[CKAN-Security] Fwd: ckan.org top page defaced?
石川 千秋
chiaki.ishikawa at ubin.jp
Thu Aug 1 08:50:35 UTC 2019
Hi,
I finally found this security at ckan.org address.
It looks there is a bug or possibility of web page defacing that causes the
access to https://ckan.org/ automatically get redirected to
commercial mail order website web pages.
In Japan, when I search for "ckan.org" using google, the top several hits
are all about the mail order houses.
This was not the case at least a few days ago according to my colleagues.
TIA
-------- Forwarded Message --------
Subject: ckan.org top page defaced?
Date: Thu, 1 Aug 2019 17:33:39 +0900
From: ishikawa <chiaki.ishikawa at ubin.jp>
To: webadmin at ckan.org, postmaster at ckan.org, abuse at support.gandi.net,
web-admin at ckan.org
Dear sirs/madams,
By now, you must be aware that the top page access to https://ckan.org/ is
redirected to commercial sites (mail order houses).
When I search ckan.org using google, the
first several entries point to these commercial sites.
(However, the subdomains of ckan.org seem to be free of such redirection.)
I work at an office where open data initiative at regional government
offices is supported, and
some people noticed that clicking on "Powered by CKAN" results in commercial
site web pages since this morning (Japan Standard Time).
The redirection may have happened last evening, but I am not sure.
I tried to send a message using a submission page at ckan.org that could be
accessed via, say,
clicking Contact Us" web page of https://demo.ckan.org/ja/
As I mentioned, the subdomain seems to be free from this re-direction attack
(?).
Anyway, it would be great if you can alert ckan people since ckan is used
very widely all over the world by many government offices and people tend to
see "Powered by CKAN"
logo and may click it. If they see an unrelated commercial site web page
then, the reputation of CKAN or confidence in CKAN may diminish a bit :-(
Just thought to let you know about this unfortunate development.
I hope you can clear up this issue very soon.
Thank you in advance for your attention.
Regards,
Chiaki Ishikawa
More information about the Security
mailing list