from Hacker News

OpenWRT Docs "have reason to suspect a security compromise"

by octoluke on 12/5/23, 10:33 PM with 3 comments

  • by outsidein on 12/5/23, 10:38 PM

    jow SysAdmin 8m Update:

    After reviewing the situation we found no indication of any unauthorized access to the system.

    Background:

    During maintenance work to implement performance improvements for the table of hardware (ToH) views on the wiki, which are currently the primary reason for severe system load, we encountered a debug log containing username and passwords of login attempts in clear text.

    What we initially believed to be a malicious modification of the DokuWiki PHP code turned out to be leftover debug code from an earlier wiki migration. We removed the offending debug functionality and purged the related log file. As a precaution, we're going to force a password reset for all users.

    Note that the user database itself contains one-way password hashes and was not compromised, neither did we find an indication of any unauthorized access.

  • by ratsmack on 12/5/23, 10:55 PM

    It seems to me that excursions into various websites has increased this past year. Every day or so someone else reveals that they have been compromised, and these are usually only higher profile sites. One has to wonder what might be the total number of sites that are compromised on any given day.

  • by greyface- on 12/5/23, 11:05 PM

    Returns 404 now, and whatever was there was wasn't captured by web.archive.org or archive.today.