Open Tree of Life update on April downtime
4 views
Skip to first unread message
Mark Holder
Apr 11, 2020, 11:21:06 PM4/11/20
to opentre...@googlegroups.com
Hello,
Today (Apr 11 in the afternoon US time) several of the Open Tree of Life web-servers were compromised by hackers. We are assessing the vulnerability, and think that it is probably in one of the web frameworks that we are using. We have taken the servers offline. We'll be bringing the servers back online after we complete a security audit.
The attack appears to be a part of exploiting servers for a denial of service attack, rather than an attack specifically targeted on the Open Tree of Life project.
As you know, if you have curated a phylogenetic study or used Open Tree's comment system, we don't maintain a database of users. Rather we rely on GitHub web authentication to associate curation and comments made by users with their GitHub user names. Out of an abundance of caution, we have revoked all of the user permission tokens from the Open Tree app. So, when we do have curation re-enabled, you will have to log in and reauthorize Open Tree in order to edit studies.
Feel free to contact us with questions via email or our gitter channel: https://gitter.im/OpenTreeOfLife/public
We apologize for the down-time and the security breach.
Sincerely,
Mark Holder on behalf of the Open Tree of Life team.-
--
Today (Apr 11 in the afternoon US time) several of the Open Tree of Life web-servers were compromised by hackers. We are assessing the vulnerability, and think that it is probably in one of the web frameworks that we are using. We have taken the servers offline. We'll be bringing the servers back online after we complete a security audit.
The attack appears to be a part of exploiting servers for a denial of service attack, rather than an attack specifically targeted on the Open Tree of Life project.
As you know, if you have curated a phylogenetic study or used Open Tree's comment system, we don't maintain a database of users. Rather we rely on GitHub web authentication to associate curation and comments made by users with their GitHub user names. Out of an abundance of caution, we have revoked all of the user permission tokens from the Open Tree app. So, when we do have curation re-enabled, you will have to log in and reauthorize Open Tree in order to edit studies.
Feel free to contact us with questions via email or our gitter channel: https://gitter.im/OpenTreeOfLife/public
We apologize for the down-time and the security breach.
Sincerely,
Mark Holder on behalf of the Open Tree of Life team.-
--
Reply all
Reply to author
Forward
0 new messages