[CKAN-Security] Fwd: ckan.org top page defaced?
Goce Mitevski
goce.mitevski at keitaro.com
Fri Aug 2 19:12:53 UTC 2019
I am working on it and the problems are still not resolved entirely.
Regards,
Goce
On Fri, Aug 2, 2019 at 6:07 PM David Read
<david.read at hackneyworkshop.com> wrote:
>
> Great, thanks Goce.
>
> I looked yesterday 2 hours after Chiaki's initial report and also
> didn't see anything wrong. So I guess Adria and co fixed this quickly.
>
> David
>
> On Fri, 2 Aug 2019 at 15:23, Goce Mitevski <goce.mitevski at keitaro.com> wrote:
> >
> > Hi David,
> >
> > The malicious code and the filesystem was cleaned in the meantime.
> > That's why you can't notice anything different at the moment.
> >
> > Regards,
> > Goce Mitevski
> >
> > On Fri, Aug 2, 2019 at 4:29 PM David Read
> > <david.read at hackneyworkshop.com> wrote:
> > >
> > > It looks fine to me. What am I missing?
> > > David
> > >
> > > On Thu, 1 Aug 2019 at 23:19, 石川 千秋 <chiaki.ishikawa at ubin.jp> wrote:
> > > >
> > > > Dear Adrià,
> > > >
> > > > You are welcome.
> > > >
> > > > I am glad that you are aware of the problem.
> > > > When one of my colleagues approached me late afternoon in Japan saying that
> > > > something is wrong with ckan.org website and I myself accessed the URL,
> > > > my jaw dropped.
> > > >
> > > > We help some government agencies' open data initiative in Japan.
> > > > Already, the cabinet office's web page disabled the "Powered by ckan" link.
> > > > They have the staff man-power to do that. I am afraid my colleagues need to
> > > > talk with people at Tokyo Metropolitan government and other ckan site
> > > > people regarding this issue.
> > > >
> > > > I am afraid that this event put a rather negative publicity on ckan. That is
> > > > why I wanted to make sure that CKAN people are aware ASAP.
> > > >
> > > > I hope you can resolve the issue at the earliest time.
> > > >
> > > > At the same time, I know how you feel.
> > > > I have done a sysadmin-like job in my previous office, and a self-appointed
> > > > admin of a rather complex home LAN/WAN.
> > > >
> > > > Identifying the issue, cleansing the server if necessary, etc. Ouch...
> > > > You have my sympathy.
> > > >
> > > > I hope the problem is not wide-spread.
> > > >
> > > > Good luck (!)
> > > >
> > > > Best regards,
> > > > Chiaki
> > > >
> > > >
> > > > On 2019/08/01 18:10, Adrià Mercader wrote:
> > > > > Dear Chiaki,
> > > > >
> > > > > Thank you very much for your report. We are aware of the issue and working
> > > > > on a fix.
> > > > > Apologies for the inconvenience caused.
> > > > >
> > > > > Best regards,
> > > > >
> > > > > Adrià
> > > > >
> > > > > On Thu, 1 Aug 2019 at 11:08, 石川 千秋 <chiaki.ishikawa at ubin.jp
> > > > > <mailto:chiaki.ishikawa at ubin.jp>> wrote:
> > > > >
> > > > > Hi,
> > > > >
> > > > > I finally found this security at ckan.org <mailto:security at ckan.org> address.
> > > > >
> > > > > It looks there is a bug or possibility of web page defacing that
> > > > > causes the
> > > > > access to https://ckan.org/ automatically get redirected to
> > > > > commercial mail order website web pages.
> > > > >
> > > > > In Japan, when I search for "ckan.org <http://ckan.org>" using google,
> > > > > the top several hits
> > > > > are all about the mail order houses.
> > > > >
> > > > > This was not the case at least a few days ago according to my colleagues.
> > > > >
> > > > > TIA
> > > > >
> > > > >
> > > > >
> > > > > -------- Forwarded Message --------
> > > > > Subject: ckan.org <http://ckan.org> top page defaced?
> > > > > Date: Thu, 1 Aug 2019 17:33:39 +0900
> > > > > From: ishikawa <chiaki.ishikawa at ubin.jp
> > > > > <mailto:chiaki.ishikawa at ubin.jp>>
> > > > > To: webadmin at ckan.org <mailto:webadmin at ckan.org>,
> > > > > postmaster at ckan.org <mailto:postmaster at ckan.org>,
> > > > > abuse at support.gandi.net <mailto:abuse at support.gandi.net>,
> > > > > web-admin at ckan.org <mailto:web-admin at ckan.org>
> > > > >
> > > > >
> > > > >
> > > > > Dear sirs/madams,
> > > > >
> > > > > By now, you must be aware that the top page access to https://ckan.org/ is
> > > > > redirected to commercial sites (mail order houses).
> > > > >
> > > > > When I search ckan.org <http://ckan.org> using google, the
> > > > > first several entries point to these commercial sites.
> > > > >
> > > > > (However, the subdomains of ckan.org <http://ckan.org> seem to be free
> > > > > of such redirection.)
> > > > >
> > > > > I work at an office where open data initiative at regional government
> > > > > offices is supported, and
> > > > > some people noticed that clicking on "Powered by CKAN" results in
> > > > > commercial
> > > > > site web pages since this morning (Japan Standard Time).
> > > > > The redirection may have happened last evening, but I am not sure.
> > > > >
> > > > > I tried to send a message using a submission page at ckan.org
> > > > > <http://ckan.org> that could be
> > > > > accessed via, say,
> > > > > clicking Contact Us" web page of https://demo.ckan.org/ja/
> > > > >
> > > > > As I mentioned, the subdomain seems to be free from this re-direction
> > > > > attack
> > > > > (?).
> > > > >
> > > > > Anyway, it would be great if you can alert ckan people since ckan is used
> > > > > very widely all over the world by many government offices and people
> > > > > tend to
> > > > > see "Powered by CKAN"
> > > > > logo and may click it. If they see an unrelated commercial site web page
> > > > > then, the reputation of CKAN or confidence in CKAN may diminish a bit :-(
> > > > >
> > > > >
> > > > > Just thought to let you know about this unfortunate development.
> > > > >
> > > > >
> > > > > I hope you can clear up this issue very soon.
> > > > >
> > > > >
> > > > > Thank you in advance for your attention.
> > > > >
> > > > > Regards,
> > > > >
> > > > > Chiaki Ishikawa
> > > > >
> > > > >
> > > > >
> > > > > _______________________________________________
> > > > > CKAN security
> > > > > https://lists.okfn.org/mailman/listinfo/security
> > > > > https://lists.okfn.org/mailman/options/security/adria.mercader%40okfn.org
> > > > >
> > > > > Repo: https://github.com/ckan/ckan-security
> > > > >
> > > >
> > > > _______________________________________________
> > > > CKAN security
> > > > https://lists.okfn.org/mailman/listinfo/security
> > > > https://lists.okfn.org/mailman/options/security/david.read%40hackneyworkshop.com
> > > >
> > > > Repo: https://github.com/ckan/ckan-security
> >
> >
> >
> > --
> >
> > Goce Mitevski
> > Chief Design Officer,
> > Keitaro Inc.
> >
> > goce.mitevski at keitaro.com
> > http://www.keitaro.com/
--
Goce Mitevski
Chief Design Officer,
Keitaro Inc.
goce.mitevski at keitaro.com
http://www.keitaro.com/
More information about the Security
mailing list