Re: [Jack-Devel] www.jackaudio.org defacement

PrevNext  Index
DateFri, 30 Dec 2011 10:49:11 +0100
From Robin Gareus <[hidden] at gareus dot org>
ToPaul Davis <[hidden] at linuxaudiosystems dot com>
CcJACK <[hidden] at lists dot jackaudio dot org>
In-Reply-ToRobin Gareus Re: [Jack-Devel] www.jackaudio.org defacement
Follow-UpPaul Davis Re: [Jack-Devel] www.jackaudio.org defacement
On 12/30/2011 10:18 AM, Robin Gareus wrote:
> On 12/30/2011 02:23 AM, Paul Davis wrote:
>> On Thu, Dec 29, 2011 at 7:48 PM, Fred Gleason <[hidden]> wrote:
>>> On Dec 29, 2011, at 19:29 05, Patrick Shirkey wrote:
>>>
>>>> The main difference is the number of cogentco servers in the path. Is it
>>>> possible that one of those is proxy caching and serving a corrupted
>>>> version of the site?
>>>
>>> Anything is possible, I suppose.  My connection here is direct to Cogent's tier 1 network.
>>>
>>> That could also explain why I'm now seeing the defacement showing up in Google's cache.  Just search for 'jack audio' and look at the results.
>>
>> my conclusion is that the site was hacked and restored by the web
>> hosting service without telling me (or anyone else).
> 
> nope. It is still hacked and shows different content depending on the
> user-agent and both Accept-language HTTP header.
> 
> Try `curl "http://jackaudio.org/"` - that prints out the weird stuff
> that google also sees.
> 
> however:
> 
> curl -A "Mozilla/5.0 (X11; Linux i686; rv:9.0.1) Gecko/20100101
> Firefox/9.0.1 Iceweasel/9.0.1" -H
> "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8" -H
> "Accept-Language: en-us,en;q=0.9" "http://jackaudio.org/"

OOPs some copy/paste error slipped in: there's a missing "Accept:" for
the first content-negotiation header. NTL the decision seems to be based
mainly the user-agent string.

> shows the original site content!
> 
> I'd hazard a guess at trac; which is not too hard to hack, but the
> problem could be more deeply rooted..

The fact that the html-header, page-menu and page-footer resemble a
template from 2006 points toward trac.

..more worrisome is that email to the list does not go through, ..or
does it now?

> Cheers!
> robin
PrevNext  Index

1325274560.15457_0.ltw:2,a <4EFD8917.5050008 at gareus dot org>