Mailing List Archive: exim: dev

Google search

Index | Next | Previous | View Threaded

warren at decoy

Mar 2, 2011, 11:56 PM

Post #1 of 6 (580 views)
Permalink

Google search

HI Devs,

Not sure if the you guys know this already, but searching for 'exim
wiki' returns the correct link but google also reports that the site
may be compromised:

<snip>

FrontPage - Exim Wiki
*This site may be compromised.*
9 Dec 2010 ... Welcome to the Exim Wiki. This wiki covers extra
information not in the official documentation. It allows users of Exim
to supplement the ...
HowTo - EximDevelopment - EximIntroduction - FAQ
wiki.exim.org/ - Cached - Similar

</snip>

thx

--
.warren

--
## List details at http://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##

graeme at graemef

Mar 3, 2011, 1:25 AM

Post #2 of 6 (571 views)
Permalink

Re: Google search [In reply to]

On Thu, 2011-03-03 at 09:56 +0200, Warren Baker wrote:
> Not sure if the you guys know this already, but searching for 'exim
> wiki' returns the correct link but google also reports that the site
> may be compromised:

We have what we thought was a minor problem with apparently random
people creating user accounts and then misusing those to add links to
other sites. It'll be those links, or redirects from them, which contain
the malware.

We did have pernicious individual who created an unlinked content-free
page, and added 70 or so attachments to it - in hindsight the fact that
most of these were JavaScript means it is possible some of that could
have contained drive-by malware or redirects/links to same.

The pages, users and attachments were scrubbed and continue to be so on
a regular basis.

However, now it's reached this point, I fear it may be time to lock the
Wiki down. That rather defeats the object of it being a wiki, though.

Graeme

--
## List details at http://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##

jh at plonk

Mar 3, 2011, 1:38 AM

Post #3 of 6 (572 views)
Permalink

Re: Google search [In reply to]

Graeme Fowler, 2011-03-03 10:25:

> However, now it's reached this point, I fear it may be time to lock the
> Wiki down. That rather defeats the object of it being a wiki, though.

If by "lock down" you mean "content changes must be confirmed by a
qualified person before they are publicly visible", I guess that's
viable. It's not like the wiki is getting constantly massive updates...

--
## List details at http://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##

nigel at dotdot

Mar 3, 2011, 1:54 AM

Post #4 of 6 (569 views)
Permalink

Re: Google search [In reply to]

On 3 Mar 2011, at 09:25, Graeme Fowler wrote:

> On Thu, 2011-03-03 at 09:56 +0200, Warren Baker wrote:
>> Not sure if the you guys know this already, but searching for 'exim
>> wiki' returns the correct link but google also reports that the site
>> may be compromised:
>

Slightly confused - I see the warning you referred to in searches, but
http://www.google.com/safebrowsing/diagnostic?site=wiki.exim.org

shows it as clean (although pretty much unvisited or checked).

> However, now it's reached this point, I fear it may be time to lock the
> Wiki down. That rather defeats the object of it being a wiki, though.

I don't think Moin has that capability.

We can use TextCha mechanisms though if someone has an appropriate set
of questions and answers we can use. http://moinmo.in/TextCha

Nigel.

--
[ Nigel Metheringham ------------------------------ nigel [at] dotdot ]
[ Ellipsis Intangible Technologies ]

--
## List details at http://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##

graeme at graemef

Mar 3, 2011, 1:59 AM

Post #5 of 6 (571 views)
Permalink

Re: Google search [In reply to]

On Thu, 2011-03-03 at 09:54 +0000, Nigel Metheringham wrote:
> Slightly confused - I see the warning you referred to in searches, but
> http://www.google.com/safebrowsing/diagnostic?site=wiki.exim.org

"May be compromised" != "Is hosting malware", which is what the test you
ran does.

> I don't think Moin has that capability.

Nuts.

> We can use TextCha mechanisms though if someone has an appropriate set
> of questions and answers we can use. http://moinmo.in/TextCha

Hrm. Not convinced a CAPTCHA (of whatever form) is the right way to go.

Graeme

--
## List details at http://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##

exim-dev at lists

Mar 3, 2011, 2:04 AM

Post #6 of 6 (570 views)
Permalink

Re: Google search [In reply to]

On 03/03/2011 09:54, Nigel Metheringham wrote:

>>> Not sure if the you guys know this already, but searching for 'exim
>>> wiki' returns the correct link but google also reports that the site
>>> may be compromised:
>
> Slightly confused - I see the warning you referred to in searches, but
> http://www.google.com/safebrowsing/diagnostic?site=wiki.exim.org
>
> shows it as clean (although pretty much unvisited or checked).

I logged into Google Webmaster Tools for exim.org a short while ago and
there was a message with the subject "Notice of Suspected Hacking on
http://www.exim.org/" providing this URL as an example:

http://wiki.exim.org/desare?action=AttachFile&do=get&target=ex21

It also contained a link to a form which should be filled in once you've
cleaned the "infection". I filled that in. No idea how long Google takes
to register this.

--
Mike Cardwell https://grepular.com/ https://twitter.com/mickeyc
Professional http://cardwellit.com/ http://linkedin.com/in/mikecardwell
PGP.mit.edu 0018461F/35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F

Attachments:

signature.asc (0.82 KB)

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads