[Systems] Fwd: HELP!

Chris Leonard cjlhomeaddress at gmail.com
Thu Aug 4 01:28:16 EDT 2011


On Thu, Aug 4, 2011 at 12:39 AM, Frederick Grose <fgrose at sugarlabs.org> wrote:
> On Wed, Aug 3, 2011 at 10:53 PM, Ron Feigenblatt <docdtv at gmail.com> wrote:
>>
>> Hello,
>>
>> On 8/3/11, Frederick Grose <fgrose at sugarlabs.org> wrote:
>> >
>> > I've cleared the blocks.  Sorry for the inconveniences.
>> >
>> > Be sure to maintain a secure password on your account.  Perhaps in
>> > February
>> > 2010 someone managed to use you account to abuse the wiki.
>> >
>> > Thank you for your contributions!
>> >
>> >          --Fred
>> >
>>
>> Thank you for the quick and courteous assistance, Fred.
>>
>> I use a long and complicated password, resilient against brute force
>> attacks. I maintain excellent physical security of my Internet access
>> machines.
>>
>> But it is also theoretically possible that the software on my machine
>> - or yours - has been subverted (e.g. via network attacks of unpatched
>> flaws, perhaps unknown to the software authors), or that your attack
>> monitoring system has a flaw.
>>
>> In particular, if someone tried to steal my identity, I am curious to
>> learn all I can about it. He may want to harm me again, perhaps in a
>> venue far from Sugar Labs. Would it be a lot of work to copy me any
>> transaction logs which document the rationale for locking out my
>> userid from the Wiki?
>>
>> Thanks again,
>> Ron
>
> Given the precautions you have taken, it is much more likely that during my
> totally manual monitoring and remediation I got confused by coincidental or
> overlapping edits and misidentified your account with the spammer's.
>
> Starting 18 February 2010 through 01 March 2010, our wiki was subject to a
> rash of spam by a notorius individual 'abusing multiple accounts'.  I seem
> to recall being surprised to see the userid 'Docdtv' as it didn't fit the
> usual naming pattern for this individual.  I'm now convinced that you were
> the innocent victim of my precautions in dealing with the abuse.
>
> We have since switched to OpenID authentication for new accounts, and abuse
> has greatly diminished.
>
> I'm sorry again to have inhibited your contributions, and thank you for
> persisting in your efforts.
>
>             --Fred
>
Ron,

fgrose is to be forgiven for his accidental mis-block.  The absolute
sheer volume of wiki vandalism he has dealt with makes it a near
statistical certainty that even the most careful admin would
mistakenly tag an innocent account.  His accuracy rate still
approaches 99.999% and I know his apology for the 0.001% error rate is
both sincere and heartfelt.

I share his gratitude that you were persistent in your desire to
contribute and thank fgrose for all the counter-vandalism work he does
to maintain the wiki.

The block was placed at 00:13, 19 February 2010

By comparing the timestamps, you can see that this inadvertant block
occurred in the midst of these "contributions" from an all too
familiar pattern of vandalism.

http://wiki.sugarlabs.org/go/Special:Contributions/Pmv1

who defaced 11 pages in 4 minutes over the same time window.  Sadly
you were a victim of a "friendly fire" incident.

The "PMV" stands for page move vandal and was not the vandal's
original name, which was changed because the original was offensive.
In that Feb-Mar period, this vandal moved hundreds of pages and as our
wiki is not well-equipped with reversion or counter-vandalism bots, it
is vigilant, but humanly fallible, folks like fgrose that repair this
sort of damage.

cjl


More information about the Systems mailing list