ampproject / amphtml

The AMP web component framework.
https://amp.dev
Apache License 2.0
14.89k stars 3.89k forks source link

Persistent Access to AMP Pages After Main Subdomain Suspension Due to Hacking Incident #39870

Open jefrymey opened 8 months ago

jefrymey commented 8 months ago

Description

The subdomain **https://rektorika.syekhnurjati.ac.id/** of the educational site IAIN Syekh Nurjati Cirebon in Indonesia has been compromised and used to create automated doorway pages for online gambling—a practice illegal in Indonesia. These pages were automatically generated using PHP techniques, resulting in a significant number of pages (over 36,100 results) being indexed by Google.

The hosting and registrar parties have resolved the issue by blocking access to the compromised subdomain. However, the AMP pages created by the subdomain are still active and redirect to a separate domain (**cdn-dsfd3653uad4wi34osegjkhef-gfgfere-fseweergftaavas.xyz**), which continues to serve online gambling content, accessible on mobile devices though inaccessible from desktop browsers.

Request for assistance: We seek help in detaching or disconnecting the AMP service from both the compromised subdomain and the domain it redirects to. Efforts to remove outdated content through Google's own features have been undermined by the hackers' persistent access to Google Search Console, allowing them to cancel the page removal. The gambling content remains accessible to users in Indonesia, causing ongoing concern.

image image

Reproduction Steps

  1. Access Page from a mobile device using google search and type query "slot site:rektorika.syekhnurjati.ac.id" or just go to URL: https://www.google.com/search?q=slot%20site:rektorika.syekhnurjati.ac.id.
  2. Notice that AMP pages redirecting to cdn-dsfd3653uad4wi34osegjkhef-gfgfere-fseweergftaavas.xyz are still active and can be accessed.
  3. Verify that the content served via AMP is related to online gambling.

Relevant Logs

Not applicable, as this is an issue of unauthorized access and content serving.

Browser(s) Affected

Chrome

OS(s) Affected

All mobile operating systems accessing the AMP pages

Device(s) Affected

All mobile devices

AMP Version Affected

Not specific to an AMP version, as the issue lies with unauthorized AMP page accessibility

erwinmombay commented 8 months ago

@jefrymey triaging the issue and prioritizing it. Hoping to give a quick response

erwinmombay commented 8 months ago

@jefrymey do you mind if we re-use the old thread https://github.com/ampproject/amphtml/issues/39704 so we can keep it in one location?

jefrymey commented 8 months ago

Sure, thanks ^^