[CKAN-Security] Your CDN cache seem to be polluted
Masaki Hidano
masagon at info-lounge.jp
Tue Sep 3 10:52:37 UTC 2019
Hello Adrià,
It seems to be working fine now.
Thank you very much.
2019年9月3日(火) 19:40 Adrià Mercader <adria.mercader at okfn.org>:
> Dear Masaki Hidano,
>
> Thanks very much for your report. We have just been recently dealing with
> this problem on the hosting side. We've purged the CDN cache and ask for a
> Google reindex but it might take a while to propagate.
> Can you confirm if you are still getting malicious results on your end?
>
> Many thanks and apologies
>
> Adrià
>
> On Tue, 3 Sep 2019 at 12:31, Masaki Hidano <masagon at info-lounge.jp> wrote:
>
>> Hello CKAN admin
>>
>> When I access to https://ckan.org/ in Japan with Accept-Language is ja,
>> it's redirect to unrelated shopping web site.
>>
>> I think CDN cache in Japan (5106e1631fd72e1f-NRT) is polluted.
>>
>> <Good: Accept-Language=en>
>> $ curl -s -D - -o /dev/null https://ckan.org -H 'Accept-Language: en'
>> *HTTP/2 200*
>> date: Tue, 03 Sep 2019 10:01:08 GMT
>> content-type: text/html; charset=UTF-8
>> set-cookie: __cfduid=d7dac7acfc07186503a33d6db696a10911567504865;
>> expires=Wed, 02-Sep-20 10:01:05 GMT; path=/; domain=.ckan.org; HttpOnly;
>> Secure
>> link: <https://wp.me/P7GnYI-mo>; rel=shortlink
>> expect-ct: max-age=604800, report-uri="
>> https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
>> server: cloudflare
>> cf-ray: 5106e1631fd72e1f-NRT
>>
>> <Bad: Accept-Language=ja>
>> $ curl -s -D - -o /dev/null https://ckan.org -H 'Accept-Language: ja'
>> *HTTP/2 302*
>> date: Tue, 03 Sep 2019 10:01:37 GMT
>> content-type: text/html; charset=UTF-8
>> set-cookie: __cfduid=da5370a7f633472a2f59a6457ab98675d1567504896;
>> expires=Wed, 02-Sep-20 10:01:36 GMT; path=/; domain=.ckan.org; HttpOnly;
>> Secure
>> *location: http://www.vog79.com/ <http://www.vog79.com/>*
>> expect-ct: max-age=604800, report-uri="
>> https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
>> server: cloudflare
>> cf-ray: 5106e221ada3d641-NRT
>>
>>
>> --
>> ※2018年9月1日より株式会社になりました。
>> ***********************************
>> インフォ・ラウンジ株式会社 http://info-lounge.jp/
>> 〒224-0032 横浜市都筑区茅ケ崎中央47-7 センターステージビル2F
>> TEL: 045-482-4361 FAX: 045-345-0703
>>
>> 代表取締役社長 肥田野 正輝 masagon at info-lounge.jp (090-2620-2379)
>> ***********************************
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "CKAN Security" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to security+unsubscribe at ckan.org.
>> _______________________________________________
>> CKAN security
>> https://lists.okfn.org/mailman/listinfo/security
>> https://lists.okfn.org/mailman/options/security/adria.mercader%40okfn.org
>>
>> Repo: https://github.com/ckan/ckan-security
>
>
--
※2018年9月1日より株式会社になりました。
***********************************
インフォ・ラウンジ株式会社 http://info-lounge.jp/
〒224-0032 横浜市都筑区茅ケ崎中央47-7 センターステージビル2F
TEL: 045-482-4361 FAX: 045-345-0703
代表取締役社長 肥田野 正輝 masagon at info-lounge.jp (090-2620-2379)
***********************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.okfn.org/mailman/private/security/attachments/20190903/84a89033/attachment-0001.html>
More information about the Security
mailing list