Closed Bug 401491 Opened 17 years ago Closed 17 years ago

Mozilla Developer News blog posts contain spam links

Categories

(mozilla.org Graveyard :: Server Operations, task)

Product:
mozilla.org Graveyard
Component:
Server Operations
Type:
task
Priority:
Not set
Severity:
major

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: alqahira, Assigned: justdave)

References

(
URL
)

Details

You'll have to view source on the pages, or read the Mozilla Developer News posts on planet.m.o where they're visible, but there is a  

<p><font style="position: absolute;overflow: hidden;height: 0;width: 0"><br />

containing a bunch of spam links at the bottom of that post, and at least the previous post http://developer.mozilla.org/devnews/index.php/2007/10/08/keeping-an-eye-on-blockers/ as well.
So, this is a dupe of bug 401382, which is already resolved as fixed. So, there's either a 0day exploit being used to do this, or somebody's password got compromised. Need to see what IPs have accessed the admin interface in the last day and check what accounts were used.
Assignee: nobody → server-ops
Component: Administration → Server Operations
OS: Mac OS X → All
Product: Mozilla Developer Center → mozilla.org
QA Contact: administration → justin
Hardware: PC → All
Version: unspecified → other
There was a compromised password.  Wordpress doesn't keep detailed enough logs to find out whose was used. :(

Everyone with enough access to have done this (total of 28 people) had their passwords reset, and a mail was sent telling them so.
Status: NEW → RESOLVED
Closed: 17 years ago
Resolution: --- → FIXED
Assignee: server-ops → justdave
Product: mozilla.org → mozilla.org Graveyard
You need to log in before you can comment on or make changes to this bug.