Re: EPUBZone - hacked / disposition? (URGENT)

Shutting it down, redirecting, and archiving a pre-hack version seems like
something that could be done right away, even if there is some prospect for
somebody taking it on in the future. The main things are 1) we don't want
to spread malware, 2) we need people to know it's out of date and where the
better resources are, and 3) we need to an archivable version for whatever
future purpose. I say do it now..--Bill K

*Bill Kasdorf*
*Principal, Kasdorf & Associates, LLC*

*Founding Partner, Publishing Technology Partners
<https://pubtechpartners.com/>*
kasdorf.bill@gmail.com
+1 734-904-6252

ISNI: http://isni.org/isni/0000000116490786
ORCiD: https://orcid.org/0000-0001-7002-4786
<https://orcid.org/0000-0001-7002-4786?lang=en>


On Fri, May 25, 2018 at 2:06 PM, Jeff Jaffe <jeff@w3.org> wrote:

> Adding Comm and SysTeam folks - who might want to weigh in.
>
> Jeff
>
> On 5/25/2018 1:42 PM, Bill McCoy wrote:
>
> Hi Pub SC folks,
>
>
>
> Sarah Hilderley who was coordinator for EPUBZone pre IDPF-W3C combination
> recently noticed and reported that the site seems to have been hacked,
> showing non-related content and ads. Looks moderately benign but not good
> and there may be nastier malware lurking under the surface (so if you visit
> http://www.epubzone.org/ don’t click on anything!!).
>
>
> This website and domain was an explicit part of asset transfer from IDPF
> to W3C. Early last year (immediately after combination) W3C Comm team
> didn’t feel it made sense for us to maintain it as a separate identity
> given the resource cost of so doing, so it’s just been getting stale while
> it was unclear what to do with it.
>
>
>
> Given the hack, we now urgently need to decide and execute on a
> transition. We could shut it down altogether, for example redirecting the
> URL to w3.org/publishing, we could statically archive it (presumably an
> earlier backup as untangling the malware from the Drupal CMS could be
> challenging) as is planned with IDPF.org (at the moment IDPF.org is hosted
> on the same infrastructure as epubzone.org so we are just lucky it hasn’t
> been hacked too… yet – that’s a ticking fuse as it the ongoing hosting
> cost), or we could identify a third party who wanted to take it on as an
> independent site (so far in my understanding no one has offered to do that,
> but we haven’t proactively asked anyone either). I believe W3C management
> isn’t fussed about the direction as long as within the parameters that it
> won’t have ongoing cost to W3C since we’d rather direct our limited
> resources elsewhere.
>
>
>
> This was an agenda topic at a SC call a while back but I believe it was a
> call I had to miss and the minutes didn’t note anything specific. So I
> don’t know if it was discussed or if not if anyone has any strong opinions
> about it.
>
>
>
> We could temporarily take the site down to avoid spreading malware and if
> there’s no consensus relatively immediately I think that’s the path we
> should take to avoid spreading malware and giving EPUB a black eye.
>
>
> Thanks,
>
>
>
> --BillM
>
>
>

Received on Friday, 25 May 2018 19:27:50 UTC