Automatic download list serves as spamlist

Frank Karlitschek karlitschek at kde.org
Wed May 27 09:26:02 UTC 2009


On 27.05.2009, at 01:11, Lydia Pintscher wrote:

> On Wed, May 27, 2009 at 01:00, Albert Astals Cid <aacid at kde.org>  
> wrote:
>> A Dilluns, 25 de maig de 2009, Krzysztof Chrapka va escriure:
>>> To KDE.org team,
>>> unfortunatly after posting some contents on kde-looks.org, I got  
>>> my very
>>> first Nigerian spam letter. After quick googling out where did my  
>>> e-mail
>>> address croped up in the Internet, I found it on the
>>> http://download.kde.org/khotnewstuff/amarokscripts/amarokscripts.xml
>>> automatic download list. As far as I remember, I have not allowed
>>> redistributing my email address and I was assured that it will not  
>>> be
>>> visible to the other users. Moreover, I am unable to change it in a
>>> spam-bot secure method (with replacing @ or dot characters), since  
>>> you are
>>> checking validity of address after each change. Although the email  
>>> address
>>> was given on page associated to  opendesktop.org, it leaked out to  
>>> the open
>>> Internet from the KDE project domain.
>>>
>>> Hoping, this thoughtless security hole will be patched soon,
>>> Yours sincerely,
>>> Krzysztof Chrapka
>>
>> Frank? Lydia?
>>
>> Albert
>
> I am an editor on the open-desktop sites but I don't really know much
> about the technical side of it or KHotNewStuff. Frank or Jeremy will
> have to answer that one.
>
>
> Cheers
> Lydia
>


Hi,

wow. This is an interesting problem.
I never thought about the possibility that spammers could fetch and  
parse our internal XML files.

I removed the email addresses from the GHNS XML files.
Sorry for the trouble.


Cheers
Frank




--
Frank Karlitschek
karlitschek at kde.org







More information about the kde-www mailing list