[ckan-dev] CKAN Vulnerability?

• Previous message: [ckan-dev] Changing Docker CKAN DB password
• Next message: [ckan-dev] CKAN Vulnerability?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Seasons Greetings everyone,

and Happy New Year when it comes. I'm writing to inquire about a "hack" on
my CKAN portal that I came across this morning. An group called
"SLAYERSHACKTEAM". A quick google search of their name
<https://www.google.com/search?q=SLAYERSHACKTEAM&oq=SLAYERSHACKTEAM&aqs=chrome..69i57j0j69i60l2.486j0j4&sourceid=chrome&es_sm=93&ie=UTF-8>
 or their name + CKAN
<https://www.google.com/webhp?sourceid=chrome-instant&ion=1&espv=2&ie=UTF-8#q=ckan%20slayershackteam>
shows
that they've done the same thing to multiple CKAN sites, including the
default CKAN.org instance, UK Parliament Instance
<http://www.data.parliament.uk/group/activity/hacked-by-slayershackteam/0>,
IATI <http://iatiregistry.org/publisher/about/hacked-by-slayershackteam> and
OpenAfrica, though some of the files have since been removed.

Relatively speaking, at a surface level, it hasn't been terribly damaging,
but I'll have to investigate the server records to be certain. WIth all the
sites that have been compromised, it is clearly an automated hack, and it
could just be a function of poorly setup/secured CKAN instances, but I did
want to raise it for the benefit of the community.

This may not be new or might have been fixed in a CKAN update, but wanted
to share nonetheless.

Best,
Matthew

---
Executive Director
SlashRoots Foundation
www.slashroots.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.okfn.org/pipermail/ckan-dev/attachments/20141231/af08b242/attachment-0002.html>

• Previous message: [ckan-dev] Changing Docker CKAN DB password
• Next message: [ckan-dev] CKAN Vulnerability?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]