Hacker News new | comments | show | ask | jobs | submit login
Did someone hack Posterous's home page? (update: back to normal) (posterous.com)
68 points by giladvdn 1920 days ago | hide | past | web | 25 comments | favorite



Reminds me about a big site in (www.bilddagboken.se)

Its a site where people can register and post pictureblogs. If I register as ryan the adress to my page would be ryan.bilddagboken.se.

After YEARS of running the place (around 800.000 users) someone registered the username "www". This resulted in all visitors that typed www.bilddagboken.se (or used a bookmark) was directly redirected to the user "www" page. His/Hers page had thousandths of angry comments accusing him/her of hacking bilddagboken.se


On the old Twitter, if you had Javascript disabled, clicking "sign out" took you to the Twitter profile of @sign_out (or similar, can't remember).


Every once in a while, signing into Twitter I get redirected to 'twitter.com/sessions' and instead of it handling my log in, it's an actual Twitter account which is inactive. Pretty odd. I think they finally fixed it...


I think people had similar fun when Facebook introduced user names. Didn't someone register the user name "index.html"?


No. It was default.asp.


Ehe, this is the latest tweets from the DJ, Paul Phusion:

paulphusion: @posterous Something went wrong yesterday when I tried to forward my own url to my posterous account. I'm sorry! What was the reason? 17 hours ago

paulphusion: @scottgould did I crash posterous? omg! was just trying to forward my domain to my posterous account. I'm sorry! 17 hours ago


How did his domain change break the main site?


I believe that is what the site developers are asking themselves at this very moment.


And their managers are asking "how was this not fixed until 18 hours after it happened?"


They fixed it, btw www.paulphusion.de was still pointing to his old address at 81.169.145.158. I don't know what he did, but it seems that he didn't follow what posterous suggested (adding an A record to its domain pointing at posterous). Sadly i wasn't quick enough to collect more data about posterous.com...

Waiting for the official post, i'd say that Paul misconfigured something that they didn't test for that particular input.


No hacking here, just a simple misconfiguration in our Rails app. Nothing to see here, move along. ;)


It would actually be interesting in what kind of misconfiguration lead to this - was it a simple DNS misconfiguration that wasn't accounted for?


The explanation is really pretty innocuous. We had an unaccounted-for edge case that cached paulphusion.de's pages under our root domain, posterous.com.

Like many software bugs, it was an edge case that we didn't foresee, but that happened extremely rarely. We've been running Varnish for the better part of a year, millions upon millions of requests and this was the first time something like this has ever happened.

Of course, none of that wipes the egg off of our face. ;)


Hash collision?


I'll forgive you... this time...

=P


Nice exposure for DJ Paul though.


Looks like the main domain is displaying paulphusion.posterous.com. Other subdomains are working as usual. Misconfiguration?


I would guess it's some kind of internal error, seeing as the incriminating content is powered by Posterous itself...


If they don't fix it, DJ Paul Phusion will soon be a household name


I would guess that they were doing something experimental and messed up. No reason to think it's a hack.


Looks like a fake DJ's homepage with Twitter SSL certificate errors on iPad. I would not visit it while logged into Twitter.


He certainly appears to be a real DJ.


The Twitter SSL certificate errors appear to be related to the Twitter widgets in the sidebar.


As per the tweets it seems that it was because of some domain cloaking/masking thing.


YAYAY Its fixed!




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: