• Welcome, Guest! We hope you enjoy the excellent technical knowledge, event information and discussions that the BMW MOA forum provides. Some forum content will be hidden from you if you remain logged out. If you want to view all content, please click the 'Log in' button above and enter your BMW MOA username and password.

    If you are not an MOA member, why not take the time to join the club, so you can enjoy posting on the forum, the BMW Owners News magazine, and all of the discounts and benefits the BMW MOA offers?

Home Page Hijacked

maduko

New member
Just visited the home page (bmwmoa.org) and got redirected to a Chinese spam site.

I think it was flu.cc maybe?
 
You are correct, sir! No one's in the office yet, but I'll send some emails.
 
Seems to be okay now when I use the bmwmoa link at the bottom of the forum page.
 
It still goes to the Chinese site if I use the top left link or the bottom link. I have alerted the office. Vince said it worked OK for him...it works OK for Lee. There must be something different about each person setup that makes it work or not work.
 
Mods, this question is not meant to be diss against your efforts. But as a member I have to wonder why we continue to have so many website issues. Maybe it's my imagination but in the last few months it seems like we can't go for any length of time without there being another MOA website issue, either in the forum or the site itself. I'm don't see other sites I visit regularly having these issues. Are we more vulnerable for some reason?
 
We only have access to this side of the screen Paul. When we get notice we collect the info from the members and forward to the MOA office so the behind the screen work can be done.
I am Admin on another site and, while it is sad to say, there is always someone trying to get in and wreak havoc. Currently on the other site I am "bouncing" applicants at the 26 to 1 ratio.
I can assure that the Mods are constantly working on keeping the Forum running smooth and cyber-safe.
Gary
 
Mods, this question is not meant to be diss against your efforts. But as a member I have to wonder why we continue to have so many website issues. Maybe it's my imagination but in the last few months it seems like we can't go for any length of time without there being another MOA website issue, either in the forum or the site itself. I'm don't see other sites I visit regularly having these issues. Are we more vulnerable for some reason?

In defense of the mods, we do not have the ability to do more than use the forum software and to set forum configuration that is provided through the forum software. Anything that happens outside of the forum software is beyond our access, and must be acted on by the club office.

With that aside, the bigger question is, why does the club's website keep having problems? If I could answer that for you, then the site would get fixed and we wouldn't continue to have these problems.

Possible reasons could include:
1) Poor choice of account names and/or passwords: for the website hosting control panel accounts, for ftp accounts, for command line shell accounts, for any software utility tools accounts.
2) Poorly configured web server and/or firewall, leaving vulnerable ports open
3) Unpatched software, leaving programs from the host server operating system up through the website and forum software vulnerable to known "exploits".
4) Unknown "zero day" exploits in any level of the software that runs the site

I can give you an example from my own experience to demonstrate how tricky this is. I developed the website for the Vintage BMW Motorcycle Owners club, and I am the webmaster there. One Saturday, almost two years after I first got the website going, I was doing something on the website, when it seemed unusually slow. I logged in on a command line and found that in fact the server had about 10 times the normal load. The webserver software didn't seem to be unusually busy. I checked and found several processes running that I wasn't familiar with. After doing some more checking, I found that they were being run from a location in the temporary file uploads directory.

I spent the next several hours looking at the software and Googling about different parts. I was fortunate to find a log file, and I Googled messages out of that. Eventually a picture emerged: the software that was running on our server was scanning a large swath of all the internet IP addresses. It was looking for web servers that were running a particular kind of server software that provided VOIP services (voice over internet protocol, or the ability to make calls over the internet; like Skype). When it found such a server, another part of it would then attempt to break in. From what I understood of the code, if it succeeded, it's goal was to email the relevant information to a random-looking email alias at yahoo.com.

This was bad for the club; at the rate this scan was sucking up our internet access, it would have burned through our hosting bandwidth limit of 1 terabyte/month in just a few days, and then our website would have been off the air for the rest of the month. (There is also the question what responsibility we had, or might have had to answer to, for any theft that might have resulted.) In a worst-case scenario, we could have been sued for the value of any phone service that had been stolen and our web host might have booted us for violating their terms of service.

By finding in the log file when it had started up, I crossed over to our web server software's log file. There, just before this script fired up, I found several interesting web page accesses. They were not accesses to our web site software. Instead, they were accesses to the setup script for a very common database debugging tool I had installed. After some more searching and Googling, I found that for 5 sequential releases of this software, there was a bug in the setup script such that it didn't secure itself correctly, which provided an opening. A known exploit had been developed and published, which allowed arbitrary files to be uploaded and executed. Of course, the version of the software I had installed was from one of these releases. The fix to close the hole was trivial - delete or move the setup script. (As a postscript, since that time, when I have looked in our webserver log files, I have routinely found attempts to use this exploit. IP address searches showed that these attempts originate from every corner of the globe.)

I am a computer programmer by trade, and I am reasonably familiar with operating systems and software. But in the nearly 40 years I have been working with computers, the software has grown so dense and so multilayered, it is simply impossible to stay on top of more than a very, very narrow segment. I would be forever buried if I attempted to stay on top of all the security problems that occur in each piece of software at each level from the operating system through the network layers to the database and web server software to the website software. On the other hand, most small businesses and clubs/nonprofits/service organizations cannot begin to afford the serious monthly costs for a fully managed web site.
 
Gary, Darryl,

Thanks for taking the time to respond and answer my question. Not completely sure i understand it all but at least it helps me understand some of what is happening.
 
I always appreciate Darryl's insight to the ones-and-zeroes behind the screen.

BTW...the MOA website seems to be fixed...it is for me.
 
Gary, Darryl,

Thanks for taking the time to respond and answer my question. Not completely sure i understand it all but at least it helps me understand some of what is happening.

:thumb That's what we are here for. Good news Kurt.
 
Here is what I noticed

I've been a member over 7 years and active on this forum as well as using the home page.

The frequency of problems has been much greater recently.

I'm also active on BWMST, three sailing forums and two woodworking forums. Not one of those has had these problems during the last few months like we have.

Luck? :dunno
 
Bud -

What is your definition of recently? Since we switched to the newer version of vBulletin, things have been pretty quiet, certainly far different than November and December last year. The MOA office has a third party constantly sweeping the website for viruses. This is in advance of switching to the new website (not the forum)...they want the transfer of data to be clean.
 
Bud -

What is your definition of recently? Since we switched to the newer version of vBulletin, things have been pretty quiet, certainly far different than November and December last year. The MOA office has a third party constantly sweeping the website for viruses. This is in advance of switching to the new website (not the forum)...they want the transfer of data to be clean.


Last 6 months. :wave

Where was the third party when the home page got hijacked? Just sayn.....

I'm please that there is a concentrated effort to get clean data into the new website. And I'm aware of the difference between the forum and the website.

You guys have worked diligently in getting the forum running well and your efforts have paid off as McAfffee has been spitting up less lately when I log on.

I'm not privy to the current support you get from MOA. I was told that Scott was no longer a resource for us as he decided to do other things. I hope that someone else was appointed to provide you guys the support you deserve.

This forum is a very large member benefit, and as such, should receive the same technical support as the web site. IMO.

I hope that has been happening. Since all the mods work for free, and spend a lot of time doing it, professional tech support is the least that MOA could provide to help you do your job (which is moderation, not technical support).

Thanks for all you do.

None of my comments were meant to be a criticism of any of the mods here.
 
Bud -

You're correct in your description of things. Yes, Scott had stepped away...he was the only guy who knew PHP programming, which is what the vBulletin software is all about. But since then, the office has on retainer an organization who routinely programs in this language and will be supporting our transition to the new-style forum when it happens down the road. Once the new website is up and running (should be a matter of days), these guys will create a bridge between the new website and the current vBulletin forum. And hopefully, they can help with updating some of the skins and a few other basic features that we seem to have lost.

Hopefully the up-down nature of the forum is behind us.
 
Back
Top