<!DOCTYPE html><html><head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body dir="ltr">
<p>Dear Colleagues,</p>
<p><br>
</p>
<p>I am forwarding a message from Sherman White below. In short:</p>
<p><br>
</p>
<p>* runBrowser.py was victim to a cyber attack earlier this week,
which made our database server basically unusable</p>
<p>* access to runBrowser is now restricted to the JLab network</p>
<p>* runBrowser was not functioning properly for a while, can
probably be suspended<br>
</p>
<p>* we can easily include its functionality in a new version of
plotBrowser</p>
<p>* old and outdated applications on the webserver should be
deleted<br>
</p>
<p><br>
</p>
<p>* halldweb and hallddb have to be upgraded to RHEL9 asap</p>
<p>* we already upgraded halldwebdev for testing</p>
<p>* Sherman is available to help with the transition<br>
</p>
<p><br>
</p>
<p>Thank you for your understanding,</p>
<p>Alex<br>
</p>
<p><br>
</p>
<p><br>
</p>
<div class="moz-forward-container"><br>
<br>
-------- Forwarded Message --------
<table cellpadding="0" cellspacing="0" border="0" class="moz-email-headers-table">
<tbody>
<tr>
<th valign="BASELINE" align="RIGHT" nowrap="nowrap">Subject:
</th>
<td>halldweb/hallddb directory restricted to jlab network</td>
</tr>
<tr>
<th valign="BASELINE" align="RIGHT" nowrap="nowrap">Date: </th>
<td>Wed, 5 Mar 2025 17:08:57 -0500</td>
</tr>
<tr>
<th valign="BASELINE" align="RIGHT" nowrap="nowrap">From: </th>
<td>Sherman White <a class="moz-txt-link-rfc2396E" href="mailto:srwhite@jlab.org"><srwhite@jlab.org></a></td>
</tr>
<tr>
<th valign="BASELINE" align="RIGHT" nowrap="nowrap">To: </th>
<td>Alexander Austregesilo <a class="moz-txt-link-rfc2396E" href="mailto:aaustreg@jlab.org"><aaustreg@jlab.org></a></td>
</tr>
<tr>
<th valign="BASELINE" align="RIGHT" nowrap="nowrap">CC: </th>
<td>Eugene Chudakov <a class="moz-txt-link-rfc2396E" href="mailto:gen@jlab.org"><gen@jlab.org></a>, Kelvin Edwards
<a class="moz-txt-link-rfc2396E" href="mailto:kelvin@jlab.org"><kelvin@jlab.org></a></td>
</tr>
</tbody>
</table>
<br>
<br>
<style type="text/css" style="display:none;">P {margin-top:0;margin-bottom:0;}</style>
<div class="elementToProof" style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
Hi,</div>
<div class="elementToProof" style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div class="elementToProof" style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
Today we experienced a dos/robot attack that tickled an
apparently non-maintained and possibly non-used application on
halldweb.</div>
<div class="elementToProof" style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
This caused a load on the backend database server
(halldb.jlab.org) to exceed 1354 which made it essentially
unusable. Because </div>
<div class="elementToProof" style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
the attacking processes didn't identify themselves as a bots, it
was necessary to restrict the directory in its destination URL
to internal JLAB</div>
<div class="elementToProof" style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
access only.<br>
<br>
The offending application was a python application located at:<br>
<br>
/cgi-bin/data_monitoring/monitoring/runBrowser.py<br>
<br>
Though no longer available externally, this application and any
other resource within the directory it shares is still available
internally. You can </div>
<div class="elementToProof" style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
use the JLAB browsing VPN site to access internal JLAB resources
(vpn.jlab.org) although you may need a crypto-token to use this
application. <br>
<br>
As a matter of good security practice, if there are applications
and content that you guys are no longer making use of, it would
be a good idea </div>
<div class="elementToProof" style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
to delete anything that you no longer need. <br>
<br>
Lastly, both hallddb and halldweb are running the Redhat
Enterprise Linux 7 operating systems. RHEL7 is out of support
and being phased out</div>
<div class="elementToProof" style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
of our environment in favor of RHEL9 in accordance with DOE
cyber security requirements. This means that systems such as
halldweb and </div>
<div class="elementToProof" style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
hallddb will be rebuilt to Redhat Enterprise Linux 9. Please
plan for this transition in near future. The computer center
is always available to</div>
<div class="elementToProof" style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
assist.</div>
<div class="elementToProof" style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div class="elementToProof" style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
Sherman</div>
</div>
</body>
</html>