Status regarding the recent Appdb vandalism
Ben Hodgetts (Enverex)
ben at atomnet.co.uk
Thu May 24 13:38:14 CDT 2007
Yes, EVERYTHING from the listed apps was deleted. The AppDB sends an
email for each individual thing though, for instance if an app has 2
versions, 5 sets of test data, 80 comments and 7 screenshots it will
send you 94 individual emails with the info from each item that has been
deleted.
For the record I have no emails containing "Roop" at all.
Bryan: Don't email the mailing list AND every single person on the list,
ONLY mail the list itself.
Ben H.
Bryan Haskins wrote:
> Also, in respect to World of Warcraft (Only notify list I'm on), I saw
> another deleting quite a bit, as I was saying this morning in #winehq,
> I recorded deletions by Roop, no clue if they might actually be legit,
> but there was a lot deleted, so I thought I might throw that out there,
>
> On 5/23/07, *Jan Zerebecki* <jan.wine at zerebecki.de
> <mailto:jan.wine at zerebecki.de>> wrote:
>
> Please do _only_ address replies to this email to
> wine-devel at winehq.org <mailto:wine-devel at winehq.org> ! Remove all
> other recipients from To and
> Cc !
>
> Work is currently underway to restore the state of the Appdb to
> the backup of May 22 07:00 CST.
>
> This morning ( TZ +0200 ) someone used the account "Molle
> Bestefich" to vandalize the Appdb. He was also seen on IRC and on
> the wiki. His IP was identified on all three, logs are available.
> See towards the end of this mail for IRC log snippet and whois on
> his IP. Please contact me first if you intend to contact abuse or
> police personal regarding this, so we don't cause headaches or
> duplicate work. We do not yet know how this person got access to
> Molle Bestefich his account.
>
> I received 4454 emails about deletes or other actions by the
> account "Molle Bestefich". Send between "Date: Tue, 22 May 2007
> 21:43:46 -0500" and "Date: Tue, 22 May 2007 22:18:55 -0500". (2
> mails sent by the Appdb in that date range were legit actions.) I
> don't know if these are all, because admin-accounts were
> explicitly deleted and thus the notification to them stopped.
>
> The following applications where mentioned in these notification
> emails:
> Adobe Illustrator
> Battlefield 1942
> Battlefield 2
> Battlefield 2142
> Call of Duty 2
> Call of Duty
> Checkpoint Firewall-1 Policy editor
> Command & Conquer 3: Tiberium Wars
> Counter-Strike: Source
> Day of Defeat: Source
> Deus Ex
> Diablo II
> EVE Online
> F.E.A.R.: First Encounter Assault Recon
> Final Fantasy XI Online
> Guild Wars
> IDA Pro
> Photoshop
> S.T.A.L.K.E.R. : Shadow of Chernobyl
> Soldat
> Steam
> Supreme Commander
> The Elder Scrolls IV: Oblivion
> Trillian
> World of Warcraft
> PunkBuster
> Rune
> Igowin
> Age of Empires
> Age of Mythology
> Black & White
> Brothers in Arms
> Flash
> FlatOut
> .NET Framework
> Lotus Notes
>
> Some notifcations didn't contain a application of version, here
> the Message-Id-s of some examples (this is probably a bug in the
> Appdb code):
> screen shot
> Message-Id: < E1HqgpS-0008Ay-OM at wine.codeweavers.com
> <mailto:E1HqgpS-0008Ay-OM at wine.codeweavers.com>>
> test result
> Message-Id: < E1Hqgs7-0001iH-S7 at wine.codeweavers.com
> <mailto:E1Hqgs7-0001iH-S7 at wine.codeweavers.com>>
> monitor
> Message-Id: <E1HqgsD-0001mW-It at wine.codeweavers.com
> <mailto:E1HqgsD-0001mW-It at wine.codeweavers.com>>
> bug
> Message-Id: < E1HqhDT-0003xe-GS at wine.codeweavers.com
> <mailto:E1HqhDT-0003xe-GS at wine.codeweavers.com>>
>
> One message about a rejected bug link seemed like these type of
> message don't contain any information:
> Message-Id: < E1Hqh5W-0000QE-UG at wine.codeweavers.com
> <mailto:E1Hqh5W-0000QE-UG at wine.codeweavers.com>>
>
>
> On IRC from the #winehq channel:
> Mai 23 05:27:14 --> noerrorsfound_ (n=
> nicholas at h10.66.119.64.ip.alltel.net
> <mailto:nicholas at h10.66.119.64.ip.alltel.net>) has joined #winehq
> [unrelated stuff deleted]
> Mai 23 06:21:37 --- noerrorsfound_ is now known as
> molle-molle-moll
> Mai 23 06:21:41 <molle-molle-moll> molle molle molle
> Mai 23 06:21:42 <molle-molle-moll> molle
> Mai 23 06:21:51 <molle-molle-moll> molle
> Mai 23 06:22:03 <molle-molle-moll> mole string
> Mai 23 06:22:18 <molle-molle-moll> hello give thank
> Mai 23 06:22:18 <-- Amorphous has kicked molle-molle-moll from
> #winehq (Amorphous)
>
> /whois output:
> [06:22:38] --- [molle-molle-moll]
> (n=nicholas at h10.66.119.64.ip.alltel.net
> <mailto:nicholas at h10.66.119.64.ip.alltel.net>) : Nicholas
> [06:22:38] --- [whoismolle-molle-moll] irc.freenode.net
> <http://irc.freenode.net> :http://freenode.net/
> [06:22:38] --- [molle-molle-moll] End of WHOIS list.
>
>
> 2007-05-23T06:50:15+0200 $ whois 64.119.66.10 <http://64.119.66.10>
> OrgName: Windstream Communications Inc
> OrgID: WINDS-6
> Address: 4001 Rodney Parham Rd
> City: Little Rock
> StateProv: AR
> PostalCode: 72212
> Country: US
>
> NetRange: 64.119.64.0 <http://64.119.64.0> - 64.119.79.255
> <http://64.119.79.255>
> CIDR: 64.119.64.0/20 <http://64.119.64.0/20>
> NetName: WINDSTREAM-COMMUNICATIONS
> NetHandle: NET-64-119-64-0-1
> Parent: NET-64-0-0-0-0
> NetType: Direct Allocation
> NameServer: NS1-AUTH.WINDSTREAM.NET <http://NS1-AUTH.WINDSTREAM.NET>
> NameServer: NS2-AUTH.WINDSTREAM.NET <http://NS2-AUTH.WINDSTREAM.NET>
> NameServer: NS3-AUTH.WINDSTREAM.NET <http://NS3-AUTH.WINDSTREAM.NET>
> NameServer: NS4-AUTH.WINDSTREAM.NET <http://NS4-AUTH.WINDSTREAM.NET>
> Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
> RegDate: 2001-08-24
> Updated: 2007-02-26
>
> OrgAbuseHandle: WINDS1-ARIN
> OrgAbuseName: Windstream Abuse
> OrgAbusePhone: +1-888-292-3827
> OrgAbuseEmail: abuse at windstream.net <mailto:abuse at windstream.net>
>
> OrgTechHandle: WINDS-ARIN
> OrgTechName: Windstream Communications Inc
> OrgTechPhone: +1-800-990-4449
> OrgTechEmail: ipadmin at windstream.net <mailto:ipadmin at windstream.net>
>
> # ARIN WHOIS database, last updated 2007-05-22 19:10
> # Enter ? for additional hints on searching ARIN's WHOIS database.
>
>
>
>
>
>
> --
> Cheers,
> Bryan
> ------------------------------------------------------------------------
>
>
>
More information about the wine-devel
mailing list