[CKAN-Security] Fwd: ckan.org top page defaced?

David Read david.read at hackneyworkshop.com
Fri Aug 2 14:29:31 UTC 2019 

It looks fine to me. What am I missing?
David

On Thu, 1 Aug 2019 at 23:19, 石川 千秋 <chiaki.ishikawa at ubin.jp> wrote:
>
> Dear Adrià,
>
> You are welcome.
>
> I am glad that you are aware of the problem.
> When one of my colleagues approached me late afternoon in Japan saying that
> something is wrong with ckan.org website and I myself accessed the URL,
> my jaw dropped.
>
> We help some government agencies' open data initiative in Japan.
> Already, the cabinet office's web page disabled the "Powered by ckan" link.
> They have the staff man-power to do that. I am afraid my colleagues need to
> talk with people at Tokyo Metropolitan government and other ckan site
> people regarding this issue.
>
> I am afraid that this event put a rather negative publicity on ckan. That is
> why I wanted to make sure that CKAN people are aware ASAP.
>
> I hope you can resolve the issue at the earliest time.
>
> At the same time, I know how you feel.
> I have done a sysadmin-like job in my previous office, and a self-appointed
> admin of a rather complex home LAN/WAN.
>
> Identifying the issue, cleansing the server if necessary, etc. Ouch...
> You have my sympathy.
>
> I hope the problem is not wide-spread.
>
> Good luck (!)
>
> Best regards,
> Chiaki
>
>
> On 2019/08/01 18:10, Adrià Mercader wrote:
> > Dear Chiaki,
> >
> > Thank you very much for your report. We are aware of the issue and working
> > on a fix.
> > Apologies for the inconvenience caused.
> >
> > Best regards,
> >
> > Adrià
> >
> > On Thu, 1 Aug 2019 at 11:08, 石川 千秋 <chiaki.ishikawa at ubin.jp
> > <mailto:chiaki.ishikawa at ubin.jp>> wrote:
> >
> >     Hi,
> >
> >     I finally found this security at ckan.org <mailto:security at ckan.org> address.
> >
> >     It looks there is a bug or possibility of web page defacing that
> >     causes the
> >     access to https://ckan.org/ automatically get redirected to
> >     commercial mail order website web pages.
> >
> >     In Japan, when I search for "ckan.org <http://ckan.org>" using google,
> >     the top several hits
> >     are all about the mail order houses.
> >
> >     This was not the case at least a few days ago according to my colleagues.
> >
> >     TIA
> >
> >
> >
> >     -------- Forwarded Message --------
> >     Subject:        ckan.org <http://ckan.org> top page defaced?
> >     Date:   Thu, 1 Aug 2019 17:33:39 +0900
> >     From:   ishikawa <chiaki.ishikawa at ubin.jp
> >     <mailto:chiaki.ishikawa at ubin.jp>>
> >     To:     webadmin at ckan.org <mailto:webadmin at ckan.org>,
> >     postmaster at ckan.org <mailto:postmaster at ckan.org>,
> >     abuse at support.gandi.net <mailto:abuse at support.gandi.net>,
> >     web-admin at ckan.org <mailto:web-admin at ckan.org>
> >
> >
> >
> >     Dear sirs/madams,
> >
> >     By now, you must be aware that the top page access to https://ckan.org/ is
> >     redirected to commercial sites (mail order houses).
> >
> >     When I search ckan.org <http://ckan.org> using google, the
> >     first several entries point to these commercial sites.
> >
> >     (However, the subdomains of ckan.org <http://ckan.org> seem to be free
> >     of such redirection.)
> >
> >     I work at an office where open data initiative at regional government
> >     offices is supported, and
> >     some people noticed that clicking on "Powered by CKAN" results in
> >     commercial
> >     site web pages since this morning (Japan Standard Time).
> >     The redirection may have happened last evening, but I am not sure.
> >
> >     I tried to send a message using a submission page at ckan.org
> >     <http://ckan.org> that could be
> >     accessed via, say,
> >     clicking Contact Us" web page of https://demo.ckan.org/ja/
> >
> >     As I mentioned, the subdomain seems to be free from this re-direction
> >     attack
> >     (?).
> >
> >     Anyway, it would be great if you can alert ckan people since ckan is used
> >     very widely all over the world by many government offices and people
> >     tend to
> >     see "Powered by CKAN"
> >     logo and may click it. If they see an unrelated commercial site web page
> >     then, the reputation of CKAN  or confidence in CKAN may diminish a bit :-(
> >
> >
> >     Just thought to let you know about this unfortunate development.
> >
> >
> >     I hope you can clear up this issue very soon.
> >
> >
> >     Thank you in advance for your attention.
> >
> >     Regards,
> >
> >     Chiaki Ishikawa
> >
> >
> >
> >     _______________________________________________
> >     CKAN security
> >     https://lists.okfn.org/mailman/listinfo/security
> >     https://lists.okfn.org/mailman/options/security/adria.mercader%40okfn.org
> >
> >     Repo: https://github.com/ckan/ckan-security
> >
>
> _______________________________________________
> CKAN security
> https://lists.okfn.org/mailman/listinfo/security
> https://lists.okfn.org/mailman/options/security/david.read%40hackneyworkshop.com
>
> Repo: https://github.com/ckan/ckan-security

More information about the Security mailing list