[Clipart] Hacking attempt?

momo momo at lumenstudio.net
Thu Dec 1 11:04:45 PST 2005 

AAAA!!!! you killled Winnie the POOH!!! It's horrible!!! Poor Winnie!!!

:)))))))

Now seriously: I think that it is a very big problem we have here, and it 
won't be the last attempt to attack or somehow "disturb" OpenClipart, so I 
have a question: Is there a possibility to manually check the code for each 
uploaded file? I mean creating a system where OpenClipart admins would have 
the possibility to log in, and see all the uploaded files to check them 
(check for malicious code, add keywords etc...) and then approve (or delete) 
these files. Once approoved, the files would be placed inside the clipart on 
the web and in the releases.

After the Upload, the files would be just placed on the server (inside a 
folder on FTP for example.) When approved, they will then be submitted to 
the clipart. This way the first step (check and approoval/denial) will be 
like some sort of buffer between the clipart and the "potentially malicious" 
uploaders.

Manually check the files is the only way to control the quality of the 
submitted clipart and I personally am ready to do it if I'll have the 
possibility.

Thanks,

Mo.



----- Original Message ----- 
From: "Jon Phillips" <jon at rejon.org>
To: <clipart at lists.freedesktop.org>
Cc: <webmaster at adufo>
Sent: Thursday, December 01, 2005 11:13 AM
Subject: Re: [Clipart] Hacking attempt?


> On Wed, 2005-11-30 at 16:02 -0800, Open Clip Art Library Feedback Form
> wrote:
>> Name: Arnaud GRANAL
>> E-mail: webmaster at aduf.org
>>
>>
>> Hello,
>>
>> I was looking for a clipart called "warning" on your website and I've
>> found the following file:
>> http://www.openclipart.org/incoming/winnie_the_pooh.svg.php
>>
>> This file seems to allow a remote attacker to execute commands on
>> your serveur.
>
> I killed it!
>
> -- 
> Jon Phillips
>
> San Francisco, CA
> USA PH 510.499.0894
> jon at rejon.org
> http://www.rejon.org
>
> MSN, AIM, Yahoo Chat: kidproto
> Jabber Chat: rejon at gristle.org
> IRC: rejon at irc.freenode.net
>
> Inkscape (http://inkscape.org)
> Open Clip Art Library (www.openclipart.org)
> Creative Commons (www.creativecommons.org)
> San Francisco Art Institute (www.sfai.edu)
>
> _______________________________________________
> clipart mailing list
> clipart at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/clipart
>

More information about the clipart mailing list