• English version
  • Version française
  • Versión española

News

TuxFamily to improve its security

Posted on Wednesday 1 April 2015

TuxFamily never ceased to drum it, security, and especially I.T. security, is everyone's matter ! The various vulnerabilities disclosed all throughout the epic year 2014 definitely proved that a careful monitoring of the subject is essential.

Alas, this matter too often remains neglected by many hostees with regards to web applications installed at TuxFamily's (blog engines, bugtrackers, Mediawiki, Drupal, WordPress, PunBB, etc.). Yet no one can deny that an outdated application is a vector to send massive amounts of spam as well as hosting phishing pages or even exploit local vulnerabilities that just ask to be discovered, published and exploited (not necessarily in this order)!

On the other hand, TuxFamily's resources, particularly human ones, remain limited: a single person hobbles along with the platform administration (as a benevolent on free time, of course) while the moderation process is statistically handled by 1.27 persons exactly. BEA figures, February 2015. Anyway, it has become vital to take action.

That's the reason why your beloved hosters are currently designing a tool basically named vhffs_rotvacuum. It will run every week on the plateform in order to detect and desactivate webspaces whose software may not be up-to-date.

Fully aware that such a change cannot be brought so suddenly, its deployment shall happen in several steps:

  • Apr 2015: simple notification to the owner of concerned group/project
  • May 2015: webspaces not updated are disabled after a grace delay of 15 days after security updates are published
  • Jun 2015: deletion of webspaces considered outdated, grace delay kept at 15 days
  • Sep 2015: grace delay will be lowered to 7 days for standard security updates, 1 day for critical ones.

The TuxFamily team kindly reminds you that their set of services does not include full-fledged backups.

We sincerely hope these measures will help keep the maintenance workload of the platform at its lowest and, hence, ensure its durability.

The TuxFamily.org team

Edit: Of course it was our yearly April fool joke ;-)

RSS Feed