[Systems] Translate.slo - "This site may be hacked"

[Martin Abente]

Hey guys,

With the help of Sebastian we got access to the Google console, and it
displays the follow issue:

A hacker may have modified your site to contain spammy content. To protect
visitors to your site, Google’s search results may label your site’s pages
as hacked. We may also show an older, clean version of your site.

Pages like the sample URLs appear to be created by a hacker. Typically, the
offending party gains access to an insecure directory that has open
permissions. The new pages often contain spammy words or links

URL injection,
http://translate.sugarlabs.org/ps/sugar-toolkit-gtk3/translate/,8/15/15,
URL injection,http://translate.sugarlabs.org/ca/Erikos/,8/15/15,
URL injection,
http://translate.sugarlabs.org/ja/sugar-toolkit-gtk3/translate/,8/8/15,
URL injection,http://translate.sugarlabs.org/son/ReadETexts/,8/8/15,
URL injection,http://translate.sugarlabs.org/te/Speak/,8/22/15,


But, if you look at these URLs, these are pages dynamically generated by
Pootle and I don't see any spam. Maybe Google's filter is having a
false-positive situation?

If you can double check these URL's and say it OK, I will mark them as
"fixed" in Google's console so we can get rid of the "hacked" message.

On Sun, Sep 6, 2015 at 12:11 PM, Sebastian Silva <sebastian at fuentelibre.org>
wrote:

> Yup,
> Nothing out of the ordinary so far.
> I wonder what google wants.
>
> Regards,
> Sebastian
>
>
> On 06/09/15 10:30, Martin Abente wrote:
>
> Sebastian,
>
> I just saw your wall message, are you still around?
>
> On Sun, Sep 6, 2015 at 10:05 AM, Martin Abente <
> martin.abente.lahaye at gmail.com> wrote:
>
>> Hey Sam, team,
>>
>> It was me who setup that Pootle instance, but I don't really administrate
>> that server. The server was handed to me by Bernie and it was originally
>> installed by some volunteer, I don't know the full history nor other
>> services that might be running on that server.
>>
>> Regarding this message, any suggestions for what we should look for? I
>> don't see any redirect to spam, or anything of that sort. BUT, that server
>> is sensitive because it has the ssh keys of pootle user and it can commit,
>> so I just removed the commit access for that user. No idea about the Google
>> console.
>>
>> Martin.
>>
>> On Sun, Sep 6, 2015 at 3:35 AM, Sam P. <sam at sam.today> wrote:
>>
>>> Hi All,
>>>
>>> Translate.slo is showing up as hacked in google search:
>>> https://www.google.com/search?q=sugarlabs+translation&ie=utf-8&oe=utf-8>
>>>
>>> It points to the docs for that message:
>>> https://support.google.com/websearch/answer/190597?p=ws_hacked&rd=1
>>>
>>> I'm not sure who is the admin for translate or who has access to the
>>> site on the google console, but we probably need to look into this.
>>>
>>> Thanks,
>>> Sam
>>>
>>> _______________________________________________
>>> Systems mailing list
>>> Systems at lists.sugarlabs.org
>>> http://lists.sugarlabs.org/listinfo/systems
>>>
>>>
>>
>
>
> _______________________________________________
> Systems mailing listSystems at lists.sugarlabs.orghttp://lists.sugarlabs.org/listinfo/systems
>
>
> --
> I+D SomosAzucar.Org
> "icarito" #somosazucar en Freenode IRC
> "Nadie libera a nadie, nadie se libera solo. Los seres humanos se liberan en comunión" - P. Freire
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sugarlabs.org/private/systems/attachments/20150906/2c1c108a/attachment.html>