MALWARE ISSUE ON SITE

[Captain Carthage]

Well I can get back on now, Google still shouts at me but it lets me in.

[Cuddly Khan]

I'll try on my phone later again today.

[Marcus]

Unfortunately, this one comes back as soon as you get rid of it, I'm going to remove the suspected vulnerability and see what happens.

[Cuddly Khan]

I did it by typing the URL instead.

[Jubal]

I'm wondering if we should extend the election signup period until this gets fixed, since some people aren't going to want to come on at the moment I fear.

[Marcus]

Ok, I've removed the poisoned .htaccess file and removed the news script as well, which does have gaping holes in it. I'm now going to request a review and update the forum software tonight. Fingers crossed we will be clear within 24-48 hours.

[Jubal]

Just taken a look at .htaccess, and it looks very much like the problem is back. 

[Marcus]

Requested review. Discovered that this nasty has put a poisoned .htaccess file in every folder that has an index file. I think it was doing it via the news script, which is now gone, so fingers crossed our Googly overlords will grant us redemption!

Edit: Dammit, this means the malware is still there. I'm possibly going to have to take the site offline and clear it of everything, then add stuff bit by bit.

[Jubal]

Okay, if you do that is there any way to display a "Sorry, we're not available, please come back soon" page?

[Marcus]

I'm going to leave the forums up and just focus on the site for the moment, and if that doesn't work I'll reinstall the forums as well. And yes, I can leave a 'sorry we're not available' message.

EDIT: In light of a message I received, it's struck the forums as well, so I'm going to take everything off the server, and reinstall bit by bit. Sorry for this guys, but It's the only way I can be sure of removing it. Don't worry about posts and data, they're stored on SQL databases which I don't think the virus has got to.

I will try to get the site, starting with the forums, back up tonight, but I can't make any guarantees. The forums at least will be up by tomorrow though. Thank you.

[Phoenixguard09]

Thank you Marcus, best of luck mate.

[Ladyhawk]

Thanks Marcus. You doing great mate

[Son of the King]

Seems like a good job you've done here Marcus .

In fact, I still get redirected if I access Exilian from a Google search :/ .

[Jubal]

Have you cleared your cache, SOTK? Your computer may be remembering the old .htaccess file in the absence of a file that gives a directly opposed command.

[Son of the King]

I have indeed. My brother's computer does the same thing too.