Cruisers Forum
 


Join CruisersForum Today

Reply
 
Thread Tools Rate Thread Display Modes
Old 28-08-2016, 02:15   #1
Registered User

Join Date: Jul 2010
Location: Monastir, Tunisia
Boat: Westerly Pentland
Posts: 1,571
OpenCPN Homepage hacked

It seems the official OpenCPN homepage is hacked.
Open this link and see for yourself: | Official OpenCPN Homepage

Especially Windows users should be warned to download anything from OpenCPN | Official OpenCPN Homepage

This website is not a safe address. Safe websites uses instead https:// and not http:// as opencpn.org does.

Gerhard
__________________

__________________
CarCode is offline   Reply With Quote
Old 28-08-2016, 02:24   #2
Registered User

Join Date: Jul 2010
Location: Monastir, Tunisia
Boat: Westerly Pentland
Posts: 1,571
Re: OpenCPN Homepage hacked

For Windows users which are afraid now to navigate to opencpn.org here is a screenshot of today.

Gerhard
Attached Thumbnails
Click image for larger version

Name:	OCPNhackkl.png
Views:	231
Size:	345.2 KB
ID:	130168  
__________________

__________________
CarCode is offline   Reply With Quote
Old 28-08-2016, 05:21   #3
Registered User
 
rgleason's Avatar

Join Date: Mar 2012
Location: Boston, MA
Boat: 1981 Bristol 32 Sloop
Posts: 7,833
Re: OpenCPN Homepage hacked

Carcode I agree that the website should use https. How do we know it is not a user? Pavel indicated it was bots last time.
There is a lot of everybody's work here. Is it backed up? Is someone trying to damage O reputation? We need to get this addressed. Wish I could help.
__________________
rgleason is online now   Reply With Quote
Old 28-08-2016, 05:23   #4
Registered User
 
rgleason's Avatar

Join Date: Mar 2012
Location: Boston, MA
Boat: 1981 Bristol 32 Sloop
Posts: 7,833
Re: OpenCPN Homepage hacked

I think we should also be updating the website interface to address some of the security issues. It is quite old.
__________________
rgleason is online now   Reply With Quote
Old 28-08-2016, 05:27   #5
Registered User
 
rgleason's Avatar

Join Date: Mar 2012
Location: Boston, MA
Boat: 1981 Bristol 32 Sloop
Posts: 7,833
Re: OpenCPN Homepage hacked

Also AWS is a great way to backup. If you setup to remove older copies on a rolling schedule it may cost $1-2 per month. We pay less than $1 per month and have 6 months of backup.
__________________
rgleason is online now   Reply With Quote
Old 28-08-2016, 05:46   #6
Registered User
 
rgleason's Avatar

Join Date: Mar 2012
Location: Boston, MA
Boat: 1981 Bristol 32 Sloop
Posts: 7,833
Re: OpenCPN Homepage hacked

Norton SafeSite shows the Website and main links as GREEN and rates them as all SAFE on all four counts. Also I don't see that page. Could it be a local mirror or something?

https://safeweb.norton.com/report/sh...source=toolbar

It is true that the website is not encrypted, but that would slow things down a little and for a public website that is not transmitting private information is that needed??

I do think that it should be an https encrypted connection when logging in and editing, etc.
and it is not secure and using https for that!
__________________
rgleason is online now   Reply With Quote
Old 28-08-2016, 05:59   #7
Registered User
 
rgleason's Avatar

Join Date: Mar 2012
Location: Boston, MA
Boat: 1981 Bristol 32 Sloop
Posts: 7,833
Re: OpenCPN Homepage hacked

We need better tools for Users that have logged in, when they signed up, what activities from each user's page, etc.

Also someone should be validating these people and the free login should be shut down now!

Look at this user boylamion two days ago.

We are going to have to sanitize the existing user database, by testing responses and checking activities on the opencpn.org website.
Track
News Story
Atlanta Falcons v-sMiami Dolphins Liv-e S-tream -NFL 2016 newboylamion02 days 14 hours ago

Should this person be deleted? How?
__________________
rgleason is online now   Reply With Quote
Old 28-08-2016, 06:00   #8
Registered User

Join Date: Jul 2010
Location: Monastir, Tunisia
Boat: Westerly Pentland
Posts: 1,571
Re: OpenCPN Homepage hacked

Come on rgleason,
you are years behind of todays technology.
Check with: https://observatory.mozilla.org/
A result of "F" is the worse.

Gerhard
__________________
CarCode is offline   Reply With Quote
Old 28-08-2016, 06:14   #9
Registered User
 
rgleason's Avatar

Join Date: Mar 2012
Location: Boston, MA
Boat: 1981 Bristol 32 Sloop
Posts: 7,833
Re: OpenCPN Homepage hacked

Who is ? (many of these are members for 1-4 days)
zaazlooz2 4 days
sprtevil033 4 days
kuachella

zaazlooz2


sprtevil033


surjo12


hasan2


streaming


bdbhxhhg


khanzony8


temmuz002


Necrofear


gftgfrhghgfhfhgf


snmamm


shanuseni


junu

wm645117


kelseywiley75


sumoundit


tomash


jakopp


usana


arif


nosto01


mecoxaxug


fullkoli101


ivnwork2





asrinku
Is this guy a legit user??




eellss


asrinku126


pungtapola


aponmanik


viliamjakubicka


wkshjbqh

I did find a few I recognized taifan

Going through the User List, it appears there a lot of users that should be challenged or deleted. This is getting very serious.
__________________
rgleason is online now   Reply With Quote
Old 28-08-2016, 06:15   #10
Registered User

Join Date: Feb 2010
Location: On the go. Not in Prague.
Posts: 3,927
Re: OpenCPN Homepage hacked

The site is not hacked. There is just someone posting automatic spam into the news section of it for the past few weeks, which is allowed by design and technically we were just lucky nobody did it before. The captcha the website uses should certainly be hardened to stop it. There is nothing to worry for the downloads, which are also hosted on a completely separate CDN.
An F rating in the scan posted seems quite common, and irrelevant to what's happening.

Yes, opencpn.org needs some more care, yes, it is generally nice to use encryption everywhere, no this is not the end of the world.

Pavel
__________________
nohal is offline   Reply With Quote
Old 28-08-2016, 06:19   #11
Registered User
 
rgleason's Avatar

Join Date: Mar 2012
Location: Boston, MA
Boat: 1981 Bristol 32 Sloop
Posts: 7,833
Re: OpenCPN Homepage hacked

Thanks Gerhard,
https://observatory.mozilla.org/anal...st=opencpn.org

This is using https so it would fail for sure, but I do agree with you.
The problem right now, is that we need to shutdown free/open registration of users NOW!
Then sanitize the User database and come up with a good managed plan to accept registration so that we know who can edit! I really don't know what should be done, beyond that.
__________________
rgleason is online now   Reply With Quote
Old 28-08-2016, 06:24   #12
Registered User
 
rgleason's Avatar

Join Date: Mar 2012
Location: Boston, MA
Boat: 1981 Bristol 32 Sloop
Posts: 7,833
Re: OpenCPN Homepage hacked

Pavel, Thats good to hear, but Look at the Registered users!! Many recent <8 weeks are surely spammers or bots or something. How do we clear those without deleting someeone?
I think open registration should be shut down and have it managed until there is a better captcha and identification form which requires a legitimate forum pseudonym also (maybe this requirement for registration on Cruiser Forum would help?).
__________________
rgleason is online now   Reply With Quote
Old 28-08-2016, 06:25   #13
Registered User
 
rgleason's Avatar

Join Date: Mar 2012
Location: Boston, MA
Boat: 1981 Bristol 32 Sloop
Posts: 7,833
Re: OpenCPN Homepage hacked

Quote:
asrinku
Is this guy a legit user??
Yes he is. He PM'd me.
__________________
rgleason is online now   Reply With Quote
Old 28-08-2016, 06:31   #14
Registered User
 
rgleason's Avatar

Join Date: Mar 2012
Location: Boston, MA
Boat: 1981 Bristol 32 Sloop
Posts: 7,833
Re: OpenCPN Homepage hacked

Login and check this one out, just for the fun of it.
http://opencpn.org/ocpn/user/13518/track

This type of thing is what is slowing the website and causing crashes I think.
__________________
rgleason is online now   Reply With Quote
Old 28-08-2016, 06:33   #15
Registered User

Join Date: Dec 2005
Location: WNA
Boat: Dufour 35
Posts: 3,135
Re: OpenCPN Homepage hacked

Quote:
Originally Posted by rgleason View Post
...
How do we clear those without deleting someone?.
......
The activity of each user is documented. If they have contributed to a illegitimate post -> delete them. This would probably cover the wast majority, if not everyone.

/Thomas
__________________

__________________
cagney is offline   Reply With Quote
Reply

Tags
enc, opencpn

Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Homepage OCPN 4.2 Aart K. OpenCPN 0 08-03-2016 07:39
What's with the homepage? Vasco Forum Tech Support & Site Help 7 02-10-2008 09:26
Homepage... rubinum General Sailing Forum 19 04-01-2005 14:03
ericson homepage grover2 General Sailing Forum 1 27-04-2004 12:51


Our Communities

Our communities encompass many different hobbies and interests, but each one is built on friendly, intelligent membership.

» More about our Communities

Automotive Communities

Our Automotive communities encompass many different makes and models. From U.S. domestics to European Saloons.

» More about our Automotive Communities

Marine Communities

Our Marine websites focus on Cruising and Sailing Vessels, including forums and the largest cruising Wiki project on the web today.

» More about our Marine Communities


Copyright 2002- Social Knowledge, LLC All Rights Reserved.

All times are GMT -7. The time now is 18:26.


Google+
Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Social Knowledge Networks
Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.

ShowCase vBulletin Plugins by Drive Thru Online, Inc.