On 2025/09/14 17:01, Sakae Kobayashi wrote: > Hello OpenBSD developers, > > I would like to report a suspicious behavior I found on > https://cvsweb.openbsd.org/. > > Steps to reproduce: > 1. Visit for example: > https://cvsweb.openbsd.org/src/sys/netinet/icmp6.h > 2. Scroll down to the bottom and click the "Get Diffs" button > between selected revisions. > 3. Instead of showing the expected diff output, the browser is redirected > to https://theannoyingsite.com/ (an unrelated and potentially harmful > site). > If you follow its instructions, the browser may behave abnormally. > > This seems to be an unintended redirect or a security issue with the > cvsweb.openbsd.org service. > > Could you please investigate and fix this problem? > > Best regards, > -- > MyWeb: https://hamesspam.sakura.ne.jp/ > Mail: [email protected] >
blame the LLM scrapers for various annoying defences that many websites had to rapidly put in place due to excess load recently. I suppose the form should probably be removed from that page if the mitigation isn't going to handle the POST... The above GET links for diffs work as long as Referer is valid.
