www-infrastructure-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "#asfinfra IRC Bot (Commented) (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (INFRA-4244) prevent spam exploit at http://wiki.apache.org/hadoop/<user_name>
Date Thu, 22 Dec 2011 09:08:30 GMT

    [ https://issues.apache.org/jira/browse/INFRA-4244?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13174705#comment-13174705

#asfinfra IRC Bot commented on INFRA-4244:

<danielsh> secondary things first, the CMS is _completely_ separate from (and younger
than) the moin wiki.

> prevent spam exploit at http://wiki.apache.org/hadoop/<user_name>
> -----------------------------------------------------------------
>                 Key: INFRA-4244
>                 URL: https://issues.apache.org/jira/browse/INFRA-4244
>             Project: Infrastructure
>          Issue Type: Improvement
>      Security Level: public(Regular issues) 
>            Reporter: Matt Foley
> Some robot just spammed the wiki by creating fake home pages for users who didn't previously
have them.  The changes were made in the name of a wiki user "jingshen".  This user created
a spammy home page for itself at http://wiki.apache.org/hadoop/jingshen on 2011-12-20 08:18:34.

> I was one of the victims at http://wiki.apache.org/hadoop/MattFoley
> I've deleted the bad page, but presumably it's available in the CMS.
> Other created pages which I did not delete were:
> * AmreshSingh
> * Ivan de Prado
> * alevchuk
> * jiuzheyang
> * RavindraRawat
> * JohnDorion
> However, there was one user with a pre-existing real home page, who had spam added to
his home page by jingshen:
> * PetruDimulescu
> I only subscribe to Hadoop wiki.  It's likely the spammer did the same to other parts
of the wiki.  I suspect the spammer harvested wiki usernames from the emails about recently
changed pages.
> I see the anti-spam subsystem has updated the BadContent page to know the spammer's link.
> Maybe nothing further can be done, I'm not an expert on wiki anti-spam.
> This info is being captured and shared in case there is any way to decrease vulnerability
to this noise.  Thanks.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira


View raw message