MALWARE ISSUE ON SITE

Started by Marcus, December 05, 2011, 10:27:18 AM

Previous topic - Next topic
Print
Go Down Pages 1 2 3 4
User actions

Captain Carthage

#15
December 07, 2011, 08:05:56 PM
Well I can get back on now, Google still shouts at me but it lets me in.
Scum of the highest degree and don't let charitable citizens tell you otherwise.

Cuddly Khan

#16
December 07, 2011, 08:22:06 PM
I'll try on my phone later again today.
Quote from: comrade_general on January 25, 2014, 01:22:10 AMMost effective elected official. Ever. (not counting Jubal)

He is Jubal the modder, Jubal the wayfarer, Jubal the admin. And he has come to me now, at the turning of the tide.

Marcus

#17
December 08, 2011, 05:20:13 PM
Unfortunately, this one comes back as soon as you get rid of it, I'm going to remove the suspected vulnerability and see what happens.
"So if you meet me, have some courtesy, have some sympathy, and some taste. Use all your well learned politesse, or I'll lay your soul to waste."

Cuddly Khan

#18
December 08, 2011, 08:35:09 PM
I did it by typing the URL instead.
Quote from: comrade_general on January 25, 2014, 01:22:10 AMMost effective elected official. Ever. (not counting Jubal)

He is Jubal the modder, Jubal the wayfarer, Jubal the admin. And he has come to me now, at the turning of the tide.

Jubal

#19
December 14, 2011, 06:01:32 PM
I'm wondering if we should extend the election signup period until this gets fixed, since some people aren't going to want to come on at the moment I fear.
The duke, the wanderer, the philosopher, the mariner, the warrior, the strategist, the storyteller, the wizard, the wayfarer...

Marcus

#20
December 19, 2011, 01:40:11 PM
Ok, I've removed the poisoned .htaccess file and removed the news script as well, which does have gaping holes in it. I'm now going to request a review and update the forum software tonight. Fingers crossed we will be clear within 24-48 hours.
"So if you meet me, have some courtesy, have some sympathy, and some taste. Use all your well learned politesse, or I'll lay your soul to waste."

Jubal

#21
December 19, 2011, 02:07:25 PM
Just taken a look at .htaccess, and it looks very much like the problem is back.  :(
The duke, the wanderer, the philosopher, the mariner, the warrior, the strategist, the storyteller, the wizard, the wayfarer...

Marcus

#22
December 19, 2011, 02:16:25 PM Last Edit: December 19, 2011, 02:18:43 PM by Marcus
Requested review. Discovered that this nasty has put a poisoned .htaccess file in every folder that has an index file. I think it was doing it via the news script, which is now gone, so fingers crossed our Googly overlords will grant us redemption! :D

Edit: Dammit, this means the malware is still there. I'm possibly going to have to take the site offline and clear it of everything, then add stuff bit by bit.
"So if you meet me, have some courtesy, have some sympathy, and some taste. Use all your well learned politesse, or I'll lay your soul to waste."

Jubal

#23
December 19, 2011, 02:31:42 PM
Okay, if you do that is there any way to display a "Sorry, we're not available, please come back soon" page?
The duke, the wanderer, the philosopher, the mariner, the warrior, the strategist, the storyteller, the wizard, the wayfarer...

Marcus

#24
December 19, 2011, 06:31:11 PM Last Edit: December 19, 2011, 06:41:48 PM by Marcus
I'm going to leave the forums up and just focus on the site for the moment, and if that doesn't work I'll reinstall the forums as well. And yes, I can leave a 'sorry we're not available' message.

EDIT: In light of a message I received, it's struck the forums as well, so I'm going to take everything off the server, and reinstall bit by bit. Sorry for this guys, but It's the only way I can be sure of removing it. Don't worry about posts and data, they're stored on SQL databases which I don't think the virus has got to.

I will try to get the site, starting with the forums, back up tonight, but I can't make any guarantees. The forums at least will be up by tomorrow though. Thank you.
"So if you meet me, have some courtesy, have some sympathy, and some taste. Use all your well learned politesse, or I'll lay your soul to waste."

Phoenixguard09

#25
December 20, 2011, 12:16:51 PM
Thank you Marcus, best of luck mate. :D
The Norbayne Campaign Instagram page. Give us a cheeky follow if you like. :)
By the power of Ga'haarr I command you to vanish! VANISH!
I CANNOT BE KILLED BUT WITH FIRE!
(\__/)
(='.'=) This is Bunny. Copy and paste bunny into your
(")_(") signature to help him gain world domination

Crazier than a crack-head cat and here to make sticky treats out of your vital organs.

Ladyhawk

#26
December 20, 2011, 01:06:28 PM
Thanks Marcus. You doing great mate :)
(\__/)
(='.'=) This is Bunny. Copy and paste bunny into your
(")_(") signature to help him gain world domination

A positive attitude may not solve all your problems, but it will annoy enough people to make it worth the effort.

Son of the King

#27
December 20, 2011, 02:14:51 PM Last Edit: December 20, 2011, 04:00:48 PM by Son of the King
Seems like a good job you've done here Marcus :) .

In fact, I still get redirected if I access Exilian from a Google search :/ .

Jubal

#28
December 20, 2011, 06:00:35 PM
Have you cleared your cache, SOTK? Your computer may be remembering the old .htaccess file in the absence of a file that gives a directly opposed command.
The duke, the wanderer, the philosopher, the mariner, the warrior, the strategist, the storyteller, the wizard, the wayfarer...

Son of the King

#29
December 20, 2011, 07:20:40 PM
I have indeed. My brother's computer does the same thing too.
Print
Go Up Pages 1 2 3 4
User actions