OpenCPN Homepage hacked

[transmitterdan]

Quote:

Originally Posted by CarCode

A troll is usually a person who floods a forum with thousands of postings with nonsense. You have wrote already 7,329 such postings.

Gerhard

Gerhard,

I think that's enough with the senseless insults. It adds nothing to the forum. No one here is trolling and you know it. If you don't wish to collaborate with a diverse group of people then don't.

I suggest alll you web developer experts could discuss the arcane subject of web site security practices in PM's as 99.9% of the forum members have no idea what you are talking about.

[rgleason]

reCaptcha works and is used by many, but maybe using a version Honey with Nu Captcha would be better if it could be done. Of course I know nothing about this stuff.

Quote:

Wikipedia: In Internet slang, a troll is a person who sows discord on the Internet by starting arguments or upsetting people, by posting inflammatory,
[1] extraneous, or off-topic messages in an online community (such as a newsgroup, forum, chat room, or blog) with the deliberate intent of provoking readers into an emotional response[2] or of otherwise disrupting normal on-topic discussion,
[3] often for their own amusement.

Good Morning Gerhard, my dear, sweet natured friend, you've morphed the term as usual. Your most recent post is definitely a troll. This is a small troll, so you can learn to identify therm.

[petter5]

Quote:

Originally Posted by rgleason

reCaptcha works and is used by many, but maybe using a version Honey with Nu Captcha would be better if it could be done. Of course I know nothing about this stuff.



Good Morning Gerhard, my dear, sweet natured friend, you've morphed the term as usual. Your most recent post is definitely a troll. This is a small troll, so you can learn to identify therm.

:biggrin :

[bdbcat]

Folks...

Website Status:

1. Bogus "news" items cleaned out. Lost a couple of recent items in the process, due to strange Drupal database cross-linking.

2. Implemented stricter IP blocking for those IPs identified as injecting the spam so far. This will be an ongoing exercise until we upgrade Drupal.

3. Changed captcha to "art" style, instead of easily machine-solved block ASCII type. We need a newer Drupal installation to move to reCaptcha, which is our goal.

4. Temporarily disabled "news" item posting by anyone.

5. Started Drupal upgrade process. This will take a while to implement and validate.

So, the website is safe for anonymous and register users, as it has always been. It is also no longer ugly.

More as we progress.

Dave

[rgleason]

Thank you BDBCAT!
You're Awesome! as the kids say.

[Eben]

Quote:

Originally Posted by rgleason

The website was scanned for security using these tools (if registration is not required).
........

I don't know if I should reprimand you for irresponsible disclosure or educate you.

That was just bad form. How would you like it if I posted the location of the hidden key to your house or boat? Please remove that post, or better yet can one of the moderators remove it?

[rgleason]

Eben,

Come on, all I used was "opencpn.org" which is very public, just like the Driveway or the Front Door, or the Front steps. Evverybody uses the URL "opencpn.org" to get on the website. All I listed were the "results" from entering "opencpn.org". Anyone can do the same as what I did, anytime. Furthermore I have no "keys" pubilc, private or otherwise. So now, please do "educate" me, I am all ears.

[Eben]

Quote:

Originally Posted by rgleason

Eben,

Come on, all I used was "opencpn.org" which is very public, just like the Driveway or the Front Door, or the Front steps. Evverybody uses the URL "opencpn.org" to get on the website. All I listed were the "results" from entering "opencpn.org". Anyone can do the same as what I did, anytime. Furthermore I have no "keys" pubilc, private or otherwise. So now, please do "educate" me, I am all ears.

Start here: https://en.wikipedia.org/wiki/Responsible_disclosure

[rgleason]

Very interesting, point, Eben. However I did not disclose some new unknown vulnerability here, I just used the front door mat (opencpn.org) and a little UFO Copter (the online programs) to see what was most vulnerable. These are all known vulnerabilities and some have been known for at least several years. I hadn't thought of doing this until now, although I have used similar scanners before.

Nevertheless, I have asked that the post be removed as you have asked, as it is prudent to do that. Hope you are happier about this now.

PS: This might be useful.
Netsparkere is free to Opensource
https://www.netsparker.com/blog/news...urce-projects/
FREE FOR OPENSOURCE

[Eben]

Quote:

Originally Posted by rgleason

Very interesting, point, Eben. However I did not disclose some new unknown vulnerability here, I just used the front door mat (opencpn.org) and a little UFO Copter (the online programs) to see what was most vulnerable. These are all known vulnerabilities and some have been known for at least several years. I hadn't thought of doing this until now, although I have used similar scanners before.

Nevertheless, I have asked that the post be removed as you have asked, as it is prudent to do that. Hope you are happier about this now.

PS: This might be useful.
Netsparkere is free to Opensource
https://www.netsparker.com/blog/news...urce-projects/
FREE FOR OPENSOURCE

Yes I am, one more person with awareness is always a good thing!

[rgleason]

While looking over the website, I noticed that an entire page is missing that had AIS under Supplementary Hardware. I have tried to find this page but it seems to be missing. This was a good page, which had a good list of the primary AIS devices one might use, including a low cost AIS receiver called dAISy.
The page was http://opencpn.org/ocpn/Sup_Hardware_AIS
and http://opencpn.org/ocpn/node/176 (I believe).

There is now one AIS device list in a new page.
Titled "Cheap AIS Receiver" Cheap AIS receiver | Official OpenCPN Homepage
This was created 8/300/2010 by "AISsee" who has been a member for 4 days and has edit access to the User Documentation.

I believe this person is connected to Quark-Elec who offers the AIS device. I cannot confirm it. I also believe this user may have deleted the entire AIS page which I have been unable to retrieve. I cannot confirm this, but if it is true, this is a problem.

I have recreated a page for dAISy but it is not nearly as complete as we had Vesper XB-8000 and others.

Does anyone have a clue where the old page went? Or why?

[bdbcat]

Rick...

I don't know where the old page went. Probably lost, but I will investigate.

Meanwhile, user AISee is now banned from editing pages. And I respectfully show him the door.

Brings up the point that I have been thinking about lately. We currently let just about anyone self-register, and thus get full access to the Wiki. All they have to do is execute the somewhat annoying captcha.

This of course will occasionally lead to not-so-nice activities by some members.

The alternative, of course, is to have some sort of active moderation of user's activities, as is done on this forum, for instance.

Active moderation is, on the surface, a good idea. But it places a real burden on volunteer moderators. And we have had trouble recruiting persistent volunteer help for this sort of thing in the past.

And, let's be plain, every minute I personally spend administering the Website is a minute that I am not fixing bugs in O4 and writing new code for OpenCPN Version 5.

I solicit opinions.

Dave

[bdbcat]

Rick...

I was a bit hasty, it seems.

The dAISy page is:
dAISy AIS Receiver | Official OpenCPN Homepage

I see no trouble with the Supplementary Hardware chapter.
Supplementary Hardware | Official OpenCPN Homepage

Am I missing something?

ASIee is re-instated.
mea culpa

But above comments still valid...
Dave

[.Paul.]

The download page for plugins that work with OpenCPN 4.2 and newer is missing from opencpn.org.

Paul

[rgleason]

Dave,
If you look at the revisions of this page, you will see that I just made that page to replace the one lost! I am afraid it is quite diiminished from the orginal.

Quote:

The dAISy page is:
dAISy AIS Receiver | Official OpenCPN Homepage

--See my email please

We got two posts below deleted as Eben suggested.