samples-server icon indicating copy to clipboard operation
samples-server copied to clipboard
verified publisher icon mdn

Update Apache / SSH Config

Open luciusbono opened this issue 6 years ago • 3 comments

Mozilla infosec noticed that the MDN Code Samples service is running a vulnerable version of Apache (2.4.6) and an SSH config that's a little outside of what our suggested configuration is. https://www.shodan.io/host/52.0.70.144

From talking with @a2sheppy, it sounds like the instance automatically updates when it's rebooted, so it's likely that a reboot will bring Apache up to date. For the SSH config, we recommend the "Modern" configuration file specified in our suggested configuration guide.

If you need any help or assistance getting this instance cleaned up, don't hesitate to let me know and I'll make sure you get whatever resources you need!

https://github.com/mdn/samples-server AWS Account: cloudservices-aws-dev InstanceID: i-42a595fc

luciusbono avatar Mar 12 '19 20:03 luciusbono

@luciusbono which service exactly are you talking about?

chrisdavidmills avatar Mar 13 '19 16:03 chrisdavidmills

@chrisdavidmills wow, I actually managed to not state at any point what service I was talking about. Apologies, that was sloppy on my part. This ticket came after a looooonnnng string of asking people over and over again about the same service and I guess it broke my brain - I've updated the original ticket to include the service name, sorry for the confusion!

luciusbono avatar Mar 13 '19 16:03 luciusbono

@luciusbono no worries, thanks for the update! I've now triaged this successfully; we'll try to get round to it before too long.

chrisdavidmills avatar Mar 13 '19 16:03 chrisdavidmills