google and sucuri both say the battletech website has been hacked and contains malware
-http://www.battletech.com

https://sitecheck.sucuri.net/results/www.battletech.com

seems infected with SEO spam > https://blog.sucuri.net/2014/10/website-security-a-case-of-seo-poisoning.html

No detection yet
https://virustotal.com/en/file/ec87b1059abc151e2be8f55da948311d0a3b2e03c35039039996b45bac0c3bb9/analysis/1460644574/

See javascript that should be retired: http://retire.insecurity.today/#!/scan/bccc68599e1202255ef19920c518e59b4c7363b9f764ff28cd24fc2e66d78f13
WordPress issues like user enumeration enabled and directory listing enabled.
ID User Login
1 Zac admin
2 ranbills ranbills
Also consider: http://www.domxssscanner.com/scan?url=https%3A%2F%2Fdy3dqm2d46w3j.cloudfront.net%2Fwp-content%2Fcache%2Fminify%2F000000%2FM9bPKixNLarUMYYydHMz04sSS1L1cjPzAA.js

Same WordPress isues seen with analysis of -https://dy3dqm2d46w3j.cloudfront.net
-https://dy3dqm2d46w3j.cloudfront.net
Detected libraries:
jquery - 1.11.3 : (active1) -http://dy3dqm2d46w3j.cloudfront.net/wp-content/cache/minify/000000/M9bPKixNLarUMYYydHMz04sSS1L1cjPzAA.js
Info: Severity: medium
https://github.com/jquery/jquery/issues/2432
http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
jquery-migrate - 1.2.1 : -http://dy3dqm2d46w3j.cloudfront.net/wp-content/cache/minify/000000/M9bPKixNLarUMYYydHMz04sSS1L1cjPzAA.js
Info: Severity: medium
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
(active) - the library was also found to be active by running code
2 vulnerable libraries detected

Further code issues on page: https://seomon.com/domain/www.battletech.com/html_validator/

polonus

At the culprit of the present ptoblems may be issues with the certificate and here is part of the crypto report:
Certificate is not installed correctly
www.battletech.com
You have 1 error
Wrong certificate installed.
The domain name does not match the certificate common name or SAN.
Warnings
BEAST
The BEAST attack is not mitigated on this server.
RC4
This server uses the RC4 cipher algorithm which is not secure. Disable the RC4 cipher suite and update the server software to support the Advanced Encryption Standard (AES) cipher algorithm. Contact your web server vendor for assistance.
SSLv2
This server uses the SSLv2 protocol which is not secure. Disable the SSLv2 protocol and enable a higher protocol version. Contact your web server vendor for assistance.
SSLv3
This server uses the SSLv3 protocol which is not secure. Disable the SSLv3 protocol and enable a higher protocol version. Contact your web server vendor for assistance.
TLS1.2
This server does not support the latest TLS protocol. Enable the latest TLS1.2 protocol. Contact your web server vendor for further assistance.
This server is vulnerable to:
SSL/TLS Compression
This server is vulnerable to a CRIME attack. Disable SSL/TLS compression. Contact your web server vendor for assistance.
DROWN
This server is vulnerable to a DROWN attack. Disable the SSLv2 protocol and enable a higher protocol version. Contact your web server vendor for assistance.
FREAK and Logjam
This server is vulnerable to FREAK and Logjam attacks. To protect your server from a FREAK and a Logjam attack, disable support for any export cipher suites or known insecure ciphers. Contact your web server vendor for assistance.
Poodle (SSLv3)
This server is vulnerable to a Poodle (SSLv3) attack. If you have not disabled SSLv3 fallback support, disable it now and use TLS 1.2 or higher.
Certificate information
This server uses a Domain Validated (DV) certificate. No information about the site owner has been validated. Data is protected, but exchanging personal or financial information is not recommended.
Common name:
www.battlecorps.com
SAN:
www.battlecorps.com, battlecorps.com
Valid from:
2015-Jun-13 00:00:00 GMT
Valid to:
2017-Jul-12 23:59:59 GMT
Certificate status:
Valid
Revocation check method:
OCSP
Organization:

Organizational unit:

City/locality:

State/province:

Country:

Certificate Transparency:
Not Enabled
Serial number:
6808e28354ac0f9adedc81198e47748c
Algorithm type:
SHA256withRSA
Key size:
2048

polonus (volunteer website security analyst and website error-hunter)

I blocked the URLs that it linked

hxxp://qualicare[.]com/buy-ambien[.]html
hxxp://qualicare[.]com/buy-adipex[.]html
hxxp://buysomaonlinesafe[.]com/
hxxp://qualicare[.]com/buy-valium[.]html
hxxp://kerryfilmfestival[.]com/media/
hxxp://qualicare[.]com/buy-tramadol[.]html
hxxp://cheaptramadolorder[.]com/
hxxp://qualicare[.]com/buy-phentermine[.]html
hxxp://qualicare[.]com/buy-provigil[.]html
hxxp://qualicare[.]com/buy-soma[.]html
hxxp://respectallpeople[.]org/media/
hxxp://respectallpeople[.]org/media/
hxxp://qualicare[.]com/buy-ativan[.]html

and I created a JS detection that will detect if a script tries to insert something similar.

Hi HonzaZ,

Just a line of feedback for you.
Alerts works fine with -Warning: file_get_contents(/home/qualcare/public_html/toronto/cgi-bin//buy-tramadol): failed to open stream: No such file or directory in /home/qualcare/public_html/includes/bootstrap.inc on line 886
Tried with example code that demonstrates how a PHP script may be compromised when register_globals directive is turned on.

 <b>Warning</b>: file_get_contents(/home/qualcare/public_html/toronto/cgi-bin//buy-tramadol): failed to open stream: No such file or directory in <b>/home/qualcare/public_html/includes/bootstrap.inc</b> on line <b>886</b>

polonus