Open jefrymey opened 8 months ago
@jefrymey triaging the issue and prioritizing it. Hoping to give a quick response
@jefrymey do you mind if we re-use the old thread https://github.com/ampproject/amphtml/issues/39704 so we can keep it in one location?
Sure, thanks ^^
Description
The subdomain
**https://rektorika.syekhnurjati.ac.id/**
of the educational site IAIN Syekh Nurjati Cirebon in Indonesia has been compromised and used to create automated doorway pages for online gambling—a practice illegal in Indonesia. These pages were automatically generated using PHP techniques, resulting in a significant number of pages (over 36,100 results) being indexed by Google.The hosting and registrar parties have resolved the issue by blocking access to the compromised subdomain. However, the AMP pages created by the subdomain are still active and redirect to a separate domain (
**cdn-dsfd3653uad4wi34osegjkhef-gfgfere-fseweergftaavas.xyz**
), which continues to serve online gambling content, accessible on mobile devices though inaccessible from desktop browsers.Request for assistance: We seek help in detaching or disconnecting the AMP service from both the compromised subdomain and the domain it redirects to. Efforts to remove outdated content through Google's own features have been undermined by the hackers' persistent access to Google Search Console, allowing them to cancel the page removal. The gambling content remains accessible to users in Indonesia, causing ongoing concern.
Reproduction Steps
cdn-dsfd3653uad4wi34osegjkhef-gfgfere-fseweergftaavas.xyz
are still active and can be accessed.Relevant Logs
Browser(s) Affected
Chrome
OS(s) Affected
All mobile operating systems accessing the AMP pages
Device(s) Affected
All mobile devices
AMP Version Affected
Not specific to an AMP version, as the issue lies with unauthorized AMP page accessibility