[CKAN-Security] Fwd: ckan.org top page defaced?

Goce Mitevski goce.mitevski at keitaro.com
Fri Aug 2 19:12:53 UTC 2019


I am working on it and the problems are still not resolved entirely.

Regards,
Goce

On Fri, Aug 2, 2019 at 6:07 PM David Read

<david.read at hackneyworkshop.com> wrote:
>
> Great, thanks Goce.
>
> I looked yesterday 2 hours after Chiaki's initial report and also
> didn't see anything wrong. So I guess Adria and co fixed this quickly.
>
> David
>
> On Fri, 2 Aug 2019 at 15:23, Goce Mitevski <goce.mitevski at keitaro.com> wrote:
> >
> > Hi David,
> >
> > The malicious code and the filesystem was cleaned in the meantime.
> > That's why you can't notice anything different at the moment.
> >
> > Regards,
> > Goce Mitevski
> >
> > On Fri, Aug 2, 2019 at 4:29 PM David Read
> > <david.read at hackneyworkshop.com> wrote:
> > >
> > > It looks fine to me. What am I missing?
> > > David
> > >
> > > On Thu, 1 Aug 2019 at 23:19, 石川 千秋 <chiaki.ishikawa at ubin.jp> wrote:
> > > >
> > > > Dear Adrià,
> > > >
> > > > You are welcome.
> > > >
> > > > I am glad that you are aware of the problem.
> > > > When one of my colleagues approached me late afternoon in Japan saying that
> > > > something is wrong with ckan.org website and I myself accessed the URL,
> > > > my jaw dropped.
> > > >
> > > > We help some government agencies' open data initiative in Japan.
> > > > Already, the cabinet office's web page disabled the "Powered by ckan" link.
> > > > They have the staff man-power to do that. I am afraid my colleagues need to
> > > > talk with people at Tokyo Metropolitan government and other ckan site
> > > > people regarding this issue.
> > > >
> > > > I am afraid that this event put a rather negative publicity on ckan. That is
> > > > why I wanted to make sure that CKAN people are aware ASAP.
> > > >
> > > > I hope you can resolve the issue at the earliest time.
> > > >
> > > > At the same time, I know how you feel.
> > > > I have done a sysadmin-like job in my previous office, and a self-appointed
> > > > admin of a rather complex home LAN/WAN.
> > > >
> > > > Identifying the issue, cleansing the server if necessary, etc. Ouch...
> > > > You have my sympathy.
> > > >
> > > > I hope the problem is not wide-spread.
> > > >
> > > > Good luck (!)
> > > >
> > > > Best regards,
> > > > Chiaki
> > > >
> > > >
> > > > On 2019/08/01 18:10, Adrià Mercader wrote:
> > > > > Dear Chiaki,
> > > > >
> > > > > Thank you very much for your report. We are aware of the issue and working
> > > > > on a fix.
> > > > > Apologies for the inconvenience caused.
> > > > >
> > > > > Best regards,
> > > > >
> > > > > Adrià
> > > > >
> > > > > On Thu, 1 Aug 2019 at 11:08, 石川 千秋 <chiaki.ishikawa at ubin.jp
> > > > > <mailto:chiaki.ishikawa at ubin.jp>> wrote:
> > > > >
> > > > >     Hi,
> > > > >
> > > > >     I finally found this security at ckan.org <mailto:security at ckan.org> address.
> > > > >
> > > > >     It looks there is a bug or possibility of web page defacing that
> > > > >     causes the
> > > > >     access to https://ckan.org/ automatically get redirected to
> > > > >     commercial mail order website web pages.
> > > > >
> > > > >     In Japan, when I search for "ckan.org <http://ckan.org>" using google,
> > > > >     the top several hits
> > > > >     are all about the mail order houses.
> > > > >
> > > > >     This was not the case at least a few days ago according to my colleagues.
> > > > >
> > > > >     TIA
> > > > >
> > > > >
> > > > >
> > > > >     -------- Forwarded Message --------
> > > > >     Subject:        ckan.org <http://ckan.org> top page defaced?
> > > > >     Date:   Thu, 1 Aug 2019 17:33:39 +0900
> > > > >     From:   ishikawa <chiaki.ishikawa at ubin.jp
> > > > >     <mailto:chiaki.ishikawa at ubin.jp>>
> > > > >     To:     webadmin at ckan.org <mailto:webadmin at ckan.org>,
> > > > >     postmaster at ckan.org <mailto:postmaster at ckan.org>,
> > > > >     abuse at support.gandi.net <mailto:abuse at support.gandi.net>,
> > > > >     web-admin at ckan.org <mailto:web-admin at ckan.org>
> > > > >
> > > > >
> > > > >
> > > > >     Dear sirs/madams,
> > > > >
> > > > >     By now, you must be aware that the top page access to https://ckan.org/ is
> > > > >     redirected to commercial sites (mail order houses).
> > > > >
> > > > >     When I search ckan.org <http://ckan.org> using google, the
> > > > >     first several entries point to these commercial sites.
> > > > >
> > > > >     (However, the subdomains of ckan.org <http://ckan.org> seem to be free
> > > > >     of such redirection.)
> > > > >
> > > > >     I work at an office where open data initiative at regional government
> > > > >     offices is supported, and
> > > > >     some people noticed that clicking on "Powered by CKAN" results in
> > > > >     commercial
> > > > >     site web pages since this morning (Japan Standard Time).
> > > > >     The redirection may have happened last evening, but I am not sure.
> > > > >
> > > > >     I tried to send a message using a submission page at ckan.org
> > > > >     <http://ckan.org> that could be
> > > > >     accessed via, say,
> > > > >     clicking Contact Us" web page of https://demo.ckan.org/ja/
> > > > >
> > > > >     As I mentioned, the subdomain seems to be free from this re-direction
> > > > >     attack
> > > > >     (?).
> > > > >
> > > > >     Anyway, it would be great if you can alert ckan people since ckan is used
> > > > >     very widely all over the world by many government offices and people
> > > > >     tend to
> > > > >     see "Powered by CKAN"
> > > > >     logo and may click it. If they see an unrelated commercial site web page
> > > > >     then, the reputation of CKAN  or confidence in CKAN may diminish a bit :-(
> > > > >
> > > > >
> > > > >     Just thought to let you know about this unfortunate development.
> > > > >
> > > > >
> > > > >     I hope you can clear up this issue very soon.
> > > > >
> > > > >
> > > > >     Thank you in advance for your attention.
> > > > >
> > > > >     Regards,
> > > > >
> > > > >     Chiaki Ishikawa
> > > > >
> > > > >
> > > > >
> > > > >     _______________________________________________
> > > > >     CKAN security
> > > > >     https://lists.okfn.org/mailman/listinfo/security
> > > > >     https://lists.okfn.org/mailman/options/security/adria.mercader%40okfn.org
> > > > >
> > > > >     Repo: https://github.com/ckan/ckan-security
> > > > >
> > > >
> > > > _______________________________________________
> > > > CKAN security
> > > > https://lists.okfn.org/mailman/listinfo/security
> > > > https://lists.okfn.org/mailman/options/security/david.read%40hackneyworkshop.com
> > > >
> > > > Repo: https://github.com/ckan/ckan-security
> >
> >
> >
> > --
> >
> > Goce Mitevski
> > Chief Design Officer,
> > Keitaro Inc.
> >
> > goce.mitevski at keitaro.com
> > http://www.keitaro.com/



--

Goce Mitevski
Chief Design Officer,
Keitaro Inc.

goce.mitevski at keitaro.com
http://www.keitaro.com/



More information about the Security mailing list