[03:58] <bigjools> heh, someone went and made another LP http://www.breakingnewsnews.org/
[04:11] <blr> bigjools: err...
[04:12] <bigjools> and it's not using SSL
[04:19] <wgrant> That's not another LP.
[04:19] <wgrant> That's a sed over LP.
[04:19] <cjwatson> bigjools: It's much weirder than that
[04:20] <wgrant> It's the live site AFAICS.
[04:20] <cjwatson> Yeah, that
[04:20] <wgrant> Except s/Launchpad/Breakingnewsnews/
[04:20] <wgrant> wtf
[04:20] <bigjools> huh yeah I wondered why it had the same bugs
[04:20] <wgrant> bigjools: How did you find it?
[04:20] <bigjools> Appeared in a Google search
[04:21] <bigjools> which is a little worrying
[04:21] <wgrant> Oh.
[04:21] <wgrant> This isn't you trolling us? :)
[04:21] <wgrant> Look at the whois on that domain.
[04:21] <bigjools> heh I know
[04:21] <bigjools> not even I would go to that trouble to troll you
[04:22] <wgrant> What on earth.
[04:22] <blr> oh of course it's a Queenslander.
[04:22] <bigjools> this isn't that nutjob we had to ban I wonder ...
[04:22] <wgrant> My initial thought was amhnews, indeed.
[04:22] <wgrant> The entire domain is aliased.
[04:22] <blr> bigjools: is Nobby Beach a real place?
[04:23] <wgrant> http://qastaging.breakingnewsnews.org/
[04:23] <wgrant> http://blog.breakingnewsnews.org/general/launchpad-news-august-2015
[04:23] <bigjools> rings a bell
[04:23] <bigjools> wgrant: WTF!
[04:23] <blr> only in Australia would you have a place called Nobby Beach.
[04:23] <bigjools> There's a place in England called Bell End
[04:23] <blr> oh dear
[04:23] <wgrant> http://pqm.breakingnewsnews.org/ doesn't work :(
[04:23] <bigjools> I used to live near a place called Minge Lane
[04:25] <wgrant> I'm increasingly convinced it is amhnews, as it's so inexplicable and has news in the name.
[04:25] <wgrant> amhnews is the master of things that make no sense at all but appear not to be trolling.
[04:26] <wgrant> He's been gone for like a year now, though.
[04:26] <bigjools> I am sure a redirect can be placed in the Canonical Apache configs
[04:26] <blr> seems like the work of a rogue, and somewhat confused AI.
[04:26] <bigjools> redirect to goatse? :)
[04:28] <bigjools> Also if you're logging request headers, maybe check for others...
[05:30] <cjwatson> It also inserts iframes into the pages it serves, and strips LP's JavaScript.
[05:32] <cjwatson> (And does other reprocessing of the "pass through parser and back" kind)
[05:56] <cjwatson> bigjools: blocking requested
[05:56] <bigjools> eek
[05:57] <bigjools> thanks cjwatson
[05:57] <cjwatson> I think I've got about as much as I can out of logs
[05:58] <bigjools> are you logging request urls?
[05:58] <cjwatson> yes
[05:58] <cjwatson> well, paths, not URLs
[05:58] <bigjools> ah - I was thinking you can block where the requested site is not launchpad.net
[05:58] <cjwatson> no, it's a proxy
[05:59] <bigjools> oh, ok
[05:59] <cjwatson> it's requesting launchpad.net as far as we're concerned
[05:59] <bigjools> jeez, that's evil
[05:59] <cjwatson> and then filtering (and caching) the results and returning them
[05:59] <cjwatson> if it weren't requesting launchpad.net or similar then our Apache would say nope
[05:59] <cjwatson> (not that I've actually checked but that seems highly likely)
[06:00] <bigjools> the original request header is in the browser request header still?
[06:00] <cjwatson> I don't see why they'd do that
[06:00] <bigjools> unless the proxy is munging that too
[06:01] <cjwatson> this is going to be more like a client/server pair than a legitimate proxy
[06:01] <cjwatson> it will be making its own requests constructed based on the ones it receives
[06:01] <bigjools> right
[06:01] <bigjools> what on earth is someone's motivation for that I wonder
[06:01] <cjwatson> my ticket title includes the string "incomprehensibly weird"
[06:02] <bigjools> :)
[06:04] <cjwatson> (I can certainly tell it's making its own requests to at least some extent, based on User-Agent)