(Topic ID: 208300)

pinwiki - web hosting problem

By smiley

6 years ago


Topic Heartbeat

Topic Stats

  • 288 posts
  • 84 Pinsiders participating
  • Latest reply 1 year ago by PinWiz2180
  • Topic is favorited by 18 Pinsiders

You

Linked Games

No games have been linked to this topic.

    Topic Gallery

    View topic image gallery

    500 (resized).png
    pasted_image (resized).png
    Screenshot_20191227-212023 (resized).png
    wiki (resized).png
    pasted_image (resized).png
    Screenshot_20180322-181743 (resized).png
    Securi_Washing_Machine (resized).jpg

    There are 288 posts in this topic. You are on page 4 of 6.
    #151 4 years ago
    Quoted from zacaj:

    "You may not, except with express written permission, distribute or commercially exploit the PinWiki.com content. Nor may you transmit it or store it in any other website or other form of electronic retrieval system." (from https://www.pinwiki.com/wiki/index.php?title=PinWiki:Copyrights)

    Didn't you just break the agreement there when you quoted it? (And I did too, by quoting you)

    There's already unofficial mirrors of it anyway I've no idea if they have embedded the malicious code in it too as it's not really been too many occasions I've needed to access them.... only when the main site was offline when Casey was trying to fix the issues.

    Everyone temporarily could just grab the whole site using their favorite harvesting tool and store it locally for the future.

    #152 4 years ago
    Quoted from zacaj:

    "You may not, except with express written permission, distribute or commercially exploit the PinWiki.com content. Nor may you transmit it or store it in any other website or other form of electronic retrieval system

    This copyright protects certain elements within the site so you wouldn't want to setup a mirror site. However alot of that copyright page is absolute BS. I would guess 10-15% falls under copyright protection, most of that being photos which can be retaken verbatim by someone else and fall out of protection.

    Anyways talking about mirrors and copyright is a waste of time. I would like to help solve the issues with the site.

    #153 4 years ago
    Quoted from zacaj:

    Sounds like they need to wipe the server and put a fresh wiki on, then import the old pages again or something.

    he already did that

    The infection seems to be in the sources he re-uses.. or he gets exploited again

    #154 4 years ago
    Quoted from Friengineer:

    This copyright protects certain elements within the site so you wouldn't want to setup a mirror site. However alot of that copyright page is absolute BS. I would guess 10-15% falls under copyright protection, most of that being photos which can be retaken verbatim by someone else and fall out of protection.

    The entire site has copyright protection for all original content, regardless of a copyright page. However, the lack of copyright enforcement with the storage of the site in publicly available archival websites and omission of a robots.txt file noting a block for search engines and archival systems could potentially be viewed as abandonment or intent to abandon copyright. I'm not a lawyer though, so I wouldn't suggest anyone push boundaries without actual legal advice.

    1 week later
    #155 4 years ago

    Just tried to access the WPC section of Pinwiki and I get redirected. This is after going directly to pinwiki.com and clicking on the link to the WPC section.

    #156 4 years ago

    I take it that the Pinwiki problems are still ongoing. I was looking to upload some pictures, but the upload file button still seems to be missing. Tried the "Contact me" form on the site, but no reply.

    #157 4 years ago
    Quoted from JimWilks:

    I take it that the Pinwiki problems are still ongoing. I was looking to upload some pictures, but the upload file button still seems to be missing. Tried the "Contact me" form on the site, but no reply.

    I also have some pictures to upload for the Capcom section and I want to start a section for Chicago Gaming Company too. I just got a MB remake and I've snapped some pictures.

    #158 4 years ago

    So is anybody looking into resolving the site hijacking issue at pinwiki? Been buggered for weeks now hasn't it?

    #159 4 years ago

    People with IT skills have offered to help, for free, but there doesn’t appear to be any real impetus to get it fixed. A shame really.

    #160 4 years ago

    Per an IM from Casey...

    “PW should be fixed and uploads working again by Saturday evening. Took longer than expected to go through every single piece to make sure the issue is gone”

    Like all of you, I hope this takes care of it. I’ve been saving material for upload until this is fixed.

    Chris Hibler - CARGPB #31
    Http://chrishiblerpinball.com/contact
    http://www.PinWiki.com/ - The new place for pinball repair info

    #161 4 years ago

    I have also been saving pictures to upload.

    #162 4 years ago

    Still getting page hijacks.

    #163 4 years ago

    At this point the only way I can view the site at all its changing my user agent to a completely bogus value ("User-Agent: x").

    #164 4 years ago

    Still getting hijacked aswell. I did win with the 5-billionth search though. Where can I pick up my TV?

    Screenshot_20191227-212023 (resized).pngScreenshot_20191227-212023 (resized).png
    #165 4 years ago
    Quoted from jfesler:

    At this point the only way I can view the site at all its changing my user agent to a completely bogus value ("User-Agent: x").

    Based on what I'm experiencing it seems like their htaccess file was hijacked. The redirects only seem to be happening when a search engine refers you. I tested it out on urlscan with a handful of different referrals and only saw redirects when it was a search engine.

    If you throw their hosting IP into Shodan you'll see they're running an incredibly old version of OpenSSH, which has numerous vulnerabilities that make it more susceptible to cred stuffing. Though realistically it's probably just that the htaccess file is in a public directory somewhere.

    #166 4 years ago
    Quoted from jfesler:

    At this point the only way I can view the site at all its changing my user agent to a completely bogus value ("Use

    I was hijacked on Linux today by clicking a link to the main page but a link to the Stern Whitestar page didn’t get hijacked.

    Quoted from atrainn:

    The redirects only seem to be happening when a search engine refers you.

    I got the redirect even when typing the URL directly.

    #167 4 years ago
    Quoted from YeOldPinPlayer:

    I got the redirect even when typing the URL directly.

    Wow, I played around with it for a bit last night and only could get redirects with a search engine referral. Sure enough I tried just now and got redirected just typing pinwiki.com in. I do still think it's probably their htaccess file being hijacked though.

    #168 4 years ago

    It could easily be code buried in the wiki itself (the database). Just checking the website files won’t be enough.

    As has been said before this stuff is clever enough not to present itself the same way every time, so people start thinking that esoteric stuff (user agents, www vs non-www, etc) solves it, when all it does is complicate diagnosis.

    #169 4 years ago

    Still no file upload link. I guess the site is still having problems?

    #170 4 years ago

    Redirects still occurring for me too.

    #171 4 years ago

    Given that this has been going on for over a year and with no end in sight, is it time to give up on this one and move on to some other user-driven website? What other websites are similar in purpose?

    #172 4 years ago
    Quoted from JimWilks:

    Given that this has been going on for over a year and with no end in sight, is it time to give up on this one and move on to some other user-driven website? What other websites are similar in purpose?

    The official Clay's Guides (some of them) are still available right at the source:

    http://www.pinrepair.com/

    #173 4 years ago
    Quoted from KenLayton:

    The official Clay's Guides (some of them) are still available right at the source:
    http://www.pinrepair.com/

    But not editable, so we can't add new info and improve them...

    #174 4 years ago
    Quoted from zacaj:

    But not editable, so we can't add new info and improve them...

    Editability is the key attribute desired.

    #175 4 years ago

    I've been a bit of the mind of trying to convert the content to straight markdown - permitting the web site to be staticly generated. Host it on something like GitHub, and the edits could be reviewed (for abuse) then merged. As a static site, there's nothing to compromise. No PHP crap. Github would even host the static content.

    However, that conversion .. is painful. I did spend time looking at it. There's only a couple MediaWiki to markdown converters; they assume you have a backup of the web site (I don't run that web site). And we'd still need to update all links to be useful. It's possible, it's "just" work. More than I can do as weekend project proof of concept to offer. I did look at just a blind pandoc conversion; the resulting markdown is more than a bit ugly. If I were to really tackle this I'd more likely than not attempt to write a proper converter that understands at least enough of the MediaWiki actually used on the site to markdown.

    I genuinely hope that the folks running the site 1: realize they're still 0wn3d, 2: will reach out for help, and 3: before either they or the community give up. It's such a valuable resource - *when* you can get to it.

    #176 4 years ago

    All concerned.

    Yes. We know the site is still compromised. Casey said that he is working on it.

    Before anyone goes off and thinks they would like to try an alternate method, think about the years it has taken to get PInWiki content to where it is today. It is a bit pain staking taking and editing pictures and writing in a way that is clear and to the point. It’s not for everyone. It takes dedication and patience.

    I’ll contact Casey again. If I personally could fix it I would. But this is outside of my current skill set.


    Chris Hibler - CARGPB #31
    Http://chrishiblerpinball.com/contact
    http://www.PinWiki.com/ - The new place for pinball repair info

    #177 4 years ago

    Chris,

    I *really* want pinwiki to continue to be the place to be. It's really incredibly valuable. I know for me personally it's helped save weeks of delays, and thousands of dollars outsourcing repairs. I've learned an immense amount from the site; and the step by step on troubleshooting is *fantastic*.

    Several people on this thread have also offered MediaWiki help. Perhaps someone can also help with a general security review of the host, to make sure the compromise is not via something external to MediaWiki.

    Barring that, I only ask (and perhaps you can relay): If at some point Casey wants to throw in the towel, please don't let the content die. If nothing else let us help migrate it, with blessing. There are alternative ways to maintain things, that are less dynamic and more secure. But, I know change can be hard.

    #178 4 years ago

    The part I don't get is why don't I get any redirects at all? Just doesn't happen on any of the pages I've tried, and works as expected.

    #179 4 years ago
    Quoted from PinMonk:

    The part I don't get is why don't I get any redirects at all? Just doesn't happen on any of the pages I've tried, and works as expected.

    Same here. I visit pinwiki several times a day and have not experienced any redirects at all. I only use my laptop to access it. I have Win10 (and one machine with Win Vista), the latest Firefox browser, and AdBlock.

    #180 4 years ago

    Just to add to the discussion...

    Today I'm not getting redirects with either Safari 13.0.4 or Firefox 71 on a Mac. This is true whether I go to pinwiki.com or www.pinwiki.com.

    Firefox is just standard.
    Safari is using Wipr

    #181 4 years ago

    Maybe the hijack is hungover from New Year's Eve....

    To add to the discussion here, I can totally understand why someone wouldn't want help in this situation. There's a satisfaction of being able to fix something yourself and figure it out.... there's no guarantee any person helping would have been able to ferret out all of the malicious code, either, and sometimes it's extremely helpful when there's only ONE set of eyes on something. No doubt Casey got to the point where he thought he had everything. For all we know it's being hijacked in the middle by something out of his control. Time will tell.

    #182 4 years ago
    Quoted from KenLayton:

    Same here. I visit pinwiki several times a day and have not experienced any redirects at all. I only use my laptop to access it. I have Win10 (and one machine with Win Vista), the latest Firefox browser, and AdBlock.

    I've tried it on all the browsers I have, with and without adblock and...nothing. I can't get it to redirect at all, and never have seen the problems others complain about. It must be a very choosey redirector, or I have some kind of accidental immunity.

    #183 4 years ago
    Quoted from PinMonk:

    I've tried it on all the browsers I have, with and without adblock and...nothing. I can't get it to redirect at all, and never have seen the problems others complain about. It must be a very choosey redirector, or I have some kind of accidental immunity.

    For a while I wasn't getting the redirect, either, but then I was getting it all the time. Now it's back to working.

    Maybe someone in the middle finally rebooted their router and got rid of poisoned DNS cache? If that's not what this type of attack was/is ignore me. I've been out of computer work for about 10 years now so anything I thought I knew back then is hopefully out of date now.

    #184 4 years ago
    Quoted from slochar:

    For a while I wasn't getting the redirect, either, but then I was getting it all the time. Now it's back to working.
    Maybe someone in the middle finally rebooted their router and got rid of poisoned DNS cache? If that's not what this type of attack was/is ignore me. I've been out of computer work for about 10 years now so anything I thought I knew back then is hopefully out of date now.

    Yeah, my first thought was a poisoned DNS.

    #185 4 years ago

    I am getting redirected when using the indexed link on Google. My browser is Safari on iPhone. I suspect they only redirect based on user agent to avoid detection by crawlers.

    #186 4 years ago

    It is not dns poisoning or hijacking. The server sends a redirect based on some condition we don't know. Either the web server config is compromised or the wiki code is. But the fact it keeps happening the server is probably got a rootkit on it. Best thing to do is reinstall and restore the database.

    #187 4 years ago

    Considering Pinside is owned and operating by two full time web developers maybe Robin would be interested in adding pinwiki to his pinball portfolio...

    #188 4 years ago
    Quoted from jfesler:

    Barring that, I only ask (and perhaps you can relay): If at some point Casey wants to throw in the towel, please don't let the content die. If nothing else let us help migrate it, with blessing. There are alternative ways to maintain things, that are less dynamic and more secure. But, I know change can be hard.

    I won’t let that happen. A couple of us periodically “crawl” it, backing up the content. It is backed up in HTML and not media wiki but at least we have a backup.

    Thanks for your comments. They are much appreciated.

    Chris Hibler - CARGPB #31
    Http://chrishiblerpinball.com/contact
    http://www.PinWiki.com/ - The new place for pinball repair info

    #189 4 years ago
    Quoted from tacshose:

    Considering Pinside is owned and operating by two full time web developers maybe Robin would be interested in adding pinwiki to his pinball portfolio...

    Fine with me. It'd have more attention/security and integrating it into pinside would only make it better. As long as the contributed contents aren't sold like they were last time around with marvin's repair guides.

    #190 4 years ago

    It’s been said before but these things are specifically written to go dormant, hide themselves from certain entities, and behave in what might appear erratically to frustrate debugging and full removal.

    People end up coming up with all kinds of well intentioned nonsense (no offence) like saying it’s fixed if you visit the website “without www” or typing pinwiki.com in at no faster than 1 character per second etc.

    In reality once a website has been owned you can’t really trust any of the code. It needs to be forensically examined and compared against known good code. The compromise could exist in the website files, the database or even the server itself, or all three. The code could be written in such a way that it can reinfect the system if it detects it has been partially removed. Once a system is tainted it can be hard to safely restore confidence without rebuilding from scratch.

    #191 4 years ago
    Quoted from Durzel:

    People end up coming up with all kinds of well intentioned nonsense (no offense) like saying it’s fixed if you visit the website “without www” or typing pinwiki.com in at no faster than 1 character per second etc.

    LOL, no kidding. Rumors like this have spread at my job so much so that now the control center is recommending everyone type a code into their device to get it working, and it's complete nonsense. But it worked right for someone once, so that's the fix forevermore. Forget the part about the department responsible for the device putting out correct information, which certainly isn't "type this 4 digit code into it". In fact, if more than 1 person logs on with that code, any subsequent entries just locks everyone else out.

    Don't even get me started on the people that set the same IP address on 3 supposedly communicating pieces of equipment. Someone in management doesn't understand how IP addresses work. Every place I've worked with addressable equipment I've had to prove to management why DHCP is the way to go.... all that happens is the modem gets to use its IP since it comes up first, then the other pieces of equipment try to use the same IP, and windows assigns them internal ones automatically because the IP in already in use. Great job guys.

    Previous job the IT admin didn't want to keep logs of the DHCP addresses dished out in case the secret service needed to question a student about a threatening email. (This actually happened... secret service showed up once for this). Good thing he actually kept the logs on the proxy server everyone connected to for internet access. I did finally manage to convince them to go straight DHCP everywhere, after I convinced them that imaging desktop machines was the way to go as well. Previously they were installing each piece of software on every machine individually, not even scripted. What a nightmare.

    That was the same job that told me that linux wasn't any good because it was free, that BIND was a horrible DNS server and that we should use microsoft DNS instead (again, because it was free), and that mac emulation had been looked into a long time ago and wasn't feasible to replace the mac classics in the one math lab. Ignoring the advances made in emulation since then, of course.

    Sorry for the slight thread hijack. I hope Casey gets this straightened out once and for all.

    #192 4 years ago
    Quoted from slochar:

    Rumors like this have spread at my job so much so that now the control center is recommending everyone type a code into their device to get it working, and it's complete nonsense. But it worked right for someone once, so that's the fix forevermore.

    Ha! Exactly the same way that the “change BR2 and C5” for resets mantra started. Or, “cut the heat sink in half”. Hogwash.

    Chris Hibler - CARGPB #31
    Http://chrishiblerpinball.com/contact
    http://www.PinWiki.com/ - The new place for pinball repair info

    #193 4 years ago

    I’m seeing that pinwiki is hosted on hostgator? We had one of our SaaS product servers at Linode get hacked, we simply restored the whole “server” from the backup and moved on. Downtime was a few hours. I’m guessing pinwiki is not on a VPS offering that possibility.

    Let’s hope robin might be interested...

    #194 4 years ago
    Quoted from tacshose:

    I’m seeing that pinwiki is hosted on hostgator? We had one of our SaaS product servers at Linode get hacked, we simply restored the whole “server” from the backup and moved on. Downtime was a few hours. I’m guessing pinwiki is not on a VPS offering that possibility.
    Let’s hope robin might be interested...

    That's assuming there is a known point prior to infection/hacking...

    3 weeks later
    #195 4 years ago

    still broke :/

    #196 4 years ago

    Sadly, I'm writing Pinwiki off as gone. I was in the middle of adding a new section many months ago when it went down and have not been able to continue.

    Hopefully someone can step up and create a user-editable replacement.

    #197 4 years ago

    I’m on the site right now? I haven’t read this entire thread, but I’ve found that typing the URL directly is much more reliable than using google to access it. When using google, often I’m informed about being a Vegas style winner of large sums...

    #198 4 years ago

    My direct link that I saved works great with no re-directs.

    #199 4 years ago

    Same as @brewchap, I launch it from link I saved years ago and it works every time. If I try it from other links it redirects.

    #200 4 years ago

    The links on Google show as a "www.pinwiki.com" link at the bottom, but they're actually a Google link that ultimately takes you there - that's how Google tracks clickthroughs, etc. These redirect pretty reliably to a dodgy website.

    I just went to www.pinwiki.comdirectly (typing that in) and DIDN'T get redirected, but when I tried to find an article I'd already searched for on Google - but I can't click the link because it'll take me to a dodgy website - I get this instead:

    Fatal error: Namespace declaration statement has to be the very first statement or after any declare call in the script in /home4/pinwiki/public_html/wiki/includes/widget/search/DidYouMeanWidget.php on line 3

    ..so even the search isn't working properly, so I have no idea how I'm supposed to find the page I need.

    I'm honestly staggered as to why there seems to be no desire or impetus to get this sorted out. Plenty of people have offered their services for gratis. Pinwiki is a great resource but it is rapidly losing credibility the longer this goes on.

    There are 288 posts in this topic. You are on page 4 of 6.

    Reply

    Wanna join the discussion? Please sign in to reply to this topic.

    Hey there! Welcome to Pinside!

    Donate to Pinside

    Great to see you're enjoying Pinside! Did you know Pinside is able to run without any 3rd-party banners or ads, thanks to the support from our visitors? Please consider a donation to Pinside and get anext to your username to show for it! Or better yet, subscribe to Pinside+!


    This page was printed from https://pinside.com/pinball/forum/topic/pinwiki-1/page/4 and we tried optimising it for printing. Some page elements may have been deliberately hidden.

    Scan the QR code on the left to jump to the URL this document was printed from.