General discussion

On my site there are many unsuccessful login attempts by a user that called him/herself "zctonglin" initiated from a large variety of ip addresses. I suspect that those are malicious attempts. A quick Google search shows 248,000 references to "zctonglin" on many sites. Indeed there is a "zctonglin" registered here on the drupal.org as well.

My suspicion is that there exist some sort of cracking or, more likely (given the Google results), spamming software that has "zctonglin" as a default and is used by many without changes.

http://arstechnica.com/security/2013/04/huge-attack-on-wordpress-sites-c...

Since the attack is using the default username of admin, I would assume we do not have the same attack vector, but I was wondering if we have someone on the security team looking at this, just to be sure we are not vulnerable. Perhaps having a couple of mitigation in case something like this hit Drupal installs.

I haven't used Drupal in many years, yet I continue to get forum post updates that have no link to unsubscribe, and no clear, obvious way even when I log in and go to that forums post. When I go to "Notifications" it doesn't show me as being set up for any, yet I've received hundreds of emails.

Yes, I've Googled it. The only post I found was this:
http://drupal.org/node/1161650

...which is unresolved.

I just want to not receive any more emails from Drupal.org. How do I make this possible?

Do you think Drupal.org should use advertising
to help fund the development of some of the module projects on drupal.org?

After a couple of Drupal sites under my belt, I've decided to grow up and start using Features and Git for development. My question may be vague, but please bear with me — I'm trying to understand development best practices with Git before I start on my next project.

To me, using version control has two main goals: (A) being able to revert to an earlier time if you screw things up, and (B) branching off to perform development independent of the current site. It seems to me that a snapshot of a Drupal site isn't complete unless you store both the files and database, no? I have this nagging feeling that, if I only commit files, there will come a time when either:

• (A) Something will go wrong when migrating changes to the live site and I'll have to back out.
• (B) I'll need to switch my local dev site between a dev branch and the master branch. (e.g. hotfix needed while I'm in the middle of an extended development period)

So I was surfing around Cracked.com, and reading this article about North Korea. I decided that I was going to check out there website, and what do I see..? I see a website that immediately makes me think of Drupal. Can anyone confirm or deny that this website is made using Drupal?

http://www.korea-dpr.com/