PHPNuke until I was defaced twice).

I would recommend moving to another CMS - like Typo3, Plone, EZ Publish or Wordpress (even Trac is suitable although it has a very different feature set).

                              
CMS software
Message #9 Posted by Eric Smith on 25 Jan 2006, 2:14 a.m.,
in response to message #8 by Geir Isene

I agree. I've had good results with Plone (general CMS), Wordpress (blog), and MediaWiki (wiki), and they seem to have relatively few security problems.

I'm considering using Trac for a software-related site, but I need it to integrate with a remote Subversion server, and last I checked it could only use a local one.

                                    
Trac
Message #10 Posted by Geir Isene on 25 Jan 2006, 4:59 a.m.,
in response to message #9 by Eric Smith

You are right about that:

trac-with-a-remote-subversion-repository?

[ Return to Index | Top of Index ]

Go back to the main exhibit hall