Re: [Jack-Devel] www.jackaudio.org defacement

Prev	Next Index
Date	Fri, 30 Dec 2011 10:18:39 +0100
From	Robin Gareus <[hidden] at gareus dot org>
To	Paul Davis <[hidden] at linuxaudiosystems dot com>
Cc	JACK <[hidden] at lists dot jackaudio dot org>
In-Reply-To	Paul Davis Re: [Jack-Devel] www.jackaudio.org defacement
Follow-Up	Robert M. Riches Jr. Re: [Jack-Devel] www.jackaudio.org defacement
Follow-Up	Robin Gareus Re: [Jack-Devel] www.jackaudio.org defacement

On 12/30/2011 02:23 AM, Paul Davis wrote:
> On Thu, Dec 29, 2011 at 7:48 PM, Fred Gleason <[hidden]> wrote:
>> On Dec 29, 2011, at 19:29 05, Patrick Shirkey wrote:
>>
>>> The main difference is the number of cogentco servers in the path. Is it
>>> possible that one of those is proxy caching and serving a corrupted
>>> version of the site?
>>
>> Anything is possible, I suppose.  My connection here is direct to Cogent's tier 1 network.
>>
>> That could also explain why I'm now seeing the defacement showing up in Google's cache.  Just search for 'jack audio' and look at the results.
> 
> my conclusion is that the site was hacked and restored by the web
> hosting service without telling me (or anyone else).

nope. It is still hacked and shows different content depending on the
user-agent and both Accept-language HTTP header.

Try `curl "http://jackaudio.org/"` - that prints out the weird stuff
that google also sees.

however:

curl -A "Mozilla/5.0 (X11; Linux i686; rv:9.0.1) Gecko/20100101
Firefox/9.0.1 Iceweasel/9.0.1" -H
"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8" -H
"Accept-Language: en-us,en;q=0.9" "http://jackaudio.org/"

shows the original site content!

I'd hazard a guess at trac; which is not too hard to hack, but the
problem could be more deeply rooted..

Cheers!
robin

Prev	Next Index

1325273123.14431_0.ltw:2,a <4EFD81EF.5080701 at gareus dot org>