- 18:04:38 UTC -- user ct7316944 authenticated (BIND)
# NOTE: 11:04:38 is "secure" timezone which is PDT
May 9 11:04:38 secure slapd[6418]: conn=51060 op=2 BIND dn="uid=ct7316944,ou=People,dc=osgeo,dc=org" mech=SIMPLE ssf=0
- 18:07:17 UTC -- user ct7316944 created a spam page in ossim
# NOTE: 11:07:17 is "tracsvn" timezone which is PDT
115.160.250.35 - - [09/May/2016:11:07:17 -0700] "POST /ossim/wiki/NEW%20YORK%20LIVE%2B%E2%88%91%E2%84%A2%2B1877-698-2249%20HP%20PRINTER%20support%20Phone%20Number%20USA%20HP%20PRINTER%20customer%20care%2C%20service%20phone%20number%20*CANADA HTTP/1.1" 303 869
trac_ossim=# select author,name from wiki order by time desc limit 1;
author | name
-----------+---------------------------------------------------------------------------------------------------------------------------
ct7316944 | NEW YORK LIVE+∑™+1877-698-2249 HP PRINTER support Phone Number USA HP PRINTER customer care, service phone number *CANADA
(1 row)
No other writes from this user in any of the trac instances.
The registered email is: ct7316944@gmail.com
The trac spam IP is 115.160.250.35
The IP was banned between 15:16 and 15:26 UTC due to a failed attempt
to login in proj4js trac, in what looks like an referer-spam attack
(sic!):
- 14:44:09 UTC -- the user creation form was POSTed
# NOTE: 07:44:09 is "web" timezone which is PDT
115.160.250.35 - - [09/May/2016:07:44:09 -0700] "POST /cgi-bin/ldap_create_user.py HTTP/1.1" 200 517 "https://www.osgeo.org/cgi-bin/ldap_create_user.py" "Mozilla/5.0 (Windows NT 6.1; rv:46.0) Gecko/20100101 Firefox/46.0"
Note the IP is the same that will post the spam 3 and an half hours
later (115.160.250.35). It happears in the apache access log for
www.osgeo.org only 7 times, 3 of those are POSTs to the user creation
form and one is even a GET to /osgeo_userid/, even if with a different
user agent.
- 18:04:38 UTC -- user ct7316944 authenticated (BIND)
# NOTE: 11:04:38 is "secure" timezone which is PDT
May 9 11:04:38 secure slapd[6418]: conn=51060 op=2 BIND dn="uid=ct7316944,ou=People,dc=osgeo,dc=org" mech=SIMPLE ssf=0
- 18:07:17 UTC -- user ct7316944 created a spam page in ossim
# NOTE: 11:07:17 is "tracsvn" timezone which is PDT
115.160.250.35 - - [09/May/2016:11:07:17 -0700] "POST /ossim/wiki/NEW%20YORK%20LIVE%2B%E2%88%91%E2%84%A2%2B1877-698-2249%20HP%20PRINTER%20support%20Phone%20Number%20USA%20HP%20PRINTER%20customer%20care%2C%20service%20phone%20number%20*CANADA HTTP/1.1" 303 869
trac_ossim=# select author,name from wiki order by time desc limit 1;
author | name
-----------+---------------------------------------------------------------------------------------------------------------------------
ct7316944 | NEW YORK LIVE+∑™+1877-698-2249 HP PRINTER support Phone Number USA HP PRINTER customer care, service phone number *CANADA
(1 row)
No other writes from this user in any of the trac instances.
The registered email is: ct7316944@gmail.com
The trac spam IP is 115.160.250.35
The IP was banned between 15:16 and 15:26 UTC due to a failed attempt
to login in proj4js trac, in what looks like an referer-spam attack
(sic!):