Re: [Tails-dev] Reverting defacement on blueprint

Delete this message

Reply to this message
Autor: sajolida
Data:  
Dla: The Tails public development discussion list
Temat: Re: [Tails-dev] Reverting defacement on blueprint
Jesse W:
> The defacement is listed as being authored by localhost (127.0.0.1@web),
> which has 13,538 commits attributed to it, although all but 2,288 of
> them point to the same tree as their parent (i.e. they contain no actual
> change).


All these commits are the ones done through the web interface for
editing the website. So that's expected to have so many of them.

> Of the ones with changes, they all are in the wiki, and were
> authored between 2009 and now (distribution by year below). All but 16
> were committed by webmaster@??? (the other 16, committed
> between Oct 2010 and Nov 2011, were committed by amnesia@??? ).
>
> There have been **41** commits with the same log message as the
> defacement (2rand[0,1,1]) going back to July 2011, although there hasn't
> been one since 2012 (aside from the one sajolida found). They are all
> spam.


Thanks for looking into this. I didn't remember "2rand[0,1,1]" as a
common commit title for spam and thought that maybe this was some intent
of by passing input validation or something.

> I didn't know we accept anonymous edits to the wiki -- it is certainly
> not documented anywhere I've seen...


As intrigeri pointed out, right now it's only possible to edit
/blueprint/. Some years ago, it was possible to edit all the whole
website :)

> git log --author '<127.0.0.1@web>' --pretty=format:'%ai' wiki/ | cut -c
> '1-4' | sort | uniq -c  
>     116 2009
>     111 2010
>     781 2011
>     650 2012
>     152 2013
>      41 2014
>     437 2015

>
>> On Mon, 2015-10-26 at 12:42 +0000, sajolida wrote:
>>> Today while fetching from origin I had to revert a defacement on a
>>> blueprint. See b2b585b and 19a3de4.
>>>
>>> If anybody wants to investigate this further...
>>
> intrigeri:
>
> What do you think could/should be investigated?


I didn't remember the "2rand[0,1,1]" as common for spam and thought
maybe this time it was more than spam. I didn't dare opening the URL :)

Case closed for me.