News:

Welcome to the Golf Club Atlas Discussion Group!

Each user is approved by the Golf Club Atlas editorial staff. For any new inquiries, please contact us.


Sam Morrow

Re:GolfClubAtlas.com has been sabotaged
« Reply #25 on: January 28, 2008, 10:28:10 PM »
I've got to ask, who would sabatoge GCA?

http://www.youtube.com/watch?v=H4PN7Xbexq4

How could I have been so blind?

Sam, that's a question, I'm afraid, only you can answer ... .


I'm not sure if I'm man enough to answer it. I think it's a much deeper emotional issue I have.

Kalen Braley

  • Karma: +0/-0
Re:GolfClubAtlas.com has been sabotaged
« Reply #26 on: January 28, 2008, 10:32:41 PM »
This should be easy to investigate... The Google Ads on top of each page contain the following javascipt variables:

google_ad_client = "pub-1804863164493224";
google_ad_slot = "1742717301";

If these ads are indeed unwanted by gca, Google would certainly want to know that this Google Client is somehow placing their ads on this site.

Also found this in the source code as well:

src="http://pagead2.googlesyndication.com/pagead/show_ads.js">.

To all,

Please don't follow the link though.  Could be something nasty if you open the .js file extension.

mike_beene

  • Karma: +0/-0
Re:GolfClubAtlas.com has been sabotaged
« Reply #27 on: January 28, 2008, 10:44:51 PM »
Cybersquatting, internet traffic is a big industry. Every time I get some web pirate shut down someone is trying something new to divert people from our site by trickery. There is a whole industry teaching people how to shadow web sites and make money. Don't assume this is a mistake and ignore it until they get their injunction.

Phil_the_Author

Re:GolfClubAtlas.com has been sabotaged
« Reply #28 on: January 29, 2008, 03:41:10 AM »
Well it's nice to see that it has become mobile and moved itself to the bottom of the page...


Rich Goodale

Re:GolfClubAtlas.com has been sabotaged
« Reply #29 on: January 29, 2008, 05:53:31 AM »
If this is the way Google allows its customers to operate, I'm selling all those shares that Sergey kindly gave me in 2001 when I lent him a fiver at Starbucks in Palo Alto for a Chai Latte..... :(

Kalen Braley

  • Karma: +0/-0
Re:GolfClubAtlas.com has been sabotaged
« Reply #30 on: January 29, 2008, 09:28:41 AM »
Sure enough, the intruder has moved his ads to the bottom of the of the page in the source code.

After poking around on some message boards last night for this type of problem, it looks like the server has been comprised.  As B. Richard said, those unique ID's should be reported to Google as well as the server should change its username and password.  However its very possible the hacker has set up a back door account on the server and can access it now anyways......

Looks like they may need to move the site to a different server that has not been compromised and then wipe the current server clean.   :(

Tom Huckaby

Re:GolfClubAtlas.com has been sabotaged
« Reply #31 on: January 29, 2008, 09:58:34 AM »
I've been trying to tell you guys for oh so long, no one listens to me...

Google = bad
Yahoo! = good

Now can you see it, believe it, live it?

 ;D ;D ;D

BTW Rich, Dan King lent Sergey $20 - that's why he's a gazillionaire today.  Karma, man.

 ;D

TEPaul

Re:GolfClubAtlas.com has been sabotaged
« Reply #32 on: January 29, 2008, 10:09:31 AM »
Slag:

Thanks a lot for the mugshot of the guy in the Hawaian shirt above. Jeeesus, I thought I was looking in the mirror!

Sam Morrow:

Who would want to sabotage GOLFLCLUBATLAS.com??

I'll be glad to compile a list on that and get back to you. Give me about two weeks.

Furthermore, I feel cheated. I was really looking forward to checking out BADLANDS GC. Oh My God, I didn't notice but now I see the saboteurs have dropped from the top of the page down to the bottom of the page. I think they're fixin' on totally circlin' us and comin' in for the kill.
« Last Edit: January 29, 2008, 10:14:46 AM by TEPaul »

Scott_Burroughs

  • Karma: +0/-0
Re:GolfClubAtlas.com has been sabotaged
« Reply #33 on: January 29, 2008, 10:20:43 AM »
Slag:

Thanks a lot for the mugshot of the guy in the Hawaian shirt above. Jeeesus, I thought I was looking in the mirror!

Tom,

FYI, that mug shot is of actor Nick Nolte when he got busted 3-4 (?) years ago for possession of some illegal substances.

Mike McGuire

  • Karma: +0/-0
Re:GolfClubAtlas.com has been sabotaged
« Reply #34 on: January 29, 2008, 10:31:14 AM »

The ads don't matter. Being hacked does. Who maintains this site? I would log on - remove the google adsense code - change the password - and log off.

Should take seconds - not days.

What other harm could someone with administrator password credentials do?  access paypal account? - check IM's - take the site down ?



Garland Bayley

  • Karma: +0/-0
Re:GolfClubAtlas.com has been sabotaged
« Reply #35 on: January 29, 2008, 11:13:50 AM »
We have suffered irreversible mental anguish due to this intrusion. We must do what americans do -litigate! ;D

Good idea! Does anyone know a lawyer??
"I enjoy a course where the challenges are contained WITHIN it, and recovery is part of the game  not a course where the challenge is to stay ON it." Jeff Warne

Richard Boult

Re:GolfClubAtlas.com has been sabotaged
« Reply #36 on: January 29, 2008, 12:50:39 PM »
I doubt the site was hacked... the ads were most likely added by either the website host or discussion forum provider (http://www.yabbse.org).  The terms of service for one of these hosts probably states they're allowed to do so - meaning they're making a little extra cash off this site in addition to any service fees being paid.

Kalen Braley

  • Karma: +0/-0
Re:GolfClubAtlas.com has been sabotaged
« Reply #37 on: January 29, 2008, 01:26:48 PM »
B Richard,

Rans initial comments would suggest it was an outside, non-authorized entity.  If thier web host says they don't know where its coming from, that would rule them out.  

And if the host hasn't added any recent patches to the forum software from yabbSe, that would rule out Yabb.

I've read in a few other forums this has happened to others and they reported the offenders to Google and made sure to cheack and or change thier authentication policies.
« Last Edit: January 29, 2008, 01:27:44 PM by Kalen Braley »

ANTHONYPIOPPI

Re:GolfClubAtlas.com has been sabotaged
« Reply #38 on: January 29, 2008, 01:37:13 PM »
I clicked on one of those links and won a fabulous two-day, no-night trip to Lawrenceville, Ill.

Anthony


Steve Sayre

  • Karma: +0/-0
Re:GolfClubAtlas.com has been sabotaged
« Reply #39 on: January 29, 2008, 01:47:47 PM »
So they are still there.....now at the bottom of the page, and on the login page...


Craig Van Egmond

  • Karma: +0/-0
Re:GolfClubAtlas.com has been sabotaged
« Reply #40 on: January 29, 2008, 01:53:17 PM »

The version of YABB (1.5.4)  that GCA uses is old, circa 2003, and has quite a few known vulnerabilities including some nasty PHP cross site scripting and sql injection attacks.  It would be trivial to exploit if they have not patched their software.

Version 2.2 is out now.

Doug Wright

  • Karma: +0/-0
Re:GolfClubAtlas.com has been sabotaged
« Reply #41 on: January 29, 2008, 02:58:19 PM »

...nasty PHP cross site scripting and sql injection attacks.  

Craig please watch your language or the moderator'll wash your mouth out with soap!  :)

Alternatively maybe this should be the NY Giants game plan for Sunday.
Twitter: @Deneuchre

TEPaul

Re:GolfClubAtlas.com has been sabotaged
« Reply #42 on: January 29, 2008, 03:04:35 PM »
"Tom,
FYI, that mug shot is of actor Nick Nolte when he got busted 3-4 (?) years ago for possession of some illegal substances."


ScottB:

Yeah, I recognized him---I knew it was Nick Nolte but I didn't want to mention his name because I never really liked the guy. I always thought he was a bit too much of a "goodie-two-shoes" and the kind of guy who didn't like to have enough of a good time for my tastes!

Jay Flemma

Re:GolfClubAtlas.com has been sabotaged
« Reply #43 on: January 29, 2008, 03:11:25 PM »

...nasty PHP cross site scripting and sql injection attacks.  

Craig please watch your language or the moderator'll wash your mouth out with soap!  :)

Alternatively maybe this should be the NY Giants game plan for Sunday.

It looked more to me like a Patriots "spread offense" play!

Brady:  "On three!  YABB 154, cross site script, sql injection.  Let's go!"  

Mike McGuire

  • Karma: +0/-0
Re:GolfClubAtlas.com has been sabotaged
« Reply #44 on: January 29, 2008, 03:53:24 PM »

Craig-

Could you give a few simple examples of what could happen due to security holes in this website?

Perhaps it would help push along an upgrade.


tlavin

Re:GolfClubAtlas.com has been sabotaged
« Reply #45 on: January 29, 2008, 04:25:11 PM »

The version of YABB (1.5.4)  that GCA uses is old, circa 2003, and has quite a few known vulnerabilities including some nasty PHP cross site scripting and sql injection attacks.  It would be trivial to exploit if they have not patched their software.

Version 2.2 is out now.

If I hear ONE MORE horror story about cross-site scripting, I'm gonna burst!

Craig Van Egmond

  • Karma: +0/-0
Re:GolfClubAtlas.com has been sabotaged
« Reply #46 on: January 29, 2008, 04:31:39 PM »
Mike,

here are the gory details..

Warning techno babble to follow...


"YaBBSE Index.PHP Cross-Site Scripting Vulnerability

A cross-site scripting vulnerability affects YaBBSE because the application fails to properly sanitize user-supplied input before including it in dynamically generated web content.

An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user. This may help the attacker steal cookie-based authentication credentials and launch other attacks."


"yabb-multiple-sql-injection (15354)    The risk level is classified as MediumMedium Risk

Description:

YaBB (Yet Another Bulletin Board) is an open-source bulletin board system that runs on any system capable of executing Perl CGI scripts. YaBB SE versions 1.5.4, 1.5.5, 1.5.5b and possibly earlier versions are vulnerable to SQL injection, caused by a vulnerability in the ModifyMessage module and in the ModifyMessage2 module. A remote attacker could insert arbitrary SQL code in the $msg variable in a request to the index.php script of the ModifyMessage module, in the $postid variable in a request to the index.php script of the ModifyMessage2 module, or in the $attachOld variable in a request to the index.php script of the ModifyMessage2 module, which would allow the attacker obtain sensitive information, including the user's MD5 password hash and secret question, allowing the attacker to add, modify or delete data in the backend database."



"yabb-post-sql-injection (15224)    The risk level is classified as MediumMedium Risk

Description:

YaBB (Yet Another Bulletin Board) is an open-source bulletin board system that runs on any system capable of executing Perl CGI scripts. YaBB SE versions 1.5.4 and 1.5.5 and possibly other versions are vulnerable to SQL injection using the post.php script. A remote attacker, with a valid account, could pass malicious SQL commands to the post.php script using the quote parameter, which would allow the attacker to obtain the encrypted password of another user."


Readers digest version...

Basically it can steal stuff from your computer via your web browser, wipe out the database on the server or steal someone else's password to just for starters.  



« Last Edit: January 29, 2008, 04:33:36 PM by Craig Edgmand »

Mike McGuire

  • Karma: +0/-0
Re:GolfClubAtlas.com has been sabotaged
« Reply #47 on: January 29, 2008, 04:45:06 PM »

If I hear ONE MORE horror story about cross-site scripting, I'm gonna burst!

Terry -

Hopefully the hacker gods aren't listening  :)



« Last Edit: January 29, 2008, 04:46:13 PM by Mike McGuire »

Doug Ralston

Re:GolfClubAtlas.com has been sabotaged
« Reply #48 on: January 29, 2008, 04:47:14 PM »
I've been trying to tell you guys for oh so long, no one listens to me...

Google = bad
Yahoo! = good

Now can you see it, believe it, live it?

 ;D ;D ;D

BTW Rich, Dan King lent Sergey $20 - that's why he's a gazillionaire today.  Karma, man.

 ;D

Tom;

That is not a joke. I bought a Dell desktop, and it came to my surprise that Dell sold it's/my soul to Google. I have tried for years to get rid of Google, but it has some built in hiding program, and reappears to interrupt my wandering at irregular intervals. It is insideous!

I rebel by using Yahoo as a search engine exclusively.  ;)

Doug

Tom Huckaby

Re:GolfClubAtlas.com has been sabotaged
« Reply #49 on: January 29, 2008, 04:50:06 PM »
Doug:

You are a good man.

 ;D

Tom Huckaby
Yahoo! Inc.