Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Persistent Access to AMP Pages After Main Subdomain Suspension Due to Hacking Incident #39870

Open
jefrymey opened this issue Mar 1, 2024 · 3 comments
Open

Persistent Access to AMP Pages After Main Subdomain Suspension Due to Hacking Incident #39870

jefrymey opened this issue Mar 1, 2024 · 3 comments
Assignees
@erwinmombay
Labels
needs sizing P1: High Priority Type: Bug

Comments

@jefrymey
Copy link

jefrymey commented Mar 1, 2024
edited
Loading

Description

The subdomain **https://rektorika.syekhnurjati.ac.id/** of the educational site IAIN Syekh Nurjati Cirebon in Indonesia has been compromised and used to create automated doorway pages for online gambling—a practice illegal in Indonesia. These pages were automatically generated using PHP techniques, resulting in a significant number of pages (over 36,100 results) being indexed by Google.

The hosting and registrar parties have resolved the issue by blocking access to the compromised subdomain. However, the AMP pages created by the subdomain are still active and redirect to a separate domain (**cdn-dsfd3653uad4wi34osegjkhef-gfgfere-fseweergftaavas.xyz**), which continues to serve online gambling content, accessible on mobile devices though inaccessible from desktop browsers.

Request for assistance: We seek help in detaching or disconnecting the AMP service from both the compromised subdomain and the domain it redirects to. Efforts to remove outdated content through Google's own features have been undermined by the hackers' persistent access to Google Search Console, allowing them to cancel the page removal. The gambling content remains accessible to users in Indonesia, causing ongoing concern.

image
image

Reproduction Steps

  1. Access Page from a mobile device using google search and type query "slot site:rektorika.syekhnurjati.ac.id" or just go to URL: https://www.google.com/search?q=slot%20site:rektorika.syekhnurjati.ac.id.
  2. Notice that AMP pages redirecting to cdn-dsfd3653uad4wi34osegjkhef-gfgfere-fseweergftaavas.xyz are still active and can be accessed.
  3. Verify that the content served via AMP is related to online gambling.

Relevant Logs

Not applicable, as this is an issue of unauthorized access and content serving.

Browser(s) Affected

Chrome

OS(s) Affected

All mobile operating systems accessing the AMP pages

Device(s) Affected

All mobile devices

AMP Version Affected

Not specific to an AMP version, as the issue lies with unauthorized AMP page accessibility
@erwinmombay erwinmombay self-assigned this Mar 7, 2024
@erwinmombay
Copy link
Member

@jefrymey triaging the issue and prioritizing it. Hoping to give a quick response

@erwinmombay
Copy link
Member

@jefrymey do you mind if we re-use the old thread #39704 so we can keep it in one location?

@jefrymey
Copy link
Author

jefrymey commented Mar 8, 2024

Sure, thanks ^^

@jefrymey jefrymey mentioned this issue Mar 8, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@erwinmombay erwinmombay

Labels
needs sizing P1: High Priority Type: Bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@erwinmombay @jefrymey