[ckan-dev] CKAN Vulnerability?

• Previous message: [ckan-dev] CKAN Vulnerability?
• Next message: [ckan-dev] packaging.ckan.org
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Sites that are affected by the Slayers Hack Team spam should
delete/purge the group that appeared. I suggest you run this from your
server:

$ psql ckan -c "DELETE from public.group WHERE
name='hacked-by-slayers-hack-team'; DELETE from group_revision WHERE
name='hacked-by-slayers-hack-team';"

I've provided some alternatives here:
https://github.com/ckan/ckan/wiki/Deleting-spam-group

David

> Essentially the default permissions allow people to register and
> create groups/datasets and if you don't change these you are likely to
> get spam.
>
> This spam in particular is rather scary because it says "HACKED" but
> really, it is using functionality that is working correctly to upload
> incorrect data - the access control mechanism is working but not
> configured to prevent spam.
>
> There is an issue to review these default permissions
> https://github.com/ckan/ckan/issues/2164
>
> On Thu, Jan 1, 2015 at 3:47 AM, Matthew McNaughton
> <matthew at slashroots.org> wrote:
>> Seasons Greetings everyone,
>>
>> and Happy New Year when it comes. I'm writing to inquire about a "hack" on
>> my CKAN portal that I came across this morning. An group called
>> "SLAYERSHACKTEAM". A quick google search of their name or their name + CKAN
>> shows that they've done the same thing to multiple CKAN sites, including the
>> default CKAN.org instance, UK Parliament Instance, IATI and OpenAfrica,
>> though some of the files have since been removed.
>>
>> Relatively speaking, at a surface level, it hasn't been terribly damaging,
>> but I'll have to investigate the server records to be certain. WIth all the
>> sites that have been compromised, it is clearly an automated hack, and it
>> could just be a function of poorly setup/secured CKAN instances, but I did
>> want to raise it for the benefit of the community.
>>
>> This may not be new or might have been fixed in a CKAN update, but wanted to
>> share nonetheless.
>>
>> Best,
>> Matthew
>>
>> ---
>> Executive Director
>> SlashRoots Foundation
>> www.slashroots.org
>>
>> _______________________________________________
>> ckan-dev mailing list
>> ckan-dev at lists.okfn.org
>> https://lists.okfn.org/mailman/listinfo/ckan-dev
>> Unsubscribe: https://lists.okfn.org/mailman/options/ckan-dev
>>
> _______________________________________________
> ckan-dev mailing list
> ckan-dev at lists.okfn.org
> https://lists.okfn.org/mailman/listinfo/ckan-dev
> Unsubscribe: https://lists.okfn.org/mailman/options/ckan-dev

• Previous message: [ckan-dev] CKAN Vulnerability?
• Next message: [ckan-dev] packaging.ckan.org
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]