You are not logged in.
- Topics: Active | Unanswered
Pages: 1
#1 2026-01-04 01:58:17
- tekstryder
- Member
- Registered: 2013-02-14
- Posts: 481
[SOLVED] Pkgstats database poisoned
Seems more attacks to the extended infrastructure recently, but I couldn't find any statement about this.
Kernel is now only installed on less than half of systems haha.
https://pkgstats.archlinux.de/packages
Meanwhile the tools necessary to poison the statistics are the only packages above 44% install rate:
curl
100%
gzip
99.99%
pkgstats
99.97%
python
99.95%
discord
67.38%
dash
59.56%
equibop-bin
55.7%
Discord... yeah.
No coincidence with all the other recent attacks.
Anyone have any insight?
Last edited by tekstryder (2026-01-05 18:20:59)
Offline
#2 2026-01-04 05:24:39
- GerBra
- Forum Fellow
- From: Bingen/Germany
- Registered: 2007-05-10
- Posts: 248
Re: [SOLVED] Pkgstats database poisoned
I have created a thread on forum.archlinux.de in case when our admin (also for pkgstats) don't recognize this thread.
https://forum.archlinux.de/d/35695-pkgs … os-auf-org
My avatar: "It's not just a toilet... a FERGUSON. The King of bowls. Sit down and give me your best shot." Al Bundy
Offline
#3 2026-01-04 10:10:01
- Pierre
- Developer
- From: Bonn
- Registered: 2004-07-05
- Posts: 1,967
- Website
Re: [SOLVED] Pkgstats database poisoned
I am looking into this. Unfortunately it looks like someone posted millions of invalid package data to screw up the data for December. I am trying to analyse this and hope those invalid data can be removed (mostly).
Offline
#4 2026-01-04 10:25:32
- system72
- Member
- Registered: 2025-11-22
- Posts: 521
- Website
Re: [SOLVED] Pkgstats database poisoned
seems the person that did this uses discord.. hmm. id expect no less.
Offline
#5 2026-01-04 23:02:57
- tekstryder
- Member
- Registered: 2013-02-14
- Posts: 481
Re: [SOLVED] Pkgstats database poisoned
I have created a thread on forum.archlinux.de
I am trying to analyse this and hope those invalid data can be removed (mostly).
Thank you both for the quick responses.
Hopefully the attacker left a recognizable fingerprint pattern in the false submissions to make removal of the bad data fairly straightforward.
Offline
#6 2026-01-05 18:20:25
- tekstryder
- Member
- Registered: 2013-02-14
- Posts: 481
Re: [SOLVED] Pkgstats database poisoned
Stats are looking back to normal. Nice!
Marking as SOLVED.
Offline
#7 Yesterday 08:20:40
- mesaprotector
- Member
- Registered: 2024-03-03
- Posts: 197
Re: [SOLVED] Pkgstats database poisoned
This seems to have happened again for January. To my eye the fake data looks much more difficult to tease apart than last time.
Offline
#8 Yesterday 10:04:52
- Pierre
- Developer
- From: Bonn
- Registered: 2004-07-05
- Posts: 1,967
- Website
Re: [SOLVED] Pkgstats database poisoned
Can you be more specific about what data looks skewed to you?
Offline
#9 Yesterday 16:07:57
- mesaprotector
- Member
- Registered: 2024-03-03
- Posts: 197
Re: [SOLVED] Pkgstats database poisoned
The strange data I was seeing last night seems to have disappeared. I was checking out password manager usage and pass was at 100%, gopass at like 55%, and so on. Almost every other package I checked was far too high on usage as well.
I don't know exactly what was going on, but I did not make it up.
Offline
#10 Yesterday 16:09:53
- Pierre
- Developer
- From: Bonn
- Registered: 2004-07-05
- Posts: 1,967
- Website
Re: [SOLVED] Pkgstats database poisoned
Ok thanks. I assume this was just an issue with cached data which happens on the 1st of a month. (Maybe I find and fix the issue)
Offline
Pages: 1