- Joined
- Jan 19, 2009
- Messages
- 14,974
- Reaction score
- 1,313
This morning, we had a bit of "fun" with the forums -- I got up to find two glaring red screens in Chrome, where it complained about malware on the site. Several of you noticed the same thing, and reported it (thank you). In addition, I had a couple rather urgent IMs from WiK, notifying me of the same.
WiK had already ascertained the source of the problem (the ad module), and had turned it off. As a precaution, we took down the forums, while we did more research, to make sure we knew what was compromised. The problem was isolated to the ad software; the compromised files were identified, and the entire install was trashed, following by verifying that nothing in the database got compromised. A fresh install of the ad software was then performed, to make sure a known clean base was present.
A request has been submitted to Google, to have them rescan the site -- until that happens, Chrome and Firefox will continue to complain. Older versions of IE are ignorant of blacklists, so they just merrily let you visit any site -- if nothing else, this is a good reason to upgrade to a newer version of IE, or if you cannot do that, switch to Chrome or Firefox.
Thanks to WiK for spending the past 3 hours of his day, tracking down and isolating the issue, as well as getting it fixed.
For anyone who visited the site while it was compromised, since we don't know what nasties are on the sites that the links were to, I'd suggest a malware scan on your system, just to be safe. Even if you're running current AV software, I'd suggest a scan -- no software is perfect and catches everything. It's a good practice to periodically run multiple anti-malware scans on your system, as none of them catch everything. Malwarebytes and Spybot Search & Destroy are both good programs.
Sorry for the inconvenience.
-Kevin
WiK had already ascertained the source of the problem (the ad module), and had turned it off. As a precaution, we took down the forums, while we did more research, to make sure we knew what was compromised. The problem was isolated to the ad software; the compromised files were identified, and the entire install was trashed, following by verifying that nothing in the database got compromised. A fresh install of the ad software was then performed, to make sure a known clean base was present.
A request has been submitted to Google, to have them rescan the site -- until that happens, Chrome and Firefox will continue to complain. Older versions of IE are ignorant of blacklists, so they just merrily let you visit any site -- if nothing else, this is a good reason to upgrade to a newer version of IE, or if you cannot do that, switch to Chrome or Firefox.
Thanks to WiK for spending the past 3 hours of his day, tracking down and isolating the issue, as well as getting it fixed.
For anyone who visited the site while it was compromised, since we don't know what nasties are on the sites that the links were to, I'd suggest a malware scan on your system, just to be safe. Even if you're running current AV software, I'd suggest a scan -- no software is perfect and catches everything. It's a good practice to periodically run multiple anti-malware scans on your system, as none of them catch everything. Malwarebytes and Spybot Search & Destroy are both good programs.
Sorry for the inconvenience.
-Kevin