Hi guys, some of you may have noticed a malware warning when visiting Exilian lately, this was because the .htaccess file was modified to perform redirects to malware sites when exilian was clicked on from google. I have removed the offending file and am about to request a review of the site to get it taken off the blacklist, and I would strongly suggest everyone does a virus check on their systems, just to make sure nothing evil was downloaded.
Thanks,
Marcus.
If we didnt get the warning, do a check anyway?
Yes Ladyhawk, do the check anyway.
Thanks Marcus I was wondering about that.
Cheers mate,
Okay cool. Thank you for that.
I never saw anything related to this.
It was only flagged up by the Chrome browser.
I just can't get on from my pc.
What happens if you try, NA?
It has been flagged up on Chrome, but also Firefox and Google's built in system from Google search.
I'm going to update the forum software, then request a review, and in the mean time look at the php code for uploading news to the main site, and look for vulnerabilities.
Good luck with that my friend.
Hey NA have you tried getting in through your history? It worked for me.
Well everyone I was just attacked by a virus posting on this site. Luckly my computer blocked it, and (hopefully) no harm is done. I do recommend that everyone runs a scan please. :)
I tried to get on with my phone and it said it could be harmful.
Exilian is fine from my phone. But something attacked my pooter.
Marcus, given Google hasn't removed us yet, does that mean there might be more redirects/malware issues?
Well I can get back on now, Google still shouts at me but it lets me in.
I'll try on my phone later again today.
Unfortunately, this one comes back as soon as you get rid of it, I'm going to remove the suspected vulnerability and see what happens.
I did it by typing the URL instead.
I'm wondering if we should extend the election signup period until this gets fixed, since some people aren't going to want to come on at the moment I fear.
Ok, I've removed the poisoned .htaccess file and removed the news script as well, which does have gaping holes in it. I'm now going to request a review and update the forum software tonight. Fingers crossed we will be clear within 24-48 hours.
Just taken a look at .htaccess, and it looks very much like the problem is back. :(
Requested review. Discovered that this nasty has put a poisoned .htaccess file in every folder that has an index file. I think it was doing it via the news script, which is now gone, so fingers crossed our Googly overlords will grant us redemption! :D
Edit: Dammit, this means the malware is still there. I'm possibly going to have to take the site offline and clear it of everything, then add stuff bit by bit.
Okay, if you do that is there any way to display a "Sorry, we're not available, please come back soon" page?
I'm going to leave the forums up and just focus on the site for the moment, and if that doesn't work I'll reinstall the forums as well. And yes, I can leave a 'sorry we're not available' message.
EDIT: In light of a message I received, it's struck the forums as well, so I'm going to take everything off the server, and reinstall bit by bit. Sorry for this guys, but It's the only way I can be sure of removing it. Don't worry about posts and data, they're stored on SQL databases which I don't think the virus has got to.
I will try to get the site, starting with the forums, back up tonight, but I can't make any guarantees. The forums at least will be up by tomorrow though. Thank you.
Thank you Marcus, best of luck mate. :D
Thanks Marcus. You doing great mate :)
Seems like a good job you've done here Marcus :) .
In fact, I still get redirected if I access Exilian from a Google search :/ .
Have you cleared your cache, SOTK? Your computer may be remembering the old .htaccess file in the absence of a file that gives a directly opposed command.
I have indeed. My brother's computer does the same thing too.
Oh for crying out loud!
Ok, this is out of my hands. I just need to contact my host and get them to sort it. I wiped everything on the server, the only thing I can think of that it could have come through is the database, although I sincerely hope not.
I only get redirected from Google search, not from typing in the link or using the one in my bookmarks like I did before if that makes any difference.
It seems that google's cache may be outdated. I'm fine when I access it from Google.
Mine also works fine from Google search.
I re-sent Google our site via the webmaster tools, so the Google cache should now be fixed. It's working fine for me now.
Is anyone else having the issue with this website now... its white,blue and says simple machines forum up the top right of the screen O_o
Yes, that is what mine looks like.
Everything is in "basic" mode atm. No worries. ;)
Oh, sweet XD
Oh yay. and also that was a fast response? i only just woke up :P
Haha, I got up at 12 the other day. It was awesome XD
Yeah, my school holidays have just started so ill probably be posting allot more often now. Btw admins is it possible that Google will block this site or something? thats all i got from your previous posts :/
They had it on their "possible threat" list. Been taken off afaik.
BTW, Death Nade, run for office. ;D
Oh goodo, at least we arent a "threat" anymore :P
How would i run for office. which thread?
The signup thread in the plaza (http://exilian.co.uk/forum/index.php?topic=1705.0) :)
Cheers, i ran for Tribounos :P
Like me :P
"We're currently upgrading software and making improvements to the site"
What's being upgraded and what are the improvements? Maybe you could though in a "Shout Box" and maybe a Mibbit Chat channel ;).
Haha, yor so demanding XD
They're just suggestions but I do demand a shout box though. We really need one of those.
At the moment, 'improvements' is making sure we never get hacked again. :P
Id rather the site didnt get hacked i think :P
Ok, everything is sorted for now, just reinstalling mods and a theme and everything will be back to normal. :D
On the entrance page it still says "Under Maintenance"
Forum wise, I meant.
The Session Length doesn't work.
Well... First malware and then exilian turned white and now it's blue... Is it the end of the world? DOOM APROACHES! REDEEM! ;D ;D ;D ;D :) ;) :D
The blue is better than the white at least :)
I sure am glad that I only attempted to log into exilian from the school PC. Hope the central server there is okay, or at least doesn't register that it was me that infected the server :D