Wireshark · Wireshark-dev: Re: [Wireshark-dev] Is wireshark.org possibly hacked?

Wireshark-dev: Re: [Wireshark-dev] Is wireshark.org possibly hacked?

From: Gerald Combs <gerald@xxxxxxxxxxxxx>

Date: Tue, 25 Jun 2024 14:04:15 -0700

Each of the Sucuri issues should be fixed now.

On 6/25/24 9:30 AM, Roland Knall wrote:

We will be looking into it

kind regards
Roland

Am Di., 25. Juni 2024 um 18:24 Uhr schrieb Triton Circonflexe <triton+enuiqr@xxxxxxxxxx <mailto:triton%2Benuiqr@xxxxxxxxxx>>:

    It seems to be an issue with the placement of the clear/dark theme javascript.

    I checked the about.html page with a simple "view source" and Firefox
    is also complaining about the fact that the <html> tag is not the root
    of the document.

    In fact, we see

    <!DOCTYPE html>

    <script>
         const currentTheme = localStorage.getItem("theme");
         document.documentElement.className = currentTheme;
    </script>

    <html …>…</html>

    in all pages while the script tag should probably be inside the <head>
    tag (but my last go at HTML was with HTML 4.01 so I’ll let someone
    more competent take over from there.

    Le mar. 25 juin 2024 à 16:05, Kate <kateshadowhouse@xxxxxxxxx <mailto:kateshadowhouse@xxxxxxxxx>> a écrit :
     >
     > or possibly a code review(of the website)?
     >
     >
     > checked sucuri sitecheck :
     >
     >
     > https://sitecheck.sucuri.net/results/https/www.wireshark.org <https://sitecheck.sucuri.net/results/https/www.wireshark.org>
     >
     > warning.html_anomaly
     >
     > Description:
     > We detected anomaly in HTML code placement. Typical anomalies are placement of scripts and iframes outside of the <html>..</html> block, which means that it was don't by someone who is not familiar with the web page generation process of this particular site (massive automated infection) or simply doesn't have access to the code that generates webpages (for example, server-level infections that append malware to every server response). This is a strong signal that a stranger tried to modify web pages.
     >
     >
     >
     > Site Issue Detected
     >
     > http://www.wireshark.org/ <http://www.wireshark.org/> (More Details)
     >
     >
     > Anomaly behavior detected (possible malware): warning.html_anomaly?1
     > Site Issue Detected
     >
     > https://www.wireshark.org/ <https://www.wireshark.org/> (More Details)
     >
     >
     > Anomaly behavior detected (possible malware): warning.html_anomaly?1
     > Site Issue Detected
     >
     > https://www.wireshark.org/about.html <https://www.wireshark.org/about.html> (More Details)
     >
     >
     > Anomaly behavior detected (possible malware): warning.html_anomaly?1
     > Site Issue Detected
     >
     > https://www.wireshark.org/docs/ <https://www.wireshark.org/docs/> (More Details)
     >
     >
     > Anomaly behavior detected (possible malware): warning.html_anomaly?1
     > Site Issue Detected
     >
     > https://www.wireshark.org/download.html <https://www.wireshark.org/download.html> (More Details)
     >
     >
     > Anomaly behavior detected (possible malware): warning.html_anomaly?1
     > Site Issue Detected
     >
     > https://www.wireshark.org/faq.html <https://www.wireshark.org/faq.html> (More Details)
     >
     >
     > Anomaly behavior detected (possible malware): warning.html_anomaly?1
     > Site Issue Detected
     >
     > https://www.wireshark.org/learn <https://www.wireshark.org/learn> (More Details)
     >
     >
     > Anomaly behavior detected (possible malware): warning.html_anomaly?1
     > Site Issue Detected
     >
     > https://www.wireshark.org/lists/ <https://www.wireshark.org/lists/> (More Details)
     >
     >
     > Anomaly behavior detected (possible malware): warning.html_anomaly?1
     >
     > ___________________________________________________________________________
     > Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx <mailto:wireshark-dev@xxxxxxxxxxxxx>>
     > Archives: https://www.wireshark.org/lists/wireshark-dev <https://www.wireshark.org/lists/wireshark-dev>
     > Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev <https://www.wireshark.org/mailman/options/wireshark-dev>
     >              mailto:wireshark-dev-request@xxxxxxxxxxxxx <mailto:wireshark-dev-request@xxxxxxxxxxxxx>?subject=unsubscribe
    ___________________________________________________________________________
    Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx <mailto:wireshark-dev@xxxxxxxxxxxxx>>
    Archives: https://www.wireshark.org/lists/wireshark-dev <https://www.wireshark.org/lists/wireshark-dev>
    Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev <https://www.wireshark.org/mailman/options/wireshark-dev>
                  mailto:wireshark-dev-request@xxxxxxxxxxxxx <mailto:wireshark-dev-request@xxxxxxxxxxxxx>?subject=unsubscribe


___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
              mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe

References:
- [Wireshark-dev] Is wireshark.org possibly hacked?
  - From: Kate
- Re: [Wireshark-dev] Is wireshark.org possibly hacked?
  - From: Triton Circonflexe
- Re: [Wireshark-dev] Is wireshark.org possibly hacked?
  - From: Roland Knall

Prev by Date: Re: [Wireshark-dev] Is wireshark.org possibly hacked?
Next by Date: [Wireshark-dev] Request for support: some web pages on your site not responding
Previous by thread: Re: [Wireshark-dev] Is wireshark.org possibly hacked?
Next by thread: [Wireshark-dev] Request for support: some web pages on your site not responding
Index(es):
- Date
- Thread