Page 1 of 2 1 2 LastLast
Results 1 to 15 of 19

Thread: Home Page Hijacked

  1. #1
    Registered User maduko's Avatar
    Join Date
    Feb 2010
    Location
    Tulsa, OK
    Posts
    31

    Exclamation Home Page Hijacked

    Just visited the home page (bmwmoa.org) and got redirected to a Chinese spam site.

    I think it was flu.cc maybe?
    Two Wheel Oklahoma
    It's like a TV show, but on TV.

  2. #2
    Administrator 20774's Avatar
    Join Date
    Sep 2005
    Location
    San Antonio, TX
    Posts
    12,446
    You are correct, sir! No one's in the office yet, but I'll send some emails.
    Kurt -- Forum Administrator ---> Resources and Links Thread <---
    '78 R100/7 & '69 R69S & '52 R25/2
    mine-ineye-deatheah-pielayah-jooa-kalayus. oolah-minane-hay-meeriah-kal-oyus-algay-a-thaykin', buddy!

  3. #3
    BeemerBoy terham's Avatar
    Join Date
    Feb 2005
    Location
    Exit 31, PA TPK
    Posts
    2,109
    Quote Originally Posted by maduko View Post
    Just visited the home page (bmwmoa.org) and got redirected to a Chinese spam site.

    I think it was flu.cc maybe?
    Same here...
    Terence
    R75/5 R100RS K100RS R1100S

  4. #4
    Debbie's Servant Lee's Avatar
    Join Date
    May 2003
    Location
    SW Iowa
    Posts
    1,311
    Seems to be okay now when I use the bmwmoa link at the bottom of the forum page.
    Lee 2011 K1300S
    MOA # 30878
    Past BMW Bikes, 2003 K1200RS, 1991 K75S, 1987 K75T, 1984 R100RT

  5. #5
    Administrator 20774's Avatar
    Join Date
    Sep 2005
    Location
    San Antonio, TX
    Posts
    12,446
    It still goes to the Chinese site if I use the top left link or the bottom link. I have alerted the office. Vince said it worked OK for him...it works OK for Lee. There must be something different about each person setup that makes it work or not work.
    Kurt -- Forum Administrator ---> Resources and Links Thread <---
    '78 R100/7 & '69 R69S & '52 R25/2
    mine-ineye-deatheah-pielayah-jooa-kalayus. oolah-minane-hay-meeriah-kal-oyus-algay-a-thaykin', buddy!

  6. #6
    Registered User k100lt's Avatar
    Join Date
    Apr 2003
    Location
    So. Calif.
    Posts
    135
    When I click on my bookmark it takes me to the Chinese site.
    David
    1989 K100LT

  7. #7
    Registered User
    Join Date
    May 2011
    Posts
    51
    If I just go to the bmwmoa.org page, I get re-directed. If I add /forum it takes me here.
    1997 R1100RT-P

    Motorcycles: Because you never see one parked in front of a psychiatrist's office.

  8. #8
    Lost again Texpaul's Avatar
    Join Date
    Oct 2006
    Location
    San Antonio, Tx
    Posts
    417
    Mods, this question is not meant to be diss against your efforts. But as a member I have to wonder why we continue to have so many website issues. Maybe it's my imagination but in the last few months it seems like we can't go for any length of time without there being another MOA website issue, either in the forum or the site itself. I'm don't see other sites I visit regularly having these issues. Are we more vulnerable for some reason?
    Paul Mulhern
    MOA# 56330
    '05 1200GS Big Blue

  9. #9
    Outlander Omega Man's Avatar
    Join Date
    Jan 2010
    Location
    Mansfield,MA
    Posts
    5,910
    We only have access to this side of the screen Paul. When we get notice we collect the info from the members and forward to the MOA office so the behind the screen work can be done.
    I am Admin on another site and, while it is sad to say, there is always someone trying to get in and wreak havoc. Currently on the other site I am "bouncing" applicants at the 26 to 1 ratio.
    I can assure that the Mods are constantly working on keeping the Forum running smooth and cyber-safe.
    Gary
    "Well they say.. time loves a hero but only time will tell.. If he's real, he's a legend from heaven If he ain't he was sent here from hell" Lowell George
    2009 F800GS 1994 TW200
    Part of the Forum Threadside Assistance Program

  10. #10
    Cannonball Rider #52 darrylri's Avatar
    Join Date
    Oct 2003
    Location
    Surf City, USA (Santa Cruz, CA)
    Posts
    4,515
    Quote Originally Posted by Texpaul View Post
    Mods, this question is not meant to be diss against your efforts. But as a member I have to wonder why we continue to have so many website issues. Maybe it's my imagination but in the last few months it seems like we can't go for any length of time without there being another MOA website issue, either in the forum or the site itself. I'm don't see other sites I visit regularly having these issues. Are we more vulnerable for some reason?
    In defense of the mods, we do not have the ability to do more than use the forum software and to set forum configuration that is provided through the forum software. Anything that happens outside of the forum software is beyond our access, and must be acted on by the club office.

    With that aside, the bigger question is, why does the club's website keep having problems? If I could answer that for you, then the site would get fixed and we wouldn't continue to have these problems.

    Possible reasons could include:
    1) Poor choice of account names and/or passwords: for the website hosting control panel accounts, for ftp accounts, for command line shell accounts, for any software utility tools accounts.
    2) Poorly configured web server and/or firewall, leaving vulnerable ports open
    3) Unpatched software, leaving programs from the host server operating system up through the website and forum software vulnerable to known "exploits".
    4) Unknown "zero day" exploits in any level of the software that runs the site

    I can give you an example from my own experience to demonstrate how tricky this is. I developed the website for the Vintage BMW Motorcycle Owners club, and I am the webmaster there. One Saturday, almost two years after I first got the website going, I was doing something on the website, when it seemed unusually slow. I logged in on a command line and found that in fact the server had about 10 times the normal load. The webserver software didn't seem to be unusually busy. I checked and found several processes running that I wasn't familiar with. After doing some more checking, I found that they were being run from a location in the temporary file uploads directory.

    I spent the next several hours looking at the software and Googling about different parts. I was fortunate to find a log file, and I Googled messages out of that. Eventually a picture emerged: the software that was running on our server was scanning a large swath of all the internet IP addresses. It was looking for web servers that were running a particular kind of server software that provided VOIP services (voice over internet protocol, or the ability to make calls over the internet; like Skype). When it found such a server, another part of it would then attempt to break in. From what I understood of the code, if it succeeded, it's goal was to email the relevant information to a random-looking email alias at yahoo.com.

    This was bad for the club; at the rate this scan was sucking up our internet access, it would have burned through our hosting bandwidth limit of 1 terabyte/month in just a few days, and then our website would have been off the air for the rest of the month. (There is also the question what responsibility we had, or might have had to answer to, for any theft that might have resulted.) In a worst-case scenario, we could have been sued for the value of any phone service that had been stolen and our web host might have booted us for violating their terms of service.

    By finding in the log file when it had started up, I crossed over to our web server software's log file. There, just before this script fired up, I found several interesting web page accesses. They were not accesses to our web site software. Instead, they were accesses to the setup script for a very common database debugging tool I had installed. After some more searching and Googling, I found that for 5 sequential releases of this software, there was a bug in the setup script such that it didn't secure itself correctly, which provided an opening. A known exploit had been developed and published, which allowed arbitrary files to be uploaded and executed. Of course, the version of the software I had installed was from one of these releases. The fix to close the hole was trivial - delete or move the setup script. (As a postscript, since that time, when I have looked in our webserver log files, I have routinely found attempts to use this exploit. IP address searches showed that these attempts originate from every corner of the globe.)

    I am a computer programmer by trade, and I am reasonably familiar with operating systems and software. But in the nearly 40 years I have been working with computers, the software has grown so dense and so multilayered, it is simply impossible to stay on top of more than a very, very narrow segment. I would be forever buried if I attempted to stay on top of all the security problems that occur in each piece of software at each level from the operating system through the network layers to the database and web server software to the website software. On the other hand, most small businesses and clubs/nonprofits/service organizations cannot begin to afford the serious monthly costs for a fully managed web site.
    --Darryl Richman, forum liaison
    http://darryl.crafty-fox.com

  11. #11
    Lost again Texpaul's Avatar
    Join Date
    Oct 2006
    Location
    San Antonio, Tx
    Posts
    417
    Gary, Darryl,

    Thanks for taking the time to respond and answer my question. Not completely sure i understand it all but at least it helps me understand some of what is happening.
    Paul Mulhern
    MOA# 56330
    '05 1200GS Big Blue

  12. #12
    Administrator 20774's Avatar
    Join Date
    Sep 2005
    Location
    San Antonio, TX
    Posts
    12,446
    I always appreciate Darryl's insight to the ones-and-zeroes behind the screen.

    BTW...the MOA website seems to be fixed...it is for me.
    Kurt -- Forum Administrator ---> Resources and Links Thread <---
    '78 R100/7 & '69 R69S & '52 R25/2
    mine-ineye-deatheah-pielayah-jooa-kalayus. oolah-minane-hay-meeriah-kal-oyus-algay-a-thaykin', buddy!

  13. #13
    BeemerBoy terham's Avatar
    Join Date
    Feb 2005
    Location
    Exit 31, PA TPK
    Posts
    2,109
    Works for me now.
    Terence
    R75/5 R100RS K100RS R1100S

  14. #14
    Outlander Omega Man's Avatar
    Join Date
    Jan 2010
    Location
    Mansfield,MA
    Posts
    5,910
    Quote Originally Posted by Texpaul View Post
    Gary, Darryl,

    Thanks for taking the time to respond and answer my question. Not completely sure i understand it all but at least it helps me understand some of what is happening.
    That's what we are here for. Good news Kurt.
    "Well they say.. time loves a hero but only time will tell.. If he's real, he's a legend from heaven If he ain't he was sent here from hell" Lowell George
    2009 F800GS 1994 TW200
    Part of the Forum Threadside Assistance Program

  15. #15
    It is what it is. Bud's Avatar
    Join Date
    Feb 2006
    Location
    Flyover Country = Southern Illinois
    Posts
    6,493

    Here is what I noticed

    I've been a member over 7 years and active on this forum as well as using the home page.

    The frequency of problems has been much greater recently.

    I'm also active on BWMST, three sailing forums and two woodworking forums. Not one of those has had these problems during the last few months like we have.

    Luck?
    Ride Well, Ride Often, Ride to

    Charter Member "High Town" crew.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •