[Expo-tech] someone has Hacked EditThis Page and inserted spam
Mark Shinwell
mshinwell at gmail.com
Fri Apr 24 22:17:16 BST 2020
Before providing the link for us all to click on, did you check whether he
had also committed a link to malware, or similar on that page? :)
I'm not familiar with the details of how the website editing is set up, but
I think this reinforces the argument I made elsewhere that the access
control and workflow should be tightened on these repositories. (It sounds
odd for your uncommitted changes to be present in the same working copy as
this intruder's.)
Mark
On Fri, 24 Apr 2020 at 20:50, Philip Sargent (Gmail) <
philip.sargent at gmail.com> wrote:
>
> http://expo.survex.com/handbook/charging.html
>
> 8:46:03 PM) PhilipSargent: Spam alert !
> (8:46:42 PM) PhilipSargent: Someone has inserted edits into
> handbook/charging.html and I committed it before I checked
> (8:47:50 PM) PhilipSargent: Presumably there is a loophole in Edit This
> Page
> ? as all the text has been reformatted too. The first lines inserted say
> (8:47:52 PM) PhilipSargent: +By way of an introduction, my name is Sergey
> and I am the founder of Creative Bear Tech, a website data scraping and
> computer software business based in London, UK. We mainly deal with B2B
> companies by helping them to get in touch with their customers through our
> data scraping solutions.
> (8:49:05 PM) PhilipSargent: My mistake, he just deleted the entire page and
> replaced it with his content http://expo.survex.com/handbook/charging.html
>
>
> _______________________________________________
> Expo-tech mailing list
> Expo-tech at lists.wookware.org
> https://lists.wookware.org/cgi-bin/mailman/listinfo/expo-tech
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wookware.org/pipermail/expo-tech/attachments/20200424/e787005f/attachment.htm>
More information about the Expo-tech
mailing list