Bugzilla porn spam
Steve Lime
Steve.Lime at DNR.STATE.MN.US
Thu Apr 12 00:55:46 EDT 2007
That (bugzilla) machine has been compromised (not sure what that means yet) and the UMN
network folks have it shut down and the main site because it does some proxying for the bugzilla
box. I wouldn't think the spam is related to the new problem (which has seemed to eliminate
the spam problem for moment).
Steve
>>> Daniel Morissette <dmorissette at MAPGEARS.COM> 04/09/07 2:16 PM >>>
Frank Warmerdam wrote:
> Folks,
>
> Who ever has bugzilla admin access needs to blow away the following bugs
> and their attachments or the bugzilla machine is likely to get sucked
> dry of bandwidth serving porn.
>
> http://mapserver.gis.umn.edu/bugs/show_bug.cgi?id=2064
> http://mapserver.gis.umn.edu/bugs/show_bug.cgi?id=2063
>
> I don't know if there are others.
>
It seems that our bugzilla has started being the target of spammers
around mid last week. I had noticed a few bugs with spam attachments and
emailed SteveL and Howard about removing them from the db last week, but
haven't heard back from them yet.
Here is my list from last week and this weekend:
bug 2060 and attachments 643 to 674
bug 2061 (no attachment)
bug 2062 and attachment 679
The following bugs are okay but have had attachments added to them:
attachments 675 to 678 to bug 481
attachments 680 to 729 to bug 480
attachments 730 to 735 to bug 14
... and there may be more by now...
I do not have access to the DB to remove the bugs and attachments, all I
have access to is the bugzilla admin page, and all we seem to be able to
do from there that might help is turn on an option to completely disable
bugzilla. However that would also prevent legitimate visitors from
viewing bugs so that's probably not a good idea.
Daniel
--
Daniel Morissette
http://www.mapgears.com/
More information about the mapserver-dev
mailing list