DSWeb Moves to New Hosting Platform After Falling Victim to Shellshock

By Jim Goldman, DSWeb Programmer, SIAM Information Systems Department
DSWeb, the Dynamical Systems Web, unfortunately fell victim to an automated security exploit ("hack") in December of 2014, causing SIAM's Information Systems Department to take the collaborative content management-based website off the Internet for about three weeks, during which time SIAM staff (mostly Jim Goldman) moved the site to a new server with updated versions of Linux, Apache, Perl, and PostgreSQL, thereby addressing the vulnerability.

Screenshot of DSWeb during the holiday season.

SIAM was alerted to the attack by monitoring software run by its Internet service provider, Cogent. The server machine hosting DSWeb was promptly taken offline by SIAM's Information Systems Department. No DSWeb user data was divulged in the incident, and the DSWeb database was not affected. No other SIAM resources were affected. We believe that this was not a targeted attack, but rather the work of a typical "robot" that scans the Internet looking for web servers (and other servers) exhibiting known but as yet unpatched vulnerabilities.

In this case, the recently-discovered attack is known as "Shellshock." It exploits a vulnerability in certain Unix/Linux Bash shells. For those interested in the details of Shellshock, Wikipedia hosts a moderately detailed account.

By late fall, most OS variants had benefitted from published patches to address the vulnerabilty. Why was DSWeb still vulnerable in December? DSWeb was still running on its original infrastructure, dating back to the origination of the site in 2003. At that time, Linux systems did not have the mechanisms that they (and most other modern operating systems) now have to automatically keep themselves up to date with security patches. So our system fell behind. The more it aged, the higher became the hurdle needing to be crossed to bring it up to date. Moving DSWeb to an up-to-date hosting platform has always been a desirable goal, but the cost of the transition continued to rise, just while we realized that the original architectural design of DSWeb was nearing the end of its useful life.

In early December, weeks before DSWeb was affected by this exploit, SIAM's Board of Trustees authorized an expenditure of funds to satisfy a longstanding wish on the part of staff and the DSWeb leadership to migrate DSWeb not just to a new hosting platform, but to a completely new design and architecture, being more extensible and flexible for its anticipated future needs. With that intent in mind, and the anticipated life of the current system seemingly now coming to an end, SIAM Information Systems Department staff were reluctant to spend valuable resources to move the same old DSWeb system onto an up-to-date hosting platform. Such a move would show no benefits to the DSWeb user community, and would only have a limited life span before being completely replaced by the hopefully imminent new design and architecture.

It was that reluctance that had us hanging on to decade-old versions of Linux and the associated web support applications until the Shellshock exploit forced our hand.

With the forced transition to a new platform now complete (having consumed unanticipated scores of staff hours), the old reliable DSWeb architecture will henceforth live out its short remaining life on a brand spanking new virtual machine with up-to-date (and continually updated!) versions of Linux, Apache, Perl, and PostgreSQL.

We apologize for the short time that DSWeb was unavailable, but we do eagerly look forward to a more flexible and robust DSWeb in the not too distant future.

Jim Goldman
DSWeb Programmer
SIAM Information Systems Department

Categories: Magazine, Editorial

Please login or register to post comments.