Comment 34 for bug 224971

Hi MPT,

This came by way of a bot, both usernames (der74hva3 and Fra67ysi) are still active in Launchpad. Their strategy is straight forward, register, enter a comment on a few posts (which is always one word - "real") use their Wiki page then upload malware in the form of obfuscated JavaScript to be found by searching Google and being picked up by this 302 exploit (http://clsc.net/research/google-302-page-hijack.htm) to displace genuine search terms to the malware uploaded to wiki pages.

The reason for consulting Google is to address the displacement of genuine search results by malware results - the suggested course of action for dealing with 302 exploits.

Its listed as a low priority by the website team, yet we still have malware being distributed in connection with our name, after much pontification (since the first of may) we still cannot close this bug because it is _still_ true.

I don't want to offend any one and certainly mean not to be rude but this needs to be addressed, the fact remains that even if we nailed every one of these files we would still have a page ranking problem linking to missing files!

First, we could look at the type of username registered in Launchpad - they are always in the same format of three letters, three numbers, three letters, sometime with an extra number (they're all over Linux boards on the net). Second, could be search the site for one word posts, consisting of the word "real" - I've noticed this is the only word ever used (its on Linux Questions too). Lastly, we should consider either moderation of new members for wiki access (which is probably counter productive) or introducing a delay between registration and uploading files to the wiki is allowed.