Last modified: 2012-09-19 18:13:52 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T30898, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 28898 - Set up notification for when/if Google's safe browsing spots something on wiki*
Set up notification for when/if Google's safe browsing spots something on wiki*
Status: RESOLVED FIXED
Product: Wikimedia
Classification: Unclassified
General/Unknown (Other open bugs)
unspecified
All All
: Highest normal (vote)
: ---
Assigned To: Nobody - You can work on this!
:
Depends on:
Blocks: 29068
  Show dependency treegraph
 
Reported: 2011-05-09 18:56 UTC by Sam Reed (reedy)
Modified: 2012-09-19 18:13 UTC (History)
6 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Sam Reed (reedy) 2011-05-09 18:56:59 UTC 
http://www.google.com/safebrowsing/diagnostic?site=wikimedia.org/

http://www.google.com/safebrowsing/diagnostic?site=upload.wikimedia.org/

Reported on  IRC


CC'ing Ariel as I believe the Google auth has already been done, so is easier to use the same account than authorising many others
Comment 1 Mark A. Hershberger 2011-05-11 15:54:39 UTC 
Ariel, I'm assigning this to you.  Let me know if you can't do it.
Comment 2 Ariel T. Glenn 2011-05-12 20:31:51 UTC 
I don't have auth on upload. I have it on www.  (which is practically worthless, basically. But I needed it for Google Storage.)
Comment 3 Mark A. Hershberger 2011-05-12 22:54:30 UTC 
Is there someone else who might have the auth necessary to look at this?
Comment 4 Sam Reed (reedy) 2011-05-13 12:48:52 UTC 
If we ask RobH or Ryan Lane to setup the dns entries, so someone can gain access


Probably the simplest way
Comment 5 Rob Halsell 2011-05-13 12:55:45 UTC 
Clarification from in person discussion.

The task is setting up with Google so when they display these errors, we are notified about them.
Comment 6 Mark A. Hershberger 2011-06-15 20:09:49 UTC 
We now have webmaster@wikimedia.org authorized for enwikinews so it seems like we could do the same for other sites.  I *assume* they're going to send us notices about enwikinews now..
Comment 7 Mark A. Hershberger 2011-06-16 17:01:40 UTC 
If we want notices, we probably need to monitor http://www.google.com/safebrowsing/diagnostic?site=domainname.com
Comment 8 Mark A. Hershberger 2011-06-16 17:44:40 UTC 
pyoungmeister told me he would set up nagios to do this.
Comment 9 Antoine "hashar" Musso (WMF) 2011-06-23 20:58:41 UTC 
In addition to nagios, maybe we could ask google to send an email notification as well?
Comment 10 Mark A. Hershberger 2011-06-27 18:10:21 UTC 
(In reply to comment #9)
> In addition to nagios, maybe we could ask google to send an email notification
> as well?

Might be possible.  Emails should go to webmaster@wikimedia.org if someone sets up email notifications.
Comment 11 Antoine "hashar" Musso (WMF) 2011-06-28 17:25:15 UTC 
Emailed google security team and cced Mark:

-------------------------
Dear Google security team,

I am one of the Wikipedia system administrator volunteer, Mark A. Hershberger (in cc mah@everybody.org) is Wikimedia bugmeister.

I am contacting you regarding the Safe Browsing diagnostic page you have setup at:
  http://www.google.com/safebrowsing/diagnostic?site=wikipedia.org/

We are wondering if it could be possible to receive email notifications whenever a new problem is detected on one of our domains.

For future reference, our tracking number is 'bug 28898':
  https://bugzilla.wikimedia.org/28898

-------------------------
Comment 12 Mark A. Hershberger 2011-06-28 18:12:05 UTC 
Note that we would like this to be set up on *.wikipedia.org,
*.wikibooks.org, etc.  Not just wikipedia.org.
Comment 13 Mark A. Hershberger 2011-06-28 18:27:44 UTC 
From http://www.google.com/support/webmasters/bin/answer.py?answer=163633, they send notices to the following email addresses for the domain any time they find something:

    abuse@
    admin@
    administrator@
    contact@
    info@
    postmaster@
    support@
    webmaster@

So making sure all the verious domains webmaster@ emails go to webmaster@wikimedia.org should be fine.

(Updating b/c the automatic response to Ashar's email said they wouldn't respond since we weren't giving them a report on a security vulnerability.)
Comment 14 Mark A. Hershberger 2011-06-30 19:09:04 UTC 
http://rt.wikimedia.org/Ticket/Display.html?id=1122
Comment 15 Mark A. Hershberger 2011-07-06 19:58:09 UTC 
notifications should now be working for the following domains:


wikimedia.org
wikimediafoundation.org
wikipedia.org
wiktionary.org
wikiquote.org
wikibooks.org
wikisource.org
wikinews.org
wikiversity.org
mediawiki.org
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links