Bug #27060
Letting random spammers wipe out content on the bug tracker is Very Bad
10%
Description
A random spammer just vandalized an issue on this tracker. Not merely adding a comment (which I realize is hard to stop when you let anyone make an anonymous user account), but also destroying the original issue description!!. Please get on top of this problem. It's not just a joke anymore when they can destroy an issue report rather than merely append to it.
The issue in question is here: https://bugs.kerbalspaceprogram.com/issues/21278 Notice the description has clearly been altered and is NOT what it originally said (who knows what it originally said - not me).
History
#1
Updated by TriggerAu over 3 years ago
Updated by All the changes made in the ticket are stored and we can restore it for sure - eg the description change can be seen here: https://bugs.kerbalspaceprogram.com/journals/159036/diff?detail_id=263246
Ill fix that ticket and raise this one with the tech peeps. Theres no database breach, etc involved its somoene making up an account and editing a ticket.
Thanks for the heads up
#2
Updated by TriggerAu over 3 years ago
- Status changed from New to Confirmed
- % Done changed from 0 to 10
#3
Updated by Dunbaratu about 3 years ago
Updated by TriggerAu wrote:
Theres no database breach, etc involved its somoene making up an account and editing a ticket.
I would argue that if it's the sort of public site where any random 'bot can create a user account (which I understand is pretty much impossible to stop), then at least the rule shouldn't be "every user has permission to edit every other user's content". A user should only be able to edit their own content, unless the user has mod privileges.
#4
Updated by dok_377 about 3 years ago
Updated by Sound good in theory, but I can't even edit my own thing anymore.