Last modified: 2014-06-30 10:39:58 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T69275, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 67275 - Fake Wikimedia Bugzilla bugmeister emails sent from lbl.gov server
Fake Wikimedia Bugzilla bugmeister emails sent from lbl.gov server
Status: RESOLVED FIXED
Product: Wikimedia
Classification: Unclassified
Bugzilla (Other open bugs)
wmf-deployment
All All
: Normal normal (vote)
: ---
Assigned To: Nobody - You can work on this!
:
: 67277 (view as bug list)
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2014-06-29 13:30 UTC by Aude
Modified: 2014-06-30 10:39 UTC (History)
11 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Aude 2014-06-29 13:30:17 UTC 
the bugmeister sender and signature should be updated (Andre instead of Mark) in the "Email from Wikimedia's Bugzilla" that got sent out about being default CC.
Comment 1 Andre Klapper 2014-06-29 15:24:05 UTC 
That "Email from Wikimedia's Bugzilla" is not sent by us, see headers:

> Received: from fiji.lbl.gov (fiji.lbl.gov. [128.3.61.98])

Obviously folks over there copied old stuff from Wikimedia:
* http://fiji.lbl.gov/mediawiki/
* http://fiji.lbl.gov/mediawiki/wmfmailadmin/
Whatever triggers those emails at lbl.gov, it's an old staging ground.

There is nothing we can fix on our side. hexmode wanted to email them. 

I am now CC'ing random folks with a @lbl.gov address on this ticket, as this is distracting and misleading ("identity theft" is a too strong term though).
Comment 2 Tyler Romeo 2014-06-29 15:32:35 UTC 
Don't we have SPF turned on?
Comment 3 Andre Klapper 2014-06-29 16:18:44 UTC 
> Received-SPF: none (google.com: mhershberger@wikipedia.org does not
> designate permitted sender hosts) client-ip=128.3.61.98;
> Authentication-Results: mx.google.com;
>        spf=neutral (google.com: mhershberger@wikipedia.org does not
> designate permitted sender hosts)
> smtp.mail=mhershberger@wikipedia.org;
>        dmarc=fail (p=NONE dis=NONE) header.from=wikimedia.org
Comment 4 Aude 2014-06-29 16:40:23 UTC 
interesting.... did not look at the headers.

I see that i got these emails in the past years, never replied and still am cc ;)
Comment 5 T. Gries 2014-06-29 17:11:18 UTC 
*** Bug 67277 has been marked as a duplicate of this bug. ***
Comment 6 Krinkle 2014-06-29 19:00:19 UTC 
Hm..  indeed. My reply bounced because mhershberger@wikimedia.org no longer exists – as Mark works independently now.
Comment 7 Michael Jennings 2014-06-29 21:22:23 UTC 
I have contacted the scientists responsible for that server as well as our Cybersecurity team.  I will update you all via this bug as I hear back from them.
Comment 8 Andre Klapper 2014-06-29 22:19:30 UTC 
Michael: Thank you so much for your help!
Comment 9 Michael Jennings 2014-06-29 23:27:29 UTC 
Not a problem, Andre.  Glad to help.

fiji.lbl.gov has been taken off the Internet by our security group until the misconfiguration is fixed and the code updated.  For purposes of this ticket I think the issue can be considered resolved.  :-)
Comment 10 Andre Klapper 2014-06-30 10:39:58 UTC 
Awesome. That was fast. Thank you!

Closing ticket as FIXED; anybody please reopen if you still receive such mail.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links