[Tails-dev] Reverting defacement on blueprint
Today while fetching from origin I had to revert a defacement on a blueprint. See b2b585b and 19a3de4. If anybody wants to investigate this further... People with the commit bit: beware of what you're pulling from origin :) This one was easy but I hope it won't get more sophisticated... ___ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.
Re: [Tails-dev] Reverting defacement on blueprint
sajolida wrote (26 Oct 2015 12:42:47 GMT) : > Today while fetching from origin I had to revert a defacement [...] Thanks for handling that. > If anybody wants to investigate this further... What do you think could/should be investigated? > People with the commit bit: beware of what you're pulling from origin :) Yes, even more so: people without the commit bit are welcome to keep an eye on these things too :) Cheers, -- intrigeri ___ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.
Re: [Tails-dev] Reverting defacement on blueprint
The defacement is listed as being authored by localhost (127.0.0.1@web), which has 13,538 commits attributed to it, although all but 2,288 of them point to the same tree as their parent (i.e. they contain no actual change). Of the ones with changes, they all are in the wiki, and were authored between 2009 and now (distribution by year below). All but 16 were committed by webmas...@amnesia.boum.org (the other 16, committed between Oct 2010 and Nov 2011, were committed by amne...@boum.org ). There have been **41** commits with the same log message as the defacement (2rand[0,1,1]) going back to July 2011, although there hasn't been one since 2012 (aside from the one sajolida found). They are all spam. I didn't know we accept anonymous edits to the wiki -- it is certainly not documented anywhere I've seen... git log --author '<127.0.0.1@web>' --pretty=format:'%ai' wiki/ | cut -c '1-4' | sort | uniq -c 116 2009 111 2010 781 2011 650 2012 152 2013 41 2014 437 2015 On Mon, 2015-10-26 at 12:42 +, sajolida wrote: > Today while fetching from origin I had to revert a defacement on a > blueprint. See b2b585b and 19a3de4. > > If anybody wants to investigate this further... > > People with the commit bit: beware of what you're pulling from origin :) > This one was easy but I hope it won't get more sophisticated... > ___ > Tails-dev mailing list > Tails-dev@boum.org > https://mailman.boum.org/listinfo/tails-dev > To unsubscribe from this list, send an empty email to > tails-dev-unsubscr...@boum.org. ___ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.
Re: [Tails-dev] Reverting defacement on blueprint
Hi, Jesse W wrote (27 Oct 2015 01:53:17 GMT) : > I didn't know we accept anonymous edits to the wiki -- it is certainly > not documented anywhere I've seen... FTR, the closest we have to documentation is in ikiwiki-cgi.setup (that closely follows the actual config file used by the production website): locked_pages: '! blueprint/*' Cheers, -- intrigeri ___ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.
Re: [Tails-dev] Reverting defacement on blueprint
Jesse W: > The defacement is listed as being authored by localhost (127.0.0.1@web), > which has 13,538 commits attributed to it, although all but 2,288 of > them point to the same tree as their parent (i.e. they contain no actual > change). All these commits are the ones done through the web interface for editing the website. So that's expected to have so many of them. > Of the ones with changes, they all are in the wiki, and were > authored between 2009 and now (distribution by year below). All but 16 > were committed by webmas...@amnesia.boum.org (the other 16, committed > between Oct 2010 and Nov 2011, were committed by amne...@boum.org ). > > There have been **41** commits with the same log message as the > defacement (2rand[0,1,1]) going back to July 2011, although there hasn't > been one since 2012 (aside from the one sajolida found). They are all > spam. Thanks for looking into this. I didn't remember "2rand[0,1,1]" as a common commit title for spam and thought that maybe this was some intent of by passing input validation or something. > I didn't know we accept anonymous edits to the wiki -- it is certainly > not documented anywhere I've seen... As intrigeri pointed out, right now it's only possible to edit /blueprint/. Some years ago, it was possible to edit all the whole website :) > git log --author '<127.0.0.1@web>' --pretty=format:'%ai' wiki/ | cut -c > '1-4' | sort | uniq -c > 116 2009 > 111 2010 > 781 2011 > 650 2012 > 152 2013 > 41 2014 > 437 2015 > >> On Mon, 2015-10-26 at 12:42 +, sajolida wrote: >>> Today while fetching from origin I had to revert a defacement on a >>> blueprint. See b2b585b and 19a3de4. >>> >>> If anybody wants to investigate this further... >> > intrigeri: > > What do you think could/should be investigated? I didn't remember the "2rand[0,1,1]" as common for spam and thought maybe this time it was more than spam. I didn't dare opening the URL :) Case closed for me. ___ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.
