Great, thanks Jason – yes, the particular rootkit that was used on the previous Linux instance was written specifically for Linux but of course that’s not an assumption that a Windows box won’t be affected by another vulnerability, so we are certainly taking it seriously. Great to know the Hazelcast issue at least will be resolved.
Is there a minimum recommended version we should be upgrading to from a security standpoint? I only ask since I’m not under any illusions about it being a seamless and smooth process with so many versions to get through and in case we have trouble along the way, I just wondered if we could say, aim for a minimum of version 2.xx as urgent with anything above that for now being bonus. Lastly, I had trouble finding older versions of the software online and since I’m likely going to do this one version at a time, is there somewhere I can find a list of instructions on moving from one version to the next starting at 2.16 as well as the .war files? Regards Ed From: Jason Pickering [mailto:[email protected]] Sent: Friday, 28 July 2017 12:21 PM To: Edward Robinson <[email protected]> Cc: dhis2-users <[email protected]> Subject: Re: [Dhis2-users] Hazelcast instance not active Hi Edward, The security issues I am referring to are related to vulnerabilities in component libraries of DHIS2, as you note. They have nothing to due with the underlying operating system itself, so even if you move to Windows, you will not be any safer, as the vulnerabilities exist in the DHIS2 software itself. Perhaps moving your server prevented the attack from happening again? Regardless, Hazelcast is no longer in use, so I think once you upgrade, that problem should disappear. Regards, Jason On Fri, Jul 28, 2017 at 12:16 PM, Edward Robinson <[email protected]<mailto:[email protected]>> wrote: Hi Jason, indeed, upgrading the instance is very high on the priority list. This is a server that we have taken over. It had been compromised previously on Linux with a well known bitcoin mining zero-day vulnerability affecting out of date struts instances. That has since been sorted out. A second server running Windows has not been affected. We had migrated this machine to a Windows box as a short term solution since the zero-day script was written to specifically target Linux. Since Upgrading is a time consuming process, we are scheduling it for ‘as soon as possible’ beginning this weekend. It will happen off-line, incrementally, until we are up to date but it’s not likely to be complete in the next few days. For now, is there anything obviously amiss in the reported output from ‘about DHIS2’? Thanks! Ed From: Jason Pickering [mailto:[email protected]<mailto:[email protected]>] Sent: Friday, 28 July 2017 11:58 AM To: Edward Robinson <[email protected]<mailto:[email protected]>> Cc: dhis2-users <[email protected]<mailto:[email protected]>> Subject: Re: [Dhis2-users] Hazelcast instance not active Hi Edward, You would be well advised to upgrade that instance as soon as possible. There are number of very serious security issues which have been fixed in later versions, but not as far as I know, as far back as 2.16. It would not surprise me at all of your server had been compromised, which might explain why this is happening. I would carefully check the server logs for any strange activity, but would recommend that you upgrade to a later version as soon as possible, where a number of security problems have been recently rectified. Regards, Jason On Fri, Jul 28, 2017 at 11:55 AM, Edward Robinson <[email protected]<mailto:[email protected]>> wrote: For reference, this is my setup according to the ‘about DHIS2’ page: [cid:[email protected]] From: Dhis2-users [mailto:dhis2-users-bounces+erobinson<mailto:dhis2-users-bounces%2Berobinson>[email protected]<mailto:[email protected]>] On Behalf Of Edward Robinson Sent: Friday, 28 July 2017 11:48 AM To: dhis2-users <[email protected]<mailto:[email protected]>> Subject: [Dhis2-users] Hazelcast instance not active For the past two days I’ve woken up to this after logging in to DHIS2 (2.16) on Windows: HTTP Status 500 - Hazelcast instance is not active! I’m not sure what’s causing it and I need to investigate the logs but I wondered if anything obvious comes to mind from the user group – has anyone else experienced this and what should I look out for? I’ll reboot the server (sorts it out) and continue with some urgent work then investigate what may be causing this. Thanks! Ed _______________________________________________ Mailing list: https://launchpad.net/~dhis2-users Post to : [email protected]<mailto:[email protected]> Unsubscribe : https://launchpad.net/~dhis2-users More help : https://help.launchpad.net/ListHelp -- Jason P. Pickering email: [email protected]<mailto:[email protected]> tel:+46764147049 -- Jason P. Pickering email: [email protected]<mailto:[email protected]> tel:+46764147049
_______________________________________________ Mailing list: https://launchpad.net/~dhis2-users Post to : [email protected] Unsubscribe : https://launchpad.net/~dhis2-users More help : https://help.launchpad.net/ListHelp
