Keywords: Trac - Windows - Technical issue - Secure Connections (SSL/HTTPS)
About a month ago, someone/something (a bot would be my guess) logged into our TRAC database and started creating several new users and dozens of tickets. It looks like the goal was really to generate spam or spoofing emails. So this bot:
1. Created a user with some email address.
2. Created a ticket with a bunch of spam and hyperlinks as that user or assigned to that user.
3. The TRAC system generates an email with a bunch of spam.
Ingenious! Right? No! insidious.
So I temporarily enabled Windows challenge response authentication to stop the hacker, restore the previous days backup of the TRAC database to get rid of all the new users and tickets, changed all the passwords and notified all the users of their new passwords, then disabled Windows challenge response authentication.
Also well for a month, but I just got an email notification that a new user was added so the bot got passed my new passwords.
Windows 2012 Web server that proxies request to TRAC
Bitnami TRAC 1.0.10 on Windows 2008
So I've re-enabled Windows challenge response authentication. I'll plan to upgrade TRAC, switch to https, change all the passwords again, and I'm looking into the AccountGuard plug in. Anyone else run into this issue? Any other suggestions? Thanks for any comments.