Hacker News

jrockway said 6 months ago:

Probably a misconfiguration involving X-Forwarded-For. The frontend sticks the IP in there, you set your backend to trust X-Forwarded-For headers from, say,, but somehow your frontend and backend end up on the machine and the connection comes from and fails the check for a connection from So you distrust X-Forwarded-For and just log the IP address that the TCP connection came from, which was

I have never been able to make sense of all the rules around X-Forwarded-For and neither have the various library implementers. I recently wrote an authentication plugin for Envoy that just extracts what Envoy thinks the remote address is, and puts it in the authentication header that goes to the backend. Then the backends can't get it wrong; if the signature on the message is right, you're getting the IP address that the frontend Envoy got. If something is misconfigured, the header probably won't have a valid signature, and so the request will be rejected outright. Less failsafe than what Wikipedia did... but easier to detect.

dehrmann said 6 months ago:

> I have never been able to make sense of all the rules around X-Forwarded-For and neither have the various library implementers

There are no rules. I only trust it for internal (LB->service) requests, and never have more than one address.

leetrout said 6 months ago:

> and never have more than one address

That’s important if you don’t control all the systems. Back to there being no rules some systems prepend addresses at each layer and some append them. And if you don’t know or don’t control the behavior at each layer it’s useless IP soup. I’ve not dealt with that in a long while but your comment brought back memories.

pas said 6 months ago:

To solve the append/prepend dilemma there's also X-Real-IP too. (At least the Nginx module does this.) So basically just log the x-f-f and use the other one as the real client IP.

Of course, if you don't control the layers, then probably you should consider those headers invalid for an incoming request.

(Though for email there's ARC to sign the added headers, maybe if someone really wants to provide at least marginally accountable HTTP proxies, they can use something like that.)

dooglius said 6 months ago:
jtbayly said 6 months ago:

There's no explanation there.

mcpherrinm said 6 months ago:

It seems it's not present on mobile, at least, but on desktop there's a yellow box with an explanation.

a server misconfiguration in 2013 and another one in 2015

2013: https://en.wikipedia.org/wiki/Wikipedia:Village_pump_(techni...

Wikipedia appears to have a two-layer varnish cache system, and if the frontend and backend cache is the same host, the edit was attributed to localhost.

2015: https://en.wikipedia.org/wiki/Wikipedia:Village_pump_(techni...

A change broke Wikimedia's parsing of X-Forwarded-For and defaulted to localhost.

jumelles said 6 months ago:

Navigation templates (seen at the bottom of many articles) are also missing from the mobile view.

onei said 6 months ago:

They have been for years. The issue is that they're tables, and often nested tables (there's nothing to prevent how nested afaik) which don't render that well on the mobile UI. Rather than figure out how to render them or come up with an alternative layout, they opted to hide them.

dooglius said 6 months ago:

It says "All edits attributed to this IP (besides those resulting from a server misconfiguration in 2013 and another one in 2015) have been made by one of Wikimedia's system administrators" with links to discussions of the two misconfiguration incidents. What more were you looking for?

scarejunba said 6 months ago:

If you access it on a phone you come to a practically blank page.


Stratoscope said 6 months ago:

Select the "Desktop site" menu option in your mobile browser. YMMV, but this works for me in Chrome on Android.

sgjohnson said 6 months ago:

Works on Safari/iOS

gsich said 6 months ago:

Desktop first.

said 6 months ago:
said 6 months ago:
said 6 months ago:
said 6 months ago:
said 6 months ago:
snowwrestler said 6 months ago:

If you want to get the real scoop, sometimes local knowledge is the best.

DonHopkins said 6 months ago:

Just be glad you didn't have to explain an in joke about ftp sites, the local loopback address, and a troll, in a deposition, under oath, to Scientology lawyers, like Keith Henson did.




Readers of alt.religion.scientology were astonished to notice a large collection of alleged secret, copyrighted and trade secret protected documents of the church of scientology posted anonymously over the weekend of May 5. An expert source known to Biased Journalism verified the documents as authentic.

[snip--to transcript from a deposition of Keith Henson by the "Church" of Scientology. Lieberman is their lawyer.]

Lieberman: do you know who Patrick J. Volk is?

Henson: to the best of my knowledge I've never heard of this person.

Lieberman explains that Volk is apparently communicating from some educational institution in Pittsburgh. Henson still doesn't recognize the name. Lieberman hands Henson a document.

    From: hkhenson@shell.portal.com (H Keith Henson)
    Newsgroups: alt.religion.scientology
    Subject: Re: OT Materials...
    Date: 6 Apr 1995 19:35:38 GMT

    Parick J Volk (pjvst+@pitt.edu) wrote:
    :    Screw the courts....
    :    I have an ftp site for all the OT materials...
    :    ftp:  /pub/texts/news/alt/religion/scientology
    :    I don't know how long I'll have it up.
    :    P J Volk
    :    (alt.2600 lives! All hail the clams and trolls!)

    Great stuff!  But don't you expect the 'ho to blow a gasket?
Henson: (cracks up) this is a great troll.

Lieberman: (acidly) you find this amusing?

Henson: yes. It's an in joke.

Lieberman quotes from the Volk post: "screw the courts" and also says that he has an ftp site for all the OT materials. "Mr. Henson is laughing hysterically about this posting for reasons that I suppose he understands--" Henson offers to explain.

Lieberman: What's an ftp site?

Henson explains that ftp means file transfer protocol. You can use almost any machine on the Internet to access a file on almost any other machine, that has been placed in an ftp directory, he says with relish. [He goes on at length about how this is done.]

Lieberman: Okay. "So when he said 'I have an ftp site for all the OT materials,' he is saying he has all the OT materials on a site which people can access." Was Henson aware of Patrick Volk's ftp site? Does this refresh your recollection? he demands.

Henson: well, you see right after the colon, it says ftp:

Lieberman: yes.

Henson: that's a loopback address.

Lieberman wants to pursue the question of the site with the OT materials. Was Henson aware of Patrick Volk's ftp site?

Henson: (patiently) It's at This is a loop back address. This is a troll.

Lieberman: what's a troll?

Henson: it comes from the fishing where you troll a bait along in the water and a fish will jump and bite the thing, and the idea of it is that the internet is a very humorous place and it's especially good to troll people who don't have any sense of humor at all, and this is a troll because an ftp site of doesn't go anywhere. It loops right back around into your own machine.

Lieberman [not getting it]: So the idea here was to make the church think that this person had an ftp site and to take action against him and, in fact, he didn't have it; is that your point?

Henson: Oh, it's really humorous, and I picked up on it and instantly added something to extend the troll. Extending the trolls like this is an art form of the highest order.

Lieberman (acidly): I see. So this is part of your art form where you say, "don't you expect the 'ho to blow a gasket?"

Henson: yes.

Lieberman (starting to lose his temper): so you do remember this posting apparently?

Henson (helpfully): I can't remember for certain that I did this one, and certainly I could not swear to any of the material on here being letter perfect on it (but he goes on to say that it is such a good one that he would be happy to take credit for it).

Lieberman: You find this whole thing kind of amusing, don't you?

Henson: Oh, this is screamingly funny.

Lieberman (no more Mr. Nice Guy): You find it amusing to make Helena Kobrin and the church go after you or other people for this sort of thing, whether you have the materials or not; is that right?

Henson: It's a great game.

Lieberman: It is a great game. You really find it amusing, don't you?

Henson: It's an extremely amusing thing.

Lieberman: All right. You find it amusing when you receive these letters from Ms. Kobrin, the cease and desist letters? It's part of the game; isn't it? [This goes on for awhile as Lieberman hammers at the point. Henson reiterates that he is amused, and wants to talk about the SP levels.]

Lieberman: You find it an amusing part of the game when you receive these cease and desist letters, right?

Henson: No, no. It's not amusing, it's a major increment in status.

Lieberman: I see. You feel this increases your status, right? On the internet, on a.r.s.

Henson: Yes, absolutely.

Lieberman: All right. And it's all part of this game, right?

Henson: Absolutely.

Lieberman: It's all part of the troll, right?

Henson (waving exhibit): This is a great troll. I mean, anybody in the computer business instantly would have spotted this, ftp:127. In fact, it even says trolls in here (indicating). In fact, this was cross-posted from --

Lieberman has heard more than enough about trolls: "There is no question pending. You can hold your comments."

Lieberman (with an air of getting into the bizarre nature of the situation): why did you think this would cause Ms. Kobrin to blow a gasket?

Henson: this wasn't addressed to Helena. He goes on to explain that the message is a loop back. If it worked at all it would be a loopback to your own machine. If you tried it you'd discover it's a troll. The 127 is the loopback address! It's a joke, but the lawyer isn't getting it.

[The observer notices that the RTC lawyer has connected "the 'ho" with Ms. Kobrin. Evidently the nickname has made transit to the solid world. Ms. Kobrin is stuck with it for life.]

westmeal said 6 months ago:

Please tell me there are videos of this cross examination somewhere

throwaway9281 said 6 months ago:

HN often doesn't like humorous comments but I'm upvoting this nonetheless.

said 6 months ago:
ancarda said 6 months ago: I get (server misconfiguration, etc...)

How do we explain the 2 edits by https://en.m.wikipedia.org/wiki/Special:Contributions/8.8.8....

Perhaps before that IP was owned by Google? But the service was launched in 2009, but the two Wikipedia edits are from 2013 and 2014

Edit: Mobile friendly link

cameronbrown said 6 months ago:

If I was to hazard a guess I'd suggest could've been serving outbound Google traffic at the time? Could've been a mistaken config.

said 6 months ago:
Sniffnoy said 6 months ago:

So once we filter out the ones that are due to the 2013 and 2015 server misconfigurations, we get:

1. Creating a talk page for "Gun politics" in 2001;

2. Adding links to the Russian versions of pages on Japanese eras/periods in 2004;

3. Creating a mysterious internal page I can't make much sense of in 2004; and

4. Responding to various comments on database reports and testing some things there in 2012 (under 0:0:0:0:0:0:0:1 rather than

vortico said 6 months ago:

Seems like some of them are spam, e.g. https://en.wikipedia.org/w/index.php?title=Toyotomi_Hideyosh... Does this mean Wikipedia's network was hacked by an unauthorized outsider?

EDIT: Ah, sort of. A network misconfiguration caused this. https://en.wikipedia.org/wiki/Wikipedia:Village_pump_(techni...

kiallmacinnes said 6 months ago:

It's not "sort of" hacked by an unauthorized outsider! The explanation is pretty clear cut and perfectly believable, no hackers or malice involved at all..

dcolkitt said 6 months ago:

The diff is coming from... inside the house!

said 6 months ago:
stebann said 6 months ago:

Some black magic there (Haha). Yes, some kind of misconfiguration.

mickael-kerjean said 6 months ago:

Someone on wikipedia has "" for username?

geofft said 6 months ago:

No. As a special case, if you're not logged in, you appear to contribute with a username matching your IP address. https://en.wikipedia.org/wiki/Wikipedia:IP_users