[Halld-offline] halldweb/hallddb directory restricted to jlab network

[Alexander Austregesilo]

Dear Colleagues,


I am forwarding a message from Sherman White below. In short:


* runBrowser.py was victim to a cyber attack earlier this week, which 
made our database server basically unusable

* access to runBrowser is now restricted to the JLab network

* runBrowser was not functioning properly for a while, can probably be 
suspended

* we can easily include its functionality in a new version of plotBrowser

* old and outdated applications on the webserver should be deleted


* halldweb and hallddb have to be upgraded to RHEL9 asap

* we already upgraded halldwebdev for testing

* Sherman is available to help with the transition


Thank you for your understanding,

Alex





-------- Forwarded Message --------
Subject: 	halldweb/hallddb directory restricted to jlab network
Date: 	Wed, 5 Mar 2025 17:08:57 -0500
From: 	Sherman White <srwhite at jlab.org>
To: 	Alexander Austregesilo <aaustreg at jlab.org>
CC: 	Eugene Chudakov <gen at jlab.org>, Kelvin Edwards <kelvin at jlab.org>



Hi,

Today we experienced a dos/robot attack that tickled an apparently 
non-maintained and possibly non-used application on halldweb.
This caused a load on the backend database server (halldb.jlab.org) to 
exceed 1354 which made it essentially unusable.  Because
the attacking processes didn't identify themselves as a bots, it was 
necessary to restrict the directory in its destination URL to internal JLAB
access only.

The offending application was a python application located at:

/cgi-bin/data_monitoring/monitoring/runBrowser.py

Though no longer available externally, this application and any other 
resource within the directory it shares is still available internally.  
You can
use the JLAB browsing VPN site to access internal JLAB resources 
(vpn.jlab.org) although you may need a crypto-token to use this 
application.

As a matter of good security practice, if there are applications and 
content that you guys are no longer making use of, it would be a good idea
to delete anything that you no longer need.

Lastly, both hallddb and halldweb are running the Redhat Enterprise 
Linux 7 operating systems.  RHEL7 is out of support and being phased out
of our environment in favor of RHEL9 in accordance with DOE cyber 
security requirements.  This means that systems such as halldweb and
hallddb will be rebuilt to Redhat Enterprise Linux 9.  Please plan for 
this transition in near future.    The computer center is always 
available to
assist.

Sherman
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mailman.jlab.org/pipermail/halld-offline/attachments/20250305/32a5eb0a/attachment.html>