Jesse W:
> The defacement is listed as being authored by localhost (127.0.0.1@web),
> which has 13,538 commits attributed to it, although all but 2,288 of
> them point to the same tree as their parent (i.e. they contain no actual
> change).
All these commits are the ones done through the web interface for
editing the website. So that's expected to have so many of them.
> Of the ones with changes, they all are in the wiki, and were
> authored between 2009 and now (distribution by year below). All but 16
> were committed by webmaster@??? (the other 16, committed
> between Oct 2010 and Nov 2011, were committed by amnesia@??? ).
>
> There have been **41** commits with the same log message as the
> defacement (2rand[0,1,1]) going back to July 2011, although there hasn't
> been one since 2012 (aside from the one sajolida found). They are all
> spam.
Thanks for looking into this. I didn't remember "2rand[0,1,1]" as a
common commit title for spam and thought that maybe this was some intent
of by passing input validation or something.
> I didn't know we accept anonymous edits to the wiki -- it is certainly
> not documented anywhere I've seen...
As intrigeri pointed out, right now it's only possible to edit
/blueprint/. Some years ago, it was possible to edit all the whole
website :)
> git log --author '<127.0.0.1@web>' --pretty=format:'%ai' wiki/ | cut -c
> '1-4' | sort | uniq -c
> 116 2009
> 111 2010
> 781 2011
> 650 2012
> 152 2013
> 41 2014
> 437 2015
>
>> On Mon, 2015-10-26 at 12:42 +0000, sajolida wrote:
>>> Today while fetching from origin I had to revert a defacement on a
>>> blueprint. See b2b585b and 19a3de4.
>>>
>>> If anybody wants to investigate this further...
>>
> intrigeri:
>
> What do you think could/should be investigated?
I didn't remember the "2rand[0,1,1]" as common for spam and thought
maybe this time it was more than spam. I didn't dare opening the URL :)
Case closed for me.
