Random (?) out-of-date marking
My package mcobj [1] has been repeatedly been marked out of date 580
times in 10 minutes, with 61 out-of-date marks per minute (picture for proof [2]). Checking through the email, I saw that the user that was doing this was named invented [3]. I'm not really sure what's going on, particularly whether this is malicious or not. I have emailed invented, and am posting this to try to get to the bottom of this. Has invented (or have other users) done this before? [1] https://aur.archlinux.org/packages.php?ID=49697 [2] http://i49.tinypic.com/8zh0sn.png [3] https://aur.archlinux.org/account.php?Action=AccountInfo&ID=25347 |
Random (?) out-of-date marking
On Sun, Sep 30, 2012 at 03:00:01PM -0400, Limao Luo wrote:
> My package mcobj [1] has been repeatedly been marked out of date 580 > times in 10 minutes, with 61 out-of-date marks per minute (picture > for proof [2]). Checking through the email, I saw that the user that > was doing this was named invented [3]. I'm not really sure what's > going on, particularly whether this is malicious or not. I have > emailed invented, and am posting this to try to get to the bottom of > this. Has invented (or have other users) done this before? > > [1] https://aur.archlinux.org/packages.php?ID=49697 > [2] http://i49.tinypic.com/8zh0sn.png > [3] https://aur.archlinux.org/account.php?Action=AccountInfo&ID=25347 Well they're certainly doing something weird. I found an odd package of their own with a large amount of spam on it, and a rather spammy name, as well. Seems that the AUR doesn't actually check to see if a package is out of date before sending the email, meaning that you can just submit a dummy form with the do_Flag action and get this lovely result. I've already: - suspended the account (not that it's very effective). - deleted the suspcious package. And I'll be filing a bug against the AUR. Thanks for bringing this to our attention. d |
Random (?) out-of-date marking
On 30 September 2012 21:11, Dave Reisner <d@falconindy.com> wrote:
> Well they're certainly doing something weird. I found an odd package of > their own with a large amount of spam on it, and a rather spammy name, > as well. Given that the other package of this user seems to be perfectly OK, I have a feeling that invented's account may have been hijacked. On a related note, it may be good to add some time limit between unflagging/flagging package out of date. This would make life of notorious flaggers more difficult. Have a nice day, Lukas |
Random (?) out-of-date marking
On Sun, Sep 30, 2012 at 09:56:20PM +0200, Lukas Jirkovsky wrote:
> On 30 September 2012 21:11, Dave Reisner <d@falconindy.com> wrote: > > Well they're certainly doing something weird. I found an odd package of > > their own with a large amount of spam on it, and a rather spammy name, > > as well. > > Given that the other package of this user seems to be perfectly OK, I > have a feeling that invented's account may have been hijacked. > > On a related note, it may be good to add some time limit between > unflagging/flagging package out of date. This would make life of > notorious flaggers more difficult. > > Have a nice day, > Lukas There's little reason to hijack an account, particularly one with only 2 packages, when you create one with a phony email address (mailinator, etc) and do whatever you want with it. I filed a bug report for what I thought was the more obvious fix: https://bugs.archlinux.org/task/31745 If you have someone trying to spam you with out of date messages, its at least rate limited by your own sense of apathy. dave |
| All times are GMT. The time now is 06:51 AM. |
VBulletin, Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.