[CKAN-Security] Fwd: ckan.org top page defaced?

石川 千秋 chiaki.ishikawa at ubin.jp
Thu Aug 1 10:47:28 UTC 2019


Dear Adrià,

You are welcome.

I am glad that you are aware of the problem.
When one of my colleagues approached me late afternoon in Japan saying that
something is wrong with ckan.org website and I myself accessed the URL,
my jaw dropped.

We help some government agencies' open data initiative in Japan.
Already, the cabinet office's web page disabled the "Powered by ckan" link.
They have the staff man-power to do that. I am afraid my colleagues need to
talk with people at Tokyo Metropolitan government and other ckan site
people regarding this issue.

I am afraid that this event put a rather negative publicity on ckan. That is
why I wanted to make sure that CKAN people are aware ASAP.

I hope you can resolve the issue at the earliest time.

At the same time, I know how you feel.
I have done a sysadmin-like job in my previous office, and a self-appointed
admin of a rather complex home LAN/WAN.

Identifying the issue, cleansing the server if necessary, etc. Ouch...
You have my sympathy.

I hope the problem is not wide-spread.

Good luck (!)

Best regards,
Chiaki


On 2019/08/01 18:10, Adrià Mercader wrote:
> Dear Chiaki,
>
> Thank you very much for your report. We are aware of the issue and working
> on a fix.
> Apologies for the inconvenience caused.
>
> Best regards,
>
> Adrià
>
> On Thu, 1 Aug 2019 at 11:08, 石川 千秋 <chiaki.ishikawa at ubin.jp
> <mailto:chiaki.ishikawa at ubin.jp>> wrote:
>
>     Hi,
>
>     I finally found this security at ckan.org <mailto:security at ckan.org> address.
>
>     It looks there is a bug or possibility of web page defacing that 
>     causes the
>     access to https://ckan.org/ automatically get redirected to
>     commercial mail order website web pages.
>
>     In Japan, when I search for "ckan.org <http://ckan.org>" using google,
>     the top several hits
>     are all about the mail order houses.
>
>     This was not the case at least a few days ago according to my colleagues.
>
>     TIA
>
>
>
>     -------- Forwarded Message --------
>     Subject:        ckan.org <http://ckan.org> top page defaced?
>     Date:   Thu, 1 Aug 2019 17:33:39 +0900
>     From:   ishikawa <chiaki.ishikawa at ubin.jp
>     <mailto:chiaki.ishikawa at ubin.jp>>
>     To:     webadmin at ckan.org <mailto:webadmin at ckan.org>,
>     postmaster at ckan.org <mailto:postmaster at ckan.org>,
>     abuse at support.gandi.net <mailto:abuse at support.gandi.net>,
>     web-admin at ckan.org <mailto:web-admin at ckan.org>
>
>
>
>     Dear sirs/madams,
>
>     By now, you must be aware that the top page access to https://ckan.org/ is
>     redirected to commercial sites (mail order houses).
>
>     When I search ckan.org <http://ckan.org> using google, the
>     first several entries point to these commercial sites.
>
>     (However, the subdomains of ckan.org <http://ckan.org> seem to be free
>     of such redirection.)
>
>     I work at an office where open data initiative at regional government
>     offices is supported, and
>     some people noticed that clicking on "Powered by CKAN" results in
>     commercial
>     site web pages since this morning (Japan Standard Time).
>     The redirection may have happened last evening, but I am not sure.
>
>     I tried to send a message using a submission page at ckan.org
>     <http://ckan.org> that could be
>     accessed via, say,
>     clicking Contact Us" web page of https://demo.ckan.org/ja/
>
>     As I mentioned, the subdomain seems to be free from this re-direction
>     attack
>     (?).
>
>     Anyway, it would be great if you can alert ckan people since ckan is used
>     very widely all over the world by many government offices and people
>     tend to
>     see "Powered by CKAN"
>     logo and may click it. If they see an unrelated commercial site web page
>     then, the reputation of CKAN  or confidence in CKAN may diminish a bit :-(
>
>
>     Just thought to let you know about this unfortunate development.
>
>
>     I hope you can clear up this issue very soon.
>
>
>     Thank you in advance for your attention.
>
>     Regards,
>
>     Chiaki Ishikawa
>
>
>
>     _______________________________________________
>     CKAN security
>     https://lists.okfn.org/mailman/listinfo/security
>     https://lists.okfn.org/mailman/options/security/adria.mercader%40okfn.org
>
>     Repo: https://github.com/ckan/ckan-security
>



More information about the Security mailing list