Thanks for your report, Tom (and Patrick) - There must be a gap somewhere in how we escape HTML. I've reverted the changes that this person made to do that redirect at least, while we try to plug the hole.
Cheers, george On 5/7/11 7:00 AM, Tom Morris wrote: > Hi, > > I tried to login to the site today and it gave me an error (I didn't > copy-paste it), but it also seemed to have triggered at some point > some JavaScript which sent me to azhack.com/u4pwned which looks > suspicious and scary! ;-) > > I reported it on IRC and was told by archivist to report it here. So, > > 14:46<tommorris> I think openlibrary may have been hacked > 14:47<tommorris> and when I clicked on some part of the > login/signup/forgot password interface, it brought up > azhack.com/u4pwned > 14:52<archivist> tommorris, can you put something on the > http://mail.archive.org/cgi-bin/mailman/listinfo/ol-tech > 14:53<tommorris> can do > 14:54<archivist> Im wondering if some content has a redirect > 14:55<tommorris> I've tried a few times and can't login > 14:56<tommorris> weird, let me in now > 14:56<archivist> just email to [email protected] > > I can't tell you any more, because it now seems to be working. I don't > know if this is a problem on your end or mine or what. > _______________________________________________ Ol-tech mailing list [email protected] http://mail.archive.org/cgi-bin/mailman/listinfo/ol-tech To unsubscribe from this mailing list, send email to [email protected]
