| ▲ | nhubbard 5 hours ago |
| Wow. This worm is fascinating. It seems to do the following: - Inject itself into the MediaWiki:Common.js page to persist globally, and into the User:Common.js page to do the same as a fallback - Uses jQuery to hide UI elements that would reveal the infection - Vandalizes 20 random articles with a 5000px wide image and another XSS script from basemetrika.ru - If an admin is infected, it will use the Special:Nuke page to delete 3 random articles from the global namespace, AND use the Special:Random with action=delete to delete another 20 random articles EDIT! The Special:Nuke is really weird. It gets a default list of articles to nuke from the search field, which could be any group of articles, and rubber-stamps nuking them. It does this three times in a row. |
|
| ▲ | divbzero 36 minutes ago | parent | next [-] |
| There doesn’t seem to be an ulterior motive beyond “Muahaha, see the trouble I can cause!” |
|
| ▲ | 256_ 5 hours ago | parent | prev | next [-] |
| As someone on the Wikipediocracy forums pointed out, basemetrika.ru does not exist. I get an NXDomain response trying to resolve it. The plot thickens. |
| |
| ▲ | pKropotkin 5 hours ago | parent [-] | | Yeah, basemetrika.ru is free now. Should we occupy it? ;) | | |
| ▲ | acheong08 4 hours ago | parent | next [-] | | I registered it about 40 minutes ago, but it seems the DNS has been cached by everyone as a result of the wikipedia hack & not even the NS is propagating. Can't get an SSL certificate . | | |
| ▲ | bjord 3 hours ago | parent | next [-] | | nice work | |
| ▲ | Imustaskforhelp 4 hours ago | parent | prev [-] | | I had looked into its availability too just out of curiosity itself before reading your comment on a provider, Then I read your comment. Atleast its taken in from the hackernews community and not a malicious actor. Do keep us updated on the whole situation if any relevant situation can happen from your POV perhaps. I'd suggest to give the domain to wikipedia team as they might know what could be the best use case of it if possible. | | |
| |
| ▲ | amiga386 5 hours ago | parent | prev | next [-] | | It means giving money to the Russian government, so no. If anyone from the Russian government is reading this, get the fuck out of Ukraine. Thank you. | | |
| ▲ | dwedge 4 hours ago | parent | next [-] | | Well done, it's finally over | |
| ▲ | INR18650 4 hours ago | parent | prev | next [-] | | reg.ru, the most popular registrar, sells .ru domains for $1.65, very little of which goes to the national registry. What is their profit on this domain, a couple of cents? You have helped to bring peace by approximately zero nanoseconds, while doing absolutely nothing about western countries still buying massive amounts of natural resources from Putin. Tax income on their exports make the primary source of income for the federal budget, which directly funds the military. Good virtue signaling, though. I'm completely disillusioned with the West, this is nothing new. | | |
| ▲ | avidruntime 2 hours ago | parent [-] | | I don't think voting with your wallet constitutes virtue signaling, especially at a time when end user boycotting is one of the universally known methods of protest. | | |
| ▲ | janalsncm 2 hours ago | parent [-] | | I am a pragmatist so maybe I will never understand this line of thinking. But in my mind, there are no perfect options, including doing nothing. By doing nothing, you are allowing a malicious actor to buy the domain. In fact I am sure they would love for everyone else to be paralyzed by purity tests for a $1 domain. All things being equal, yeah don’t buy a .ru domain. But they are not equal. |
|
| |
| ▲ | cryptoegorophy 4 hours ago | parent | prev [-] | | [flagged] | | |
| ▲ | Rendello 3 hours ago | parent | next [-] | | If anyone is genuinely curious about this, they were indeed letting Russian gas through and stopped in 2025: > On 1 January 2025, Ukraine terminated all Russian gas transit through its territory, after the contract between Gazprom and Naftohaz signed in 2019 expired. [...] It is estimated that Russia will lose around €5bn a year as a result. https://en.wikipedia.org/wiki/Russia%E2%80%93Ukraine_gas_dis... | |
| ▲ | yenepho 4 hours ago | parent | prev [-] | | You must be fun at parties | | |
|
| |
| ▲ | Barbing 5 hours ago | parent | prev | next [-] | | Namecheap won’t sell it which is great because it made me pause and wonder whether it's legal for an American to send Russians money for a TLD. | | |
| ▲ | throw-the-towel 2 hours ago | parent | next [-] | | Namecheap is Ukrainian, of course they won't sell you a .ru domain. | | |
| ▲ | craftkiller an hour ago | parent [-] | | Is it? Wikipedia says: > Namecheap is a U.S. based domain name registrar and web hosting service company headquartered in Phoenix, Arizona. and in 2025 they were purchased by: > CVC Capital Partners plc is a Jersey-based private equity and investment advisory firm |
| |
| ▲ | DaSHacka 3 hours ago | parent | prev [-] | | Pretty sure it is, however, the reverse is actually illegal (for US citizens to provide professional services to anyone residing in Russia) as of like 2022-ish |
| |
| ▲ | 256_ 5 hours ago | parent | prev [-] | | I'm half-tempted to try and claim it myself for fun and profit, but I think I'll leave it for someone else. What should we put there, anyway? | | |
| ▲ | speedgoose 5 hours ago | parent | next [-] | | A JavaScript call to window.alert to pause the JavaScript VM. | | | |
| ▲ | gibsonsmog 5 hours ago | parent | prev | next [-] | | Go old school and have the script inject the "how did this get here im not good with computers" cat onto random pages | |
| ▲ | gchamonlive 5 hours ago | parent | prev | next [-] | | I'd log requests and echo them back in the page | |
| ▲ | yreg 4 hours ago | parent | prev [-] | | The antinuke |
|
|
|
|
| ▲ | bawolff 5 hours ago | parent | prev | next [-] |
| > Vandalizes 20 random articles with a 5000px wide image and another XSS script from basemetrika.ru Note while this looks like its trying to trigger an xss, what its doing is ineffective, so basemetrika.ru would never get loaded (even ignoring that the domain doesnt exist) |
|
| ▲ | dheera 5 hours ago | parent | prev [-] |
| Wouldn't be surprised if elaborate worms like this are AI-designed |
| |
| ▲ | nhubbard 5 hours ago | parent | next [-] | | I wouldn't be surprised either. But the original formatting of the worm makes me think it was human written, or maybe AI assisted, but not 100% AI. It has a lot of unusual stylistic choices that I don't believe an AI would intentionally output. | |
| ▲ | integralid 5 hours ago | parent | prev | next [-] | | I would. AI designed software in general does not include novel ideas. And this is the kind of novel software AI is not great at, because there's not much training data. Of course it's very possible someone wrote it with AI help. But almost no chance it was designed by AI. | |
| ▲ | idiotsecant an hour ago | parent | prev [-] | | I mean....elaborate is a stretch. |
|
