Last modified: 2011-03-12 13:19:38 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T21879, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 19879 - IRC RC Bot allows RC injection
IRC RC Bot allows RC injection
Status: CLOSED FIXED
Product: Wikimedia
Classification: Unclassified
IRC (Other open bugs)
unspecified
All All
: Normal normal (vote)
: ---
Assigned To: Nobody - You can work on this!
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2009-07-22 14:59 UTC by Kimon Berlin (gribeco)
Modified: 2011-03-12 13:19 UTC (History)
2 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Kimon Berlin (gribeco) 2009-07-22 14:59:14 UTC 
As alluded to in http://www.mediawiki.org/wiki/Manual:IRC_RC_Bot, it is possible for anyone to inject fake RC messages into the Wikimedia RC feeds on IRC. This can be used to mess up bots that rely on these feeds, in particular anti-vandalism bots.
Comment 1 Tim Starling 2009-07-22 15:00:54 UTC 
You have tested this?
Comment 2 Mike.lifeguard 2009-07-22 15:12:14 UTC 
That page also says that this possibility can be eliminated through the use of iptables. If a sysadmin can confirm this, the bug is WORKSFORME.
Comment 3 Tim Starling 2009-07-22 15:13:44 UTC 
Should be fixed now. Will update the documentation on wikitech to avoid having this happen again.
Comment 4 Kimon Berlin (gribeco) 2009-07-22 19:01:53 UTC 
Yes, the recent iptable changes closed the UDP port to outside access.
Comment 5 Antoine "hashar" Musso (WMF) 2011-03-12 13:19:38 UTC 
Closing old verified bugs.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links