CPANTS web site defacement #38

Open
mperry2 opened this Issue Jan 1, 2014 · 5 comments

Comments

Projects
None yet
3 participants
@mperry2

mperry2 commented Jan 1, 2014

It looks like part of the CPANTS site has been defaced. I went to http://cpants.cpanauthors.org/dist/App-ClusterSSH and got the page in the screenshot below. I didn't click around on anything else to see the extent of the damage as I don't want to compromise my computer.

cpants hacked page

@charsbar

This comment has been minimized.

Show comment Hide comment
@charsbar

charsbar Jan 1, 2014

Contributor

Thanks for the heads-up. This is a 404 error page of Mojolicious (a web application framework CPANTS is using now). You saw this partly because you have only uploaded developer releases of App-ClusterSSH (you usually don't see analysis of developer releases unless you visit a url with an explicit version number such as http://cpants.cpanauthors.org/dist/App-ClusterSSH-4.02_01 ), and partly because there seems to have happened something weird while analyzing. I re-ran the analyzer and it seems ok for now. I'll look into it further when I have some time.

Contributor

charsbar commented Jan 1, 2014

Thanks for the heads-up. This is a 404 error page of Mojolicious (a web application framework CPANTS is using now). You saw this partly because you have only uploaded developer releases of App-ClusterSSH (you usually don't see analysis of developer releases unless you visit a url with an explicit version number such as http://cpants.cpanauthors.org/dist/App-ClusterSSH-4.02_01 ), and partly because there seems to have happened something weird while analyzing. I re-ran the analyzer and it seems ok for now. I'll look into it further when I have some time.

@dolmen

This comment has been minimized.

Show comment Hide comment
@dolmen

dolmen Aug 31, 2016

Member

This is fixed.

Member

dolmen commented Aug 31, 2016

This is fixed.

@charsbar

This comment has been minimized.

Show comment Hide comment
@charsbar

charsbar Aug 31, 2016

Contributor

@dolmen, stop saying "fixed" until we write a test to ensure the same thing would not happen again.

Contributor

charsbar commented Aug 31, 2016

@dolmen, stop saying "fixed" until we write a test to ensure the same thing would not happen again.

@dolmen

This comment has been minimized.

Show comment Hide comment
@dolmen

dolmen Aug 31, 2016

Member

@charsbar Considering that the title of this issue is quite misleading (AFAIK cpants has never been hacked) I think it would be better to close this issue as there is no more problem for the particular URL reported.

If you are concerned about losing reports about broken links leading to 404 pages, I think it would be better to have a separate issue. Because an automated way of collecting 404 issues would be better than relying on manual reports.

Member

dolmen commented Aug 31, 2016

@charsbar Considering that the title of this issue is quite misleading (AFAIK cpants has never been hacked) I think it would be better to close this issue as there is no more problem for the particular URL reported.

If you are concerned about losing reports about broken links leading to 404 pages, I think it would be better to have a separate issue. Because an automated way of collecting 404 issues would be better than relying on manual reports.

@charsbar

This comment has been minimized.

Show comment Hide comment
@charsbar

charsbar Aug 31, 2016

Contributor

@dolmen, I believe you can't tell me what was the "something weird" and how you (or I) have "fixed" it. It's not the matter of looking ok at some point. This issue still has several good reasons to be kept open. It's ok for you to open another issue for what you think you find in this ticket, but as I said, just don't say "fixed" for what you don't even understand.

Contributor

charsbar commented Aug 31, 2016

@dolmen, I believe you can't tell me what was the "something weird" and how you (or I) have "fixed" it. It's not the matter of looking ok at some point. This issue still has several good reasons to be kept open. It's ok for you to open another issue for what you think you find in this ticket, but as I said, just don't say "fixed" for what you don't even understand.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment