Status regarding the recent Appdb vandalism

Bryan Haskins kingofallhearts999 at gmail.com
Wed May 23 18:42:35 CDT 2007


Also, in respect to World of Warcraft (Only notify list I'm on), I saw
another deleting quite a bit, as I was saying this morning in #winehq, I
recorded deletions by Roop, no clue if they might actually be legit, but
there was a lot deleted, so I thought I might throw that out there,

On 5/23/07, Jan Zerebecki <jan.wine at zerebecki.de> wrote:
>
> Please do _only_ address replies to this email to
> wine-devel at winehq.org ! Remove all other recipients from To and
> Cc !
>
> Work is currently underway to restore the state of the Appdb to
> the backup of May 22 07:00 CST.
>
> This morning ( TZ +0200 ) someone used the account "Molle
> Bestefich" to vandalize the Appdb. He was also seen on IRC and on
> the wiki. His IP was identified on all three, logs are available.
> See towards the end of this mail for IRC log snippet and whois on
> his IP. Please contact me first if you intend to contact abuse or
> police personal regarding this, so we don't cause headaches or
> duplicate work. We do not yet know how this person got access to
> Molle Bestefich his account.
>
> I received 4454 emails about deletes or other actions by the
> account "Molle Bestefich". Send between "Date: Tue, 22 May 2007
> 21:43:46 -0500" and "Date: Tue, 22 May 2007 22:18:55 -0500". (2
> mails sent by the Appdb in that date range were legit actions.) I
> don't know if these are all, because admin-accounts were
> explicitly deleted and thus the notification to them stopped.
>
> The following applications where mentioned in these notification emails:
> Adobe Illustrator
> Battlefield 1942
> Battlefield 2
> Battlefield 2142
> Call of Duty 2
> Call of Duty
> Checkpoint Firewall-1 Policy editor
> Command & Conquer 3: Tiberium Wars
> Counter-Strike: Source
> Day of Defeat: Source
> Deus Ex
> Diablo II
> EVE Online
> F.E.A.R.: First Encounter Assault Recon
> Final Fantasy XI Online
> Guild Wars
> IDA Pro
> Photoshop
> S.T.A.L.K.E.R. : Shadow of Chernobyl
> Soldat
> Steam
> Supreme Commander
> The Elder Scrolls IV: Oblivion
> Trillian
> World of Warcraft
> PunkBuster
> Rune
> Igowin
> Age of Empires
> Age of Mythology
> Black & White
> Brothers in Arms
> Flash
> FlatOut
> .NET Framework
> Lotus Notes
>
> Some notifcations didn't contain a application of version, here
> the Message-Id-s of some examples (this is probably a bug in the
> Appdb code):
> screen shot
> Message-Id: < E1HqgpS-0008Ay-OM at wine.codeweavers.com>
> test result
> Message-Id: <E1Hqgs7-0001iH-S7 at wine.codeweavers.com >
> monitor
> Message-Id: <E1HqgsD-0001mW-It at wine.codeweavers.com>
> bug
> Message-Id: < E1HqhDT-0003xe-GS at wine.codeweavers.com>
>
> One message about a rejected bug link seemed like these type of
> message don't contain any information:
> Message-Id: < E1Hqh5W-0000QE-UG at wine.codeweavers.com>
>
>
> On IRC from the #winehq channel:
> Mai 23 05:27:14 -->     noerrorsfound_ (n=nicholas at h10.66.119.64.ip.alltel.net
> ) has joined #winehq
> [unrelated stuff deleted]
> Mai 23 06:21:37 ---     noerrorsfound_ is now known as molle-molle-moll
> Mai 23 06:21:41 <molle-molle-moll>      molle molle molle
> Mai 23 06:21:42 <molle-molle-moll>      molle
> Mai 23 06:21:51 <molle-molle-moll>      molle
> Mai 23 06:22:03 <molle-molle-moll>      mole string
> Mai 23 06:22:18 <molle-molle-moll>      hello give thank
> Mai 23 06:22:18 <--     Amorphous has kicked molle-molle-moll from #winehq
> (Amorphous)
>
> /whois output:
> [06:22:38] --- [molle-molle-moll] (n=nicholas at h10.66.119.64.ip.alltel.net)
> : Nicholas
> [06:22:38] --- [whoismolle-molle-moll] irc.freenode.net :
> http://freenode.net/
> [06:22:38] --- [molle-molle-moll] End of WHOIS list.
>
>
> 2007-05-23T06:50:15+0200 $ whois 64.119.66.10
> OrgName:    Windstream Communications Inc
> OrgID:      WINDS-6
> Address:    4001 Rodney Parham Rd
> City:       Little Rock
> StateProv:  AR
> PostalCode: 72212
> Country:    US
>
> NetRange:   64.119.64.0 - 64.119.79.255
> CIDR:       64.119.64.0/20
> NetName:    WINDSTREAM-COMMUNICATIONS
> NetHandle:  NET-64-119-64-0-1
> Parent:     NET-64-0-0-0-0
> NetType:    Direct Allocation
> NameServer: NS1-AUTH.WINDSTREAM.NET
> NameServer: NS2-AUTH.WINDSTREAM.NET
> NameServer: NS3-AUTH.WINDSTREAM.NET
> NameServer: NS4-AUTH.WINDSTREAM.NET
> Comment:    ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
> RegDate:    2001-08-24
> Updated:    2007-02-26
>
> OrgAbuseHandle: WINDS1-ARIN
> OrgAbuseName:   Windstream Abuse
> OrgAbusePhone:  +1-888-292-3827
> OrgAbuseEmail:  abuse at windstream.net
>
> OrgTechHandle: WINDS-ARIN
> OrgTechName:   Windstream Communications Inc
> OrgTechPhone:  +1-800-990-4449
> OrgTechEmail:  ipadmin at windstream.net
>
> # ARIN WHOIS database, last updated 2007-05-22 19:10
> # Enter ? for additional hints on searching ARIN's WHOIS database.
>
>
>
>


-- 
Cheers,
Bryan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.winehq.org/pipermail/wine-devel/attachments/20070523/207d705a/attachment.htm


More information about the wine-devel mailing list