CKAN site hacked
397 views
Skip to first unread message
Elaine taylor-whilde
Jan 6, 2015, 1:06:00 PM1/6/15
to ckan-global...@googlegroups.com
Hello,
We've looked at a CKAN test site we have, and have noticed a hacking group called 'Slayers Hack Team' have apparently hacked the site.
Doing a quick google search shows that a number of sites have been hacked by them also including data.parliament.uk
Having looked at the CKAN website there is nothing about any mass hack by this group.
Has anyone else fallen foul of them? If so, what did you do to resolve this issue?
Thanks
Patrick West
Jan 6, 2015, 1:23:57 PM1/6/15
to ckan-global...@googlegroups.com
We’re having that same issue on our Deep Carbon Observatory CKAN install in production. Noticed it early last week. Just one dataset and is owned by Joe Bloggs.
--
You received this message because you are subscribed to the Google Groups "CKAN Global User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ckan-global-user-...@googlegroups.com.
To post to this group, send email to ckan-global...@googlegroups.com.
Visit this group at http://groups.google.com/group/ckan-global-user-group.
To view this discussion on the web, visit https://groups.google.com/d/msgid/ckan-global-user-group/5f6b90f2-4d44-46cd-99ec-ccae084fb55c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Matthew Fullerton
Jan 6, 2015, 1:41:52 PM1/6/15
to ckan-global...@googlegroups.com
Dear Elaine, Patrick,
This issue was floated on the ckan-dev list a few days ago. Below are
the responses. The problem is almost certainly one of spam than
hacking.
Best,
Matt
On 1 January 2015 at 02:45, Alex (Maxious) Sadleir <max...@gmail.com> wrote:
>
> This has been covered in the IRC channel
> https://botbot.me/freenode/ckan/2014-12-29/?msg=28462432&page=1
>
> Essentially the default permissions allow people to register and
> create groups/datasets and if you don't change these you are likely to
> get spam.
>
> This spam in particular is rather scary because it says "HACKED" but
> really, it is using functionality that is working correctly to upload
> incorrect data - the access control mechanism is working but not
> configured to prevent spam.
>
> There is an issue to review these default permissions
> https://github.com/ckan/ckan/issues/2164
On 31 December 2014 at 19:25, Ross Jones <ro...@servercode.co.uk> wrote:
> Hi Matthew
>
> I suspect this is a problem with setup, where any user who registers can
> create an organisation and add datasets to it. In particular I would guess
> that all of those instances that appear to have been ‘hacked’ have the
> settings described at
> http://docs.ckan.org/en/latest/maintaining/configuration.html?highlight=config#authorization-settings
> set incorrectly - although obviously I can’t confirm it from here.
>
> There’s more information on a ticket created recently -
> https://github.com/ckan/ckan/issues/2164 - which is to change the defaults
> to ensure newly installed CKANs are locked down by default.
>
> Ross
> https://groups.google.com/d/msgid/ckan-global-user-group/C4AE6A50-4295-4192-A0C6-532146D270C6%40rpi.edu.
This issue was floated on the ckan-dev list a few days ago. Below are
the responses. The problem is almost certainly one of spam than
hacking.
Best,
Matt
On 1 January 2015 at 02:45, Alex (Maxious) Sadleir <max...@gmail.com> wrote:
>
> This has been covered in the IRC channel
> https://botbot.me/freenode/ckan/2014-12-29/?msg=28462432&page=1
>
> Essentially the default permissions allow people to register and
> create groups/datasets and if you don't change these you are likely to
> get spam.
>
> This spam in particular is rather scary because it says "HACKED" but
> really, it is using functionality that is working correctly to upload
> incorrect data - the access control mechanism is working but not
> configured to prevent spam.
>
> There is an issue to review these default permissions
> https://github.com/ckan/ckan/issues/2164
On 31 December 2014 at 19:25, Ross Jones <ro...@servercode.co.uk> wrote:
> Hi Matthew
>
> I suspect this is a problem with setup, where any user who registers can
> create an organisation and add datasets to it. In particular I would guess
> that all of those instances that appear to have been ‘hacked’ have the
> settings described at
> http://docs.ckan.org/en/latest/maintaining/configuration.html?highlight=config#authorization-settings
> set incorrectly - although obviously I can’t confirm it from here.
>
> There’s more information on a ticket created recently -
> https://github.com/ckan/ckan/issues/2164 - which is to change the defaults
> to ensure newly installed CKANs are locked down by default.
>
> Ross
Elaine taylor-whilde
Jan 6, 2015, 1:52:37 PM1/6/15
to ckan-global...@googlegroups.com
Thanks Both !
Adam McGreggor
Jan 6, 2015, 2:22:37 PM1/6/15
to ckan-global...@googlegroups.com
On 6 Jan 2015, at 18:41, Matthew Fullerton <matt.fu...@gmail.com> wrote:
> Dear Elaine, Patrick,
>
> This issue was floated on the ckan-dev list a few days ago. Below are
> the responses. The problem is almost certainly one of spam than
> hacking.
https://lists.okfn.org/pipermail/ckan-dev/2014-December/008501.html
and
https://lists.okfn.org/pipermail/ckan-dev/2015-January/008503.html
(using the ‘next in thread’ option).
A
Patrick West
Jan 8, 2015, 2:45:31 PM1/8/15
to ckan-global...@googlegroups.com
We already had ckan.auth.anon_create_dataset = False
So wondering how this was able to happen with that setting?
If this is set to False then the only way that dataset could have been added would have been from a logged-in user, correct?
Patrick
--
You received this message because you are subscribed to the Google Groups "CKAN Global User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ckan-global-user-...@googlegroups.com.
To post to this group, send an email to ckan-global...@googlegroups.com.
Visit this group at http://groups.google.com/group/ckan-global-user-group.
To view this discussion on the web, visit https://groups.google.com/d/msgid/ckan-global-user-group/C7B1FEC3-F4C6-460A-BDA7-FC067C9F37BB%40okfn.org.
Augusto Herrmann
Jan 9, 2015, 6:13:16 AM1/9/15
to CKAN Global User Group
Yes. However, new user registrations are currently enabled by default. If you don't take steps to disable it in your site, the spammers do just that - register a new user just so they can post their spam. I've seen these spammers post in many CKAN sites since late 2014.
AugustoTo post to this group, send email to ckan-global...@googlegroups.com.
Visit this group at http://groups.google.com/group/ckan-global-user-group.
To view this discussion on the web, visit https://groups.google.com/d/msgid/ckan-global-user-group/8F27A2C5-B8C6-4D13-B1DF-E8B153A446C4%40rpi.edu.
Vanya Yani
Jan 19, 2015, 11:47:34 AM1/19/15
to ckan-global...@googlegroups.com
> The problem is almost certainly one of spam than
hacking.
hacking.
Well, somehow the user "Cyberizm" has admin permissions.
> email to ckan-global-user-group+unsub...@googlegroups.com.
> To post to this group, send email to
> ckan-global...@googlegroups.com.
> Visit this group at http://groups.google.com/group/ckan-global-user-group.
> To view this discussion on the web, visit
> https://groups.google.com/d/msgid/ckan-global-user-group/5f6b90f2-4d44-46cd-99ec-ccae084fb55c%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "CKAN Global User Group" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ckan-global-user-group+unsub...@googlegroups.com.
Ross Jones
Jan 19, 2015, 12:01:56 PM1/19/15
to ckan-global...@googlegroups.com
Hi Vanya,
If your server is set up to allow users to create organisations, then
they'll get admin permissions for that organization. This is not the
same as sysadmin permissions. We would expect a user creating an
organization to be allowed to administer that organization.
Ross.
Vanya Yani wrote:
> > The problem is almost certainly one of spam than
> hacking.
>
> Well, somehow the user "Cyberizm" has admin permissions.
>
> On Tuesday, 6 January 2015 20:41:52 UTC+2, Matthew Fullerton wrote:
>
> Dear Elaine, Patrick,
>
> This issue was floated on the ckan-dev list a few days ago. Below are
> the responses. The problem is almost certainly one of spam than
> hacking.
>
> Best,
> Matt
>
> On 1 January 2015 at 02:45, Alex (Maxious) Sadleir <max...@gmail.com
> <javascript:>.
> <http://groups.google.com/group/ckan-global-user-group>.
> <https://groups.google.com/d/optout>.
> <javascript:>.
> <http://groups.google.com/group/ckan-global-user-group>.
> <https://groups.google.com/d/msgid/ckan-global-user-group/C4AE6A50-4295-4192-A0C6-532146D270C6%40rpi.edu>.
> <https://groups.google.com/d/optout>.
> <mailto:ckan-global-user-...@googlegroups.com>.
> <mailto:ckan-global...@googlegroups.com>.
> <https://groups.google.com/d/msgid/ckan-global-user-group/39eef3c8-0506-48ef-bb65-933a6323b43c%40googlegroups.com?utm_medium=email&utm_source=footer>.
If your server is set up to allow users to create organisations, then
they'll get admin permissions for that organization. This is not the
same as sysadmin permissions. We would expect a user creating an
organization to be allowed to administer that organization.
Ross.
Vanya Yani wrote:
> > The problem is almost certainly one of spam than
> hacking.
>
> Well, somehow the user "Cyberizm" has admin permissions.
>
> On Tuesday, 6 January 2015 20:41:52 UTC+2, Matthew Fullerton wrote:
>
> Dear Elaine, Patrick,
>
> This issue was floated on the ckan-dev list a few days ago. Below are
> the responses. The problem is almost certainly one of spam than
> hacking.
>
> Best,
> Matt
>
> On 1 January 2015 at 02:45, Alex (Maxious) Sadleir <max...@gmail.com
> <javascript:>> wrote:
> >
> > This has been covered in the IRC channel
> > https://botbot.me/freenode/ckan/2014-12-29/?msg=28462432&page=1
> <https://botbot.me/freenode/ckan/2014-12-29/?msg=28462432&page=1>
> >
> > Essentially the default permissions allow people to register and
> > create groups/datasets and if you don't change these you are
> likely to
> > get spam.
> >
> > This spam in particular is rather scary because it says "HACKED" but
> > really, it is using functionality that is working correctly to
> upload
> > incorrect data - the access control mechanism is working but not
> > configured to prevent spam.
> >
> > There is an issue to review these default permissions
> > https://github.com/ckan/ckan/issues/2164
> <https://github.com/ckan/ckan/issues/2164>
>
> On 31 December 2014 at 19:25, Ross Jones <ro...@servercode.co.uk
> >
> > This has been covered in the IRC channel
> > https://botbot.me/freenode/ckan/2014-12-29/?msg=28462432&page=1
> <https://botbot.me/freenode/ckan/2014-12-29/?msg=28462432&page=1>
> >
> > Essentially the default permissions allow people to register and
> > create groups/datasets and if you don't change these you are
> likely to
> > get spam.
> >
> > This spam in particular is rather scary because it says "HACKED" but
> > really, it is using functionality that is working correctly to
> upload
> > incorrect data - the access control mechanism is working but not
> > configured to prevent spam.
> >
> > There is an issue to review these default permissions
> > https://github.com/ckan/ckan/issues/2164
> <https://github.com/ckan/ckan/issues/2164>
>
> On 31 December 2014 at 19:25, Ross Jones <ro...@servercode.co.uk
> <javascript:>> wrote:
> > Hi Matthew
> >
> > I suspect this is a problem with setup, where any user who
> registers can
> > create an organisation and add datasets to it. In particular I
> would guess
> > that all of those instances that appear to have been ‘hacked’
> have the
> > settings described at
> >
> http://docs.ckan.org/en/latest/maintaining/configuration.html?highlight=config#authorization-settings
> <http://docs.ckan.org/en/latest/maintaining/configuration.html?highlight=config#authorization-settings>
>
> > set incorrectly - although obviously I can’t confirm it from here.
> >
> > There’s more information on a ticket created recently -
> > https://github.com/ckan/ckan/issues/2164
> <https://github.com/ckan/ckan/issues/2164> - which is to change the
> defaults
> > to ensure newly installed CKANs are locked down by default.
> >
> > Ross
>
> On 6 January 2015 at 19:23, Patrick West <we...@rpi.edu
> > Hi Matthew
> >
> > I suspect this is a problem with setup, where any user who
> registers can
> > create an organisation and add datasets to it. In particular I
> would guess
> > that all of those instances that appear to have been ‘hacked’
> have the
> > settings described at
> >
> http://docs.ckan.org/en/latest/maintaining/configuration.html?highlight=config#authorization-settings
> <http://docs.ckan.org/en/latest/maintaining/configuration.html?highlight=config#authorization-settings>
>
> > set incorrectly - although obviously I can’t confirm it from here.
> >
> > There’s more information on a ticket created recently -
> > https://github.com/ckan/ckan/issues/2164
> <https://github.com/ckan/ckan/issues/2164> - which is to change the
> defaults
> > to ensure newly installed CKANs are locked down by default.
> >
> > Ross
>
> On 6 January 2015 at 19:23, Patrick West <we...@rpi.edu
> <javascript:>> wrote:
> > We’re having that same issue on our Deep Carbon Observatory CKAN
> install in
> > production. Noticed it early last week. Just one dataset and is
> owned by Joe
> > Bloggs.
> >
> > On Jan 6, 2015, at 11:06 AM, Elaine taylor-whilde
> <cicde...@gmail.com <javascript:>>
> > We’re having that same issue on our Deep Carbon Observatory CKAN
> install in
> > production. Noticed it early last week. Just one dataset and is
> owned by Joe
> > Bloggs.
> >
> > On Jan 6, 2015, at 11:06 AM, Elaine taylor-whilde
> > wrote:
> >
> > Hello,
> >
> > We've looked at a CKAN test site we have, and have noticed a
> hacking group
> > called 'Slayers Hack Team' have apparently hacked the site.
> >
> > Doing a quick google search shows that a number of sites have
> been hacked by
> > them also including data.parliament.uk <http://data.parliament.uk>
> >
> > Hello,
> >
> > We've looked at a CKAN test site we have, and have noticed a
> hacking group
> > called 'Slayers Hack Team' have apparently hacked the site.
> >
> > Doing a quick google search shows that a number of sites have
> been hacked by
> >
> > Having looked at the CKAN website there is nothing about any mass
> hack by
> > this group.
> >
> > Has anyone else fallen foul of them? If so, what did you do to
> resolve this
> > issue?
> >
> > Thanks
> >
> >
> >
> > --
> > You received this message because you are subscribed to the
> Google Groups
> > "CKAN Global User Group" group.
> > To unsubscribe from this group and stop receiving emails from it,
> send an
> > email to ckan-global-user-...@googlegroups.com
> > Having looked at the CKAN website there is nothing about any mass
> hack by
> > this group.
> >
> > Has anyone else fallen foul of them? If so, what did you do to
> resolve this
> > issue?
> >
> > Thanks
> >
> >
> >
> > --
> > You received this message because you are subscribed to the
> Google Groups
> > "CKAN Global User Group" group.
> > To unsubscribe from this group and stop receiving emails from it,
> send an
> <javascript:>.
> > To post to this group, send email to
> > ckan-global...@googlegroups.com <javascript:>.
> <http://groups.google.com/group/ckan-global-user-group>.
> > To view this discussion on the web, visit
> >
> https://groups.google.com/d/msgid/ckan-global-user-group/5f6b90f2-4d44-46cd-99ec-ccae084fb55c%40googlegroups.com
> <https://groups.google.com/d/msgid/ckan-global-user-group/5f6b90f2-4d44-46cd-99ec-ccae084fb55c%40googlegroups.com>.
> >
> https://groups.google.com/d/msgid/ckan-global-user-group/5f6b90f2-4d44-46cd-99ec-ccae084fb55c%40googlegroups.com
> <https://groups.google.com/d/optout>.
> >
> >
> > --
> > You received this message because you are subscribed to the
> Google Groups
> > "CKAN Global User Group" group.
> > To unsubscribe from this group and stop receiving emails from it,
> send an
> > email to ckan-global-user-...@googlegroups.com
> >
> > --
> > You received this message because you are subscribed to the
> Google Groups
> > "CKAN Global User Group" group.
> > To unsubscribe from this group and stop receiving emails from it,
> send an
> <javascript:>.
> > To post to this group, send email to
> > ckan-global...@googlegroups.com <javascript:>.
> <http://groups.google.com/group/ckan-global-user-group>.
> > To view this discussion on the web, visit
> >
> https://groups.google.com/d/msgid/ckan-global-user-group/C4AE6A50-4295-4192-A0C6-532146D270C6%40rpi.edu
> >
> <https://groups.google.com/d/msgid/ckan-global-user-group/C4AE6A50-4295-4192-A0C6-532146D270C6%40rpi.edu>.
> <https://groups.google.com/d/optout>.
>
> --
> You received this message because you are subscribed to the Google
> Groups "CKAN Global User Group" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to ckan-global-user-...@googlegroups.com
> --
> You received this message because you are subscribed to the Google
> Groups "CKAN Global User Group" group.
> To unsubscribe from this group and stop receiving emails from it, send
> <mailto:ckan-global-user-...@googlegroups.com>.
> <mailto:ckan-global...@googlegroups.com>.
> Visit this group at http://groups.google.com/group/ckan-global-user-group.
> To view this discussion on the web, visit
> https://groups.google.com/d/msgid/ckan-global-user-group/39eef3c8-0506-48ef-bb65-933a6323b43c%40googlegroups.com
> To view this discussion on the web, visit
> <https://groups.google.com/d/msgid/ckan-global-user-group/39eef3c8-0506-48ef-bb65-933a6323b43c%40googlegroups.com?utm_medium=email&utm_source=footer>.
Reply all
Reply to author
Forward
0 new messages