[Foundation-l] Code detecting bots?

Gregory Maxwell gmaxwell at gmail.com
Thu Aug 2 17:15:05 UTC 2007


On 8/2/07, Nicholas Moreau <nicholasmoreau at gmail.com> wrote:
> > People can, and have, externally linked to malicious software from our sites.
>
> I remember the time that hit the news about three months ago, and
> almost all outlets wrote the software was actually uploaded to our
> site.

Yes and that wasn't accurate.


> > Of course, that can happen anywhere on the net and users (and their
> > browser software) should be smart enough not to execute such code, but
> > Wikipedia looks rather respectable so people may be more inclined to
> > bypass security measures based on something on our site.
>
> Okay, so none of this stuff would be automatically loading, it would
> all be "This site is requesting you activate ****.*** [Yes] [No]" sort
> of thing?


Right. It would be a 'click the link', then your browser would
download and say 'Are you sure you want to run this probably malicious
software, "Brittney_spears_boobies.exe"?', then the user clicks yes.
;)

> > At the moment there are 209 external links to .exe files from the main
> > namespace of English Wikipedia.
>
> Is there a list of where these links are, so they can be reviewed?

I've listed them in the past and went through and fixed a bunch of
them myself. I think there were far feaer then and I removed many of
them... :(

I've put up a list:
http://en.wikipedia.org/wiki/User:Gmaxwell/extff/exe

You can see the older version in the history of the page.. I think
that might have been the list after I'd already made one pass at
removing them.

> Or
> have they indeed already been reviewed? If they're linking to freeware
> or open source programs, for example, they likely should all be
> linking to a product page, not directly to the download.

You are absolutely correct.

I'd say we should deny, by policy and possibly technical means,
external linking to URLs with certian names or which transmit certian
mime types...

Actually pulling it off might be hard: a number of the exe's are
really just ZIP files converted into self-extracting archives. The
data in them may not be easily available in other forms. There is
almost certantly a launch page for these, but finding them when all
you know is the deep link name can be hard.



More information about the foundation-l mailing list