On Monday 2017-04-17 20:19:17 Kern Sibbald wrote: > Hello, > > All the tables are good. However someone emptied it. > > I think this is the command that did it. > > 37.123.133.148 - - [16/Apr/2017:09:19:39 +0100] "POST > /manage_proj_delete.php HTTP/1.1" 200 504 > > Any comments?
I have just checked Mantis's manage_proj_delete.php and core.php files. It seems that they are trying to ensure that the user is logged in and that the user has the privileges to run manage_proj_delete.php so it's either a bug in the Mantis code or the password of a privileged user has been stolen. In either case I am sorry for the lost data and the time that will be spent because of this. I have failed to google-out any recent security issues in Mantis code that would result in data loss. I would suggest to check this Mantis page related to security issues: https://www.mantisbt.org/wiki/doku.php/mantisbt:handling_security_problems -- Josip Deanovic ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
