Automatic download list serves as spamlist
Frank Karlitschek
karlitschek at kde.org
Wed May 27 09:26:02 UTC 2009
On 27.05.2009, at 01:11, Lydia Pintscher wrote:
> On Wed, May 27, 2009 at 01:00, Albert Astals Cid <aacid at kde.org>
> wrote:
>> A Dilluns, 25 de maig de 2009, Krzysztof Chrapka va escriure:
>>> To KDE.org team,
>>> unfortunatly after posting some contents on kde-looks.org, I got
>>> my very
>>> first Nigerian spam letter. After quick googling out where did my
>>> e-mail
>>> address croped up in the Internet, I found it on the
>>> http://download.kde.org/khotnewstuff/amarokscripts/amarokscripts.xml
>>> automatic download list. As far as I remember, I have not allowed
>>> redistributing my email address and I was assured that it will not
>>> be
>>> visible to the other users. Moreover, I am unable to change it in a
>>> spam-bot secure method (with replacing @ or dot characters), since
>>> you are
>>> checking validity of address after each change. Although the email
>>> address
>>> was given on page associated to opendesktop.org, it leaked out to
>>> the open
>>> Internet from the KDE project domain.
>>>
>>> Hoping, this thoughtless security hole will be patched soon,
>>> Yours sincerely,
>>> Krzysztof Chrapka
>>
>> Frank? Lydia?
>>
>> Albert
>
> I am an editor on the open-desktop sites but I don't really know much
> about the technical side of it or KHotNewStuff. Frank or Jeremy will
> have to answer that one.
>
>
> Cheers
> Lydia
>
Hi,
wow. This is an interesting problem.
I never thought about the possibility that spammers could fetch and
parse our internal XML files.
I removed the email addresses from the GHNS XML files.
Sorry for the trouble.
Cheers
Frank
--
Frank Karlitschek
karlitschek at kde.org
More information about the kde-www
mailing list