[pydotorg-www] Bogus wiki.python.org attachment on BeginnersGuide
M.-A. Lemburg
mal at python.org
Fri Mar 20 13:54:33 EDT 2020
There are no changes on the server, but I see this in the EditorsGroup:
Looks like the empty entry give anonymous users access to EditorsGroup
rights.
I'll remove the entry again.
On 3/20/2020 6:45 PM, M.-A. Lemburg wrote:
>
> On 3/20/2020 6:41 PM, M.-A. Lemburg wrote:
>>
>> On 3/20/2020 6:35 PM, Mats Wichmann wrote:
>>> On 3/20/20 11:17 AM, Skip Montanaro wrote:
>>>> I no longer have access to my old wiki.python.org account but got a
>>>> bounce message (via postmaster) today which related to an attachment
>>>> added to the BeginnersGuide page:
>>>>
>>>> https://wiki.python.org/moin/BeginnersGuide
>>>>
>>>> The page history shows a deletion and addition of the attachment in
>>>> quick succession. I don't know if the old one was bogus, but the new
>>>> one certainly seems to be. It's a JPEG with a .pdf extension. Someone
>>>> probably should check it out and perhaps restore the old attachment or
>>>> remove it altogether.
>>>>
>>>> Skip
>>> something's going on - these edits are credited to "111" which is not an
>>> editor in the editors list.
>>>
>>> yesterday I got notification of another change made by "48" (actually
>>> these numbers were part of IP addresses, why aren't they coming in under
>>> a username) - that one left the page in a conflicted state.
>>>
>>> It looks like someone might be trying out a breakin?
>> When hovering over "111" in the info page you get this information:
>>
>> This suggests that someone without login (but the given IP address) is
>> accessing the page. The IP address maps to Beijing, China.
> It seems that all pages are editable without login... just tried a
> few.
>
> This is bad. Perhaps someone changed the server configuration.
>
--
Marc-Andre Lemburg
Python Software Foundation
http://www.python.org/psf/
http://www.malemburg.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/pydotorg-www/attachments/20200320/2ddefbd4/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: nacpgeleiddclhip.png
Type: image/png
Size: 10659 bytes
Desc: not available
URL: <http://mail.python.org/pipermail/pydotorg-www/attachments/20200320/2ddefbd4/attachment-0001.png>
More information about the pydotorg-www
mailing list