I have received two complaints since the AAAA records were published, but they were both due to client configurations, and they are up and running now. I would check for AAAA records, DNS caching, hosts file entries, etc.

As, in my case, it seemed to be related to an inconsistent IPv6 configuration at the Novell side (my site being full IPv6 capable), what about your IPv6 capability (and that of your ISP)?

Sorry for the late response, but here are a few insights that I can give:

Other than spammers and script kiddies, most people like to leave us alone. We get notified when suspicious activity is going on, and it doesn’t happen all that often (knock on wood).

The SSO system affords us a pretty decent amount of protection. It is the only thing that directly interacts with the user store, so no sensitive information is kept in the applications themselves. It also reverse proxies the application servers, so it can filter out some bad activity in that regard. In addition, the applications have the default login systems replaced or supplemented by the SSO integration, so upstream vulnerabilities in login or account management code don’t matter much to us. I can think of several “critical” WP vulnerabilities which did not apply to us for that reason alone.

With all that said, we are working harder to keep current on the software. This is especially true of WP, since it is easy to upgrade and tends to have more security issues that do affect us (e.g. XSS vulnerabilities).

I already noticed that the mediawikis and wordpress installations are not updated regulary. So I’m wondering…

As most of the installed updates are security updates, do you have some insights if (and how often) hackers try to attack the openSUSE infrastructure?

How do you protect the installations and the userdata if you are running with software that is unmaintained since (at least) months?

Is there any documentation available how openSUSE secures its infrastructure and its own distribution?

Thanks in advance for your answers!

There are some openSUSE sites that don’t leverage this single sign-on solution, but that is hardly due to inability. I know several of the people who work on those sites, and they are anything but inept. They are just like most people in this world, in that they don’t have the time to do everything they would like. I’m sure they will integrate their sites when they have the time and when it makes sense for their situation.

Landis.

I am sorry you have a technical problem. But you should understand tha this blog about the method to login in openSUSE pages is not the place to ask for help for all sorts of problems. Please go to the openSUSE Forums at forums.opensuse.org, look a bit around there to get a feeling about how the forums work, sign-up, choose the most fitting sub-forum for your problem and start a new thread there with a title that tells short and clear what your problem is about (thus not “Help”!). There are plenty of co-users there who are very willing to help you.

Regards,

Henk