Project

General

Profile

Bug #27060

Letting random spammers wipe out content on the bug tracker is Very Bad

Added by Dunbaratu 3 months ago. Updated 3 months ago.

Status:
Confirmed
Severity:
Low
Assignee:
-
Category:
Bug Tracker
Target version:
-
Start date:
01/15/2021
% Done:

10%

Platform:
Windows
Expansion:
Core Game
Language:
English (US)
Mod Related:
No
Votes:
Arrow u r green
Arrow d r red

Description

A random spammer just vandalized an issue on this tracker. Not merely adding a comment (which I realize is hard to stop when you let anyone make an anonymous user account), but also destroying the original issue description!!. Please get on top of this problem. It's not just a joke anymore when they can destroy an issue report rather than merely append to it.

The issue in question is here: https://bugs.kerbalspaceprogram.com/issues/21278 Notice the description has clearly been altered and is NOT what it originally said (who knows what it originally said - not me).

PS. when the Category of the issue is "Bug Tracker", it's weird that "Platform" is still a mandatory field. How am I supposed to know what platform the website runs on?

History

#1 Updated by TriggerAu 3 months ago

All the changes made in the ticket are stored and we can restore it for sure - eg the description change can be seen here: https://bugs.kerbalspaceprogram.com/journals/159036/diff?detail_id=263246

Ill fix that ticket and raise this one with the tech peeps. Theres no database breach, etc involved its somoene making up an account and editing a ticket.

Thanks for the heads up

#2 Updated by TriggerAu 3 months ago

  • Status changed from New to Confirmed
  • % Done changed from 0 to 10

#3 Updated by Dunbaratu 3 months ago

TriggerAu wrote:

Theres no database breach, etc involved its somoene making up an account and editing a ticket.

I would argue that if it's the sort of public site where any random 'bot can create a user account (which I understand is pretty much impossible to stop), then at least the rule shouldn't be "every user has permission to edit every other user's content". A user should only be able to edit their own content, unless the user has mod privileges.

#4 Updated by dok_377 3 months ago

Sound good in theory, but I can't even edit my own thing anymore.

Also available in: Atom PDF