[ckan-dev] CKAN Vulnerability?

Thu Jan 1 01:45:14 UTC 2015

This has been covered in the IRC channel
https://botbot.me/freenode/ckan/2014-12-29/?msg=28462432&page=1

Essentially the default permissions allow people to register and
create groups/datasets and if you don't change these you are likely to
get spam.

This spam in particular is rather scary because it says "HACKED" but
really, it is using functionality that is working correctly to upload
incorrect data - the access control mechanism is working but not
configured to prevent spam.

There is an issue to review these default permissions
https://github.com/ckan/ckan/issues/2164

On Thu, Jan 1, 2015 at 3:47 AM, Matthew McNaughton
<matthew at slashroots.org> wrote:
> Seasons Greetings everyone,
>
> and Happy New Year when it comes. I'm writing to inquire about a "hack" on
> my CKAN portal that I came across this morning. An group called
> "SLAYERSHACKTEAM". A quick google search of their name or their name + CKAN
> shows that they've done the same thing to multiple CKAN sites, including the
> default CKAN.org instance, UK Parliament Instance, IATI and OpenAfrica,
> though some of the files have since been removed.
>
> Relatively speaking, at a surface level, it hasn't been terribly damaging,
> but I'll have to investigate the server records to be certain. WIth all the
> sites that have been compromised, it is clearly an automated hack, and it
> could just be a function of poorly setup/secured CKAN instances, but I did
> want to raise it for the benefit of the community.
>
> This may not be new or might have been fixed in a CKAN update, but wanted to
> share nonetheless.
>
> Best,
> Matthew
>
> ---
> Executive Director
> SlashRoots Foundation
> www.slashroots.org
>
> _______________________________________________
> ckan-dev mailing list
> ckan-dev at lists.okfn.org
> https://lists.okfn.org/mailman/listinfo/ckan-dev
> Unsubscribe: https://lists.okfn.org/mailman/options/ckan-dev
>