RE: EPUBZone - hacked / disposition? (URGENT) from George Kerscher on 2018-05-26 (public-publishing-sc@w3.org from May 2018)

From: George Kerscher <kerscher@montana.com>
Date: Fri, 25 May 2018 19:40:11 -0600
To: "'AUDRAIN LUC'" <LAUDRAIN@hachette-livre.fr>, "'Bill Kasdorf'" <kasdorf.bill@gmail.com>
Cc: "'Jeff Jaffe'" <jeff@w3.org>, "'Bill McCoy'" <bmccoy@w3.org>, "'W3C Publishing Steering Committee'" <public-publishing-sc@w3.org>, "'Karen Myers'" <karen@w3.org>, "'Alan Bird'" <alan.bird@w3.org>, "'Ralph Swick'" <swick@w3.org>, "'W3C Team Digital Publishing'" <team-dig-publishing@w3.org>, "'Coralie Mercier'" <coralie@w3.org>, "'W3C Comm Team'" <w3t-comm@w3.org>, "'Vivien Lacourba'" <vivien@w3.org>, "'Systems Team'" <w3t-sys@w3.org>
Message-ID: <001d01d3f492$81a800b0$84f80210$@montana.com>

Hi,
 
Sarah, who maintained the site for the IDPF now works for DAISY. Should
DAISY step in to help? There is probably a short term solution that involves
getting rid of the hacks and malware, and restoring to a previously good
state. Then there is the longer term issue of what to do with this resource.
Sarah does not have a current login and we would need to get this figured
out to resolve issues.
 
Perhaps set up a call quickly to make some  decisions to prevent the black
ey.
 
Best
George
 
 
Best
George
 
 
From: AUDRAIN LUC <LAUDRAIN@hachette-livre.fr> 
Sent: Friday, May 25, 2018 4:37 PM
To: Bill Kasdorf <kasdorf.bill@gmail.com>
Cc: Jeff Jaffe <jeff@w3.org>; Bill McCoy <bmccoy@w3.org>; W3C Publishing
Steering Committee <public-publishing-sc@w3.org>; Karen Myers
<karen@w3.org>; Alan Bird <alan.bird@w3.org>; Ralph Swick <swick@w3.org>;
W3C Team Digital Publishing <team-dig-publishing@w3.org>; Coralie Mercier
<coralie@w3.org>; W3C Comm Team <w3t-comm@w3.org>; Vivien Lacourba
<vivien@w3.org>; Systems Team <w3t-sys@w3.org>
Subject: Re: EPUBZone - hacked / disposition? (URGENT)
 
+1

Le 25 mai 2018 à 21:28, Bill Kasdorf <kasdorf.bill@gmail.com
<mailto:kasdorf.bill@gmail.com> > a écrit :
Shutting it down, redirecting, and archiving a pre-hack version seems like
something that could be done right away, even if there is some prospect for
somebody taking it on in the future. The main things are 1) we don't want to
spread malware, 2) we need people to know it's out of date and where the
better resources are, and 3) we need to an archivable version for whatever
future purpose. I say do it now..--Bill K


Bill Kasdorf
Principal, Kasdorf & Associates, LLC
Founding Partner, Publishing Technology Partners
<https://pubtechpartners.com/> 
kasdorf.bill@gmail.com <mailto:kasdorf.bill@gmail.com> 
+1 734-904-6252
ISNI:  <http://isni.org/isni/0000000116490786>
http://isni.org/isni/0000000116490786
ORCiD: https://orcid.org/0000-0001-7002-4786
<https://orcid.org/0000-0001-7002-4786?lang=en> 
 
 
On Fri, May 25, 2018 at 2:06 PM, Jeff Jaffe <jeff@w3.org
<mailto:jeff@w3.org> > wrote:
Adding Comm and SysTeam folks - who might want to weigh in.
Jeff
 
On 5/25/2018 1:42 PM, Bill McCoy wrote:
Hi Pub SC folks,
 
Sarah Hilderley who was coordinator for EPUBZone pre IDPF-W3C combination
recently noticed and reported that the site seems to have been hacked,
showing non-related content and ads. Looks moderately benign but not good
and there may be nastier malware lurking under the surface (so if you visit
http://www.epubzone.org/ don’t click on anything!!).

This website and domain was an explicit part of asset transfer from IDPF to
W3C. Early last year (immediately after combination) W3C Comm team didn’t
feel it made sense for us to maintain it as a separate identity given the
resource cost of so doing, so it’s just been getting stale while it was
unclear what to do with it.
 
Given the hack, we now urgently need to decide and execute on a transition.
We could shut it down altogether, for example redirecting the URL to
w3.org/publishing <http://w3.org/publishing> , we could statically archive
it (presumably an earlier backup as untangling the malware from the Drupal
CMS could be challenging) as is planned with IDPF.org <http://IDPF.org>  (at
the moment IDPF.org <http://IDPF.org>  is hosted on the same infrastructure
as epubzone.org <http://epubzone.org>  so we are just lucky it hasn’t been
hacked too… yet – that’s a ticking fuse as it the ongoing hosting cost), or
we could identify a third party who wanted to take it on as an independent
site (so far in my understanding no one has offered to do that, but we
haven’t proactively asked anyone either). I believe W3C management isn’t
fussed about the direction as long as within the parameters that it won’t
have ongoing cost to W3C since we’d rather direct our limited resources
elsewhere.
 
This was an agenda topic at a SC call a while back but I believe it was a
call I had to miss and the minutes didn’t note anything specific. So I don’t
know if it was discussed or if not if anyone has any strong opinions about
it. 
 
We could temporarily take the site down to avoid spreading malware and if
there’s no consensus relatively immediately I think that’s the path we
should take to avoid spreading malware and giving EPUB a black eye.

Thanks,
 
--BillM

Received on Saturday, 26 May 2018 01:41:09 UTC