[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
[eclipse.org-committers] Webmaster Update
|
Greetings,
It's been a while since I sent one of these... I'll try to keep it short.
1. Access Forbidden to Update sites
2. New bugzilla keyword: Contributed (bug 153774)
3. Web pages on download.eclipse.org (and Phoenix)
4. SSH attacks
1. Access Forbidden to Update sites
===================================
We get many e-mails from confused users who see an Update Manager URL
for your project, and assume the URL is usable in a browser. When they
try, they get an Access Forbidden message. For instance,
http://download.eclipse.org/technology/buckminster/updates/
Some projects create an index.html or an index.php file alongside their
site.xml. Witness: http://update.eclipse.org/updates/3.1/
Although I have modified our standard "Access Forbidden" message to
explain the reason why it's "forbidden", I think it would be great for
everyone if a basic index page was created to kindly provide "How-to use
the Update Manager URL" instructions.
2. New bugzilla keyword: Contributed (bug 153774)
=================================================
Kim asked for a new Keyword: Contributed. Use it as described.
The complete list of Bugzilla keywords is here:
https://bugs.eclipse.org/bugs/describekeywords.cgi
3. Web pages on download.eclipse.org (and Phoenix)
==================================================
There's some interesting discussion about web pages hosted on
download.eclipse.org, and Phoenix. Worth a read if you maintain the
download pages for your project.
https://bugs.eclipse.org/bugs/show_bug.cgi?id=154626
4. SSH attacks
==============
I know I've mentioned this before, but eclipse.org servers get about one
to four SSH attacks daily. Users try to brute-force logins to our
servers by using your user IDs with password dictionaries, or they try
to use system accounts, or even root.
To protect your login (and the code) we detect such attacks and swiftly
block them. The process is automatic, undiscriminating and unforgiving,
so please avoid these actions:
- trying to login to any eclipse.org server as root == Instant banishment.
- repeatedly trying to connect as someone who doesn't exist. Make sure
you're using the right user id.
- repeatedly trying to SSH to dev.eclipse.org as a valid user, but with
the wrong password.
False positives don't happen very often, so this is no big deal;
however, do keep this in mind before hitting the "retry" button of a
failed login. Don't hesitate to contact us to confirm your user id, or
to reset your password.
Thanks a bunch.
Denis
--
Eclipse WebMaster - webmaster@xxxxxxxxxxx
Questions? Consult the WebMaster FAQ at
http://wiki.eclipse.org/index.php/Webmaster_FAQ
View my status at http://wiki.eclipse.org/index.php/WebMaster