Re: [Jack-Devel] www.jackaudio.org defacement
On 12/30/2011 02:23 AM, Paul Davis wrote:
> On Thu, Dec 29, 2011 at 7:48 PM, Fred Gleason <[hidden]> wrote:
>> On Dec 29, 2011, at 19:29 05, Patrick Shirkey wrote:
>>
>>> The main difference is the number of cogentco servers in the path. Is it
>>> possible that one of those is proxy caching and serving a corrupted
>>> version of the site?
>>
>> Anything is possible, I suppose. My connection here is direct to Cogent's tier 1 network.
>>
>> That could also explain why I'm now seeing the defacement showing up in Google's cache. Just search for 'jack audio' and look at the results.
>
> my conclusion is that the site was hacked and restored by the web
> hosting service without telling me (or anyone else).
nope. It is still hacked and shows different content depending on the
user-agent and both Accept-language HTTP header.
Try `curl "http://jackaudio.org/"` - that prints out the weird stuff
that google also sees.
however:
curl -A "Mozilla/5.0 (X11; Linux i686; rv:9.0.1) Gecko/20100101
Firefox/9.0.1 Iceweasel/9.0.1" -H
"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8" -H
"Accept-Language: en-us,en;q=0.9" "http://jackaudio.org/"
shows the original site content!
I'd hazard a guess at trac; which is not too hard to hack, but the
problem could be more deeply rooted..
Cheers!
robin
1325273123.14431_0.ltw:2,a <4EFD81EF.5080701 at gareus dot org>