[CKAN-Security] Fwd: ckan.org top page defaced?
Goce Mitevski
goce.mitevski at keitaro.com
Fri Aug 2 15:22:58 UTC 2019
Hi David,
The malicious code and the filesystem was cleaned in the meantime.
That's why you can't notice anything different at the moment.
Regards,
Goce Mitevski
On Fri, Aug 2, 2019 at 4:29 PM David Read
<david.read at hackneyworkshop.com> wrote:
>
> It looks fine to me. What am I missing?
> David
>
> On Thu, 1 Aug 2019 at 23:19, 石川 千秋 <chiaki.ishikawa at ubin.jp> wrote:
> >
> > Dear Adrià,
> >
> > You are welcome.
> >
> > I am glad that you are aware of the problem.
> > When one of my colleagues approached me late afternoon in Japan saying that
> > something is wrong with ckan.org website and I myself accessed the URL,
> > my jaw dropped.
> >
> > We help some government agencies' open data initiative in Japan.
> > Already, the cabinet office's web page disabled the "Powered by ckan" link.
> > They have the staff man-power to do that. I am afraid my colleagues need to
> > talk with people at Tokyo Metropolitan government and other ckan site
> > people regarding this issue.
> >
> > I am afraid that this event put a rather negative publicity on ckan. That is
> > why I wanted to make sure that CKAN people are aware ASAP.
> >
> > I hope you can resolve the issue at the earliest time.
> >
> > At the same time, I know how you feel.
> > I have done a sysadmin-like job in my previous office, and a self-appointed
> > admin of a rather complex home LAN/WAN.
> >
> > Identifying the issue, cleansing the server if necessary, etc. Ouch...
> > You have my sympathy.
> >
> > I hope the problem is not wide-spread.
> >
> > Good luck (!)
> >
> > Best regards,
> > Chiaki
> >
> >
> > On 2019/08/01 18:10, Adrià Mercader wrote:
> > > Dear Chiaki,
> > >
> > > Thank you very much for your report. We are aware of the issue and working
> > > on a fix.
> > > Apologies for the inconvenience caused.
> > >
> > > Best regards,
> > >
> > > Adrià
> > >
> > > On Thu, 1 Aug 2019 at 11:08, 石川 千秋 <chiaki.ishikawa at ubin.jp
> > > <mailto:chiaki.ishikawa at ubin.jp>> wrote:
> > >
> > > Hi,
> > >
> > > I finally found this security at ckan.org <mailto:security at ckan.org> address.
> > >
> > > It looks there is a bug or possibility of web page defacing that
> > > causes the
> > > access to https://ckan.org/ automatically get redirected to
> > > commercial mail order website web pages.
> > >
> > > In Japan, when I search for "ckan.org <http://ckan.org>" using google,
> > > the top several hits
> > > are all about the mail order houses.
> > >
> > > This was not the case at least a few days ago according to my colleagues.
> > >
> > > TIA
> > >
> > >
> > >
> > > -------- Forwarded Message --------
> > > Subject: ckan.org <http://ckan.org> top page defaced?
> > > Date: Thu, 1 Aug 2019 17:33:39 +0900
> > > From: ishikawa <chiaki.ishikawa at ubin.jp
> > > <mailto:chiaki.ishikawa at ubin.jp>>
> > > To: webadmin at ckan.org <mailto:webadmin at ckan.org>,
> > > postmaster at ckan.org <mailto:postmaster at ckan.org>,
> > > abuse at support.gandi.net <mailto:abuse at support.gandi.net>,
> > > web-admin at ckan.org <mailto:web-admin at ckan.org>
> > >
> > >
> > >
> > > Dear sirs/madams,
> > >
> > > By now, you must be aware that the top page access to https://ckan.org/ is
> > > redirected to commercial sites (mail order houses).
> > >
> > > When I search ckan.org <http://ckan.org> using google, the
> > > first several entries point to these commercial sites.
> > >
> > > (However, the subdomains of ckan.org <http://ckan.org> seem to be free
> > > of such redirection.)
> > >
> > > I work at an office where open data initiative at regional government
> > > offices is supported, and
> > > some people noticed that clicking on "Powered by CKAN" results in
> > > commercial
> > > site web pages since this morning (Japan Standard Time).
> > > The redirection may have happened last evening, but I am not sure.
> > >
> > > I tried to send a message using a submission page at ckan.org
> > > <http://ckan.org> that could be
> > > accessed via, say,
> > > clicking Contact Us" web page of https://demo.ckan.org/ja/
> > >
> > > As I mentioned, the subdomain seems to be free from this re-direction
> > > attack
> > > (?).
> > >
> > > Anyway, it would be great if you can alert ckan people since ckan is used
> > > very widely all over the world by many government offices and people
> > > tend to
> > > see "Powered by CKAN"
> > > logo and may click it. If they see an unrelated commercial site web page
> > > then, the reputation of CKAN or confidence in CKAN may diminish a bit :-(
> > >
> > >
> > > Just thought to let you know about this unfortunate development.
> > >
> > >
> > > I hope you can clear up this issue very soon.
> > >
> > >
> > > Thank you in advance for your attention.
> > >
> > > Regards,
> > >
> > > Chiaki Ishikawa
> > >
> > >
> > >
> > > _______________________________________________
> > > CKAN security
> > > https://lists.okfn.org/mailman/listinfo/security
> > > https://lists.okfn.org/mailman/options/security/adria.mercader%40okfn.org
> > >
> > > Repo: https://github.com/ckan/ckan-security
> > >
> >
> > _______________________________________________
> > CKAN security
> > https://lists.okfn.org/mailman/listinfo/security
> > https://lists.okfn.org/mailman/options/security/david.read%40hackneyworkshop.com
> >
> > Repo: https://github.com/ckan/ckan-security
--
Goce Mitevski
Chief Design Officer,
Keitaro Inc.
goce.mitevski at keitaro.com
http://www.keitaro.com/
More information about the Security
mailing list