Karsten, thanks for taking the time to answer these questions.
> AFAIK, there's no way to find out whether an account has been
> compromised, other than asking users to log in and see if their password
> still works.
Ok, I thought that might be possible by looking into /trac/apache logs to see if
Nathan Freitas writes:
> On 05/04/2014 05:18 AM, George Kadianakis wrote:
>> Nathan Freitas writes:
>>
>>> On May 3, 2014 4:18:28 PM EDT, George Kadianakis
>>> wrote:
George Kadianakis writes:
> Nathan Freitas writes:
>
>> On May 3, 2014 6:10:58 AM EDT, George Kadianaki
Nathan Freitas wrote:
> On May 2, 2014 6:34:25 PM EDT, intrigeri wrote:
> >Nathan Freitas wrote (02 May 2014 19:44:35 GMT) :
> >> We are also experimenting with a switch to Polipo
> >> (https://github.com/jech/polipo.git) from Privoxy.
> >
> >Jacob was strongly advocating that we do the exact o
On 02/05/14 20:34, Nusenu wrote:
>> We learned on recently that there was a bug in our Trac setup that allowed
>> anyone to register a new user account for an existing user name, overwriting
>> the existing user's password and thereby taking over the account [0].
>
> Has there been an analysis on
