"Malware" warnings

[Da Nag]

Some of you running Chrome may have seen "malware warnings" when visiting us earlier today.

The bad news: The warnings were accurate. Our server was compromised, and for a brief period of time malware could potentially have been served up to anyone visiting. I say potentially, as it would have required action on your part beyond visiting us to get infected, i.e. clicking on a popup or link when prompted. Based on server logs I took a peek at, the window when this could have happened was less than an hour this afternoon.

The good news: It was a known server exploit, and it was easy to clean up. In addition to removing all the nasty bits, updates were applied that address the vulnerability.

Until next time, of course...keep your shields up.

 

[rob bauerle]

Thanks so much for all the work you guys do to keep this great site going

 

[journey on]

What was it and how would we know? Is there anything we should do?

Boris

 

[Da Nag]

What was it and how would we know? Is there anything we should do?

Yup - you should run Chrome or Firefox, both of which monitor known virus/malware sites and will warn you whenever a site attempts to deliver content from them. Chrome users saw the following during the brief period this morning, Firefox users would have seen something similar:

As to what it was - I honestly don't know. All I do know, is that visitors here could have been redirected to the site mentioned in the warning image above while we were compromised. What that site may or may not have attempted to deliver, is anyone's guess.

If you're on Windows and saw something odd while visiting us earlier today - it wouldn't be a bad idea to run a virus and/or malware scan. Mac/Linux - do whatever you wish, but I wouldn't lose any sleep over it.

 

[DuckDogTitus]

I have a 13 year old email address (as that is the age of my company) and get around 20,000 spam emails per month. 13,000+ are blocked before they reach my inbox, the rest I delete manually, sometimes 200+ per day. sometimes I'll walk away from my desk for 10-12 minutes, and come back to 1 per minute popping in there.

when I think about spammers, hackers, and other ill-intent computer nerds......





the amount of effort these folks put into internet-negative activity could yield amazing results if redirected to something positive.

 

[Captains Cat]

May be seeing some of the results. Got emails from two brats with the same strange link in it. Tom McHugh and Patrick Campbell, I think you got hit. Mail to a distribution list of which I was part.

Deleted.

Charlie

 

[hardee]

I saw the warning.

Thanks guys for taking good care of us..

Harvey
SleepyC :moon

 

[colbysmith]

How about the iPad browsers? Although I routinely don't open links or attachments I don't know about.

 

[Anonymous]

Thank you for taking care of this so quickly!

 

[Lanlocked]

Da Nag,
Does that mean I am not going to get the $1,000,000 from Nigeria?





PS, nice work cleaning things up so fast and being aware, Thanks

 

[Da Nag]

How about the iPad browsers?

Can't saw with certainty, but chances are extremely slim Android/iOS devices would have been targeted with this type of exploit.

 

[TyBoo]

Can't saw with certainty...

Use a Stihl and keep fresh gas in it.

 

[Da Nag]

Use a Stihl and keep fresh gas in it.

Hmmm...I think that's a battle we've not had here yet. We all know singles, Scottys, Fords, Macs/Linux, Android and Kubotas are the right choice - but I don't think we've come to a conclusion when it comes to power equipment.

Fortunately, I've both a Stihl and a Husky - so I'll sit back on the sidelines, knowing I'll win either way.

 

[colbysmith]

Ok, I'm good. I just happen to have a Stihl, and it does have gas in it! ;-)

 

[DuckDogTitus]

just fyi guys, I just logged in at 7:30 this morning and right after logging in I received the chrome-malware warning.

 

[starcrafttom]

me too, I did not get it yesterday but this morning its there.

 

[Da Nag]

Two possible reasons you might still be seeing the warning:

- Google/Firefox might not immediately update their databases of sites that have been compromised. It might take a few days for the errors to completely disappear.

- People visiting here might have content cached by their browsers. If so, the offending site could still be stored in your browser, and Chrome/Firefox would block based on that. If so, this too should clear out on its own in a couple of days - but one could manually clear their browser's cache and see if the error still arises.

I took a look this morning from a few different devices, and saw no errors with Chrome or Firefox. Additionally, I looked at the server directly to see if by chance we'd been nailed again - and saw no signs of it. If any of you are still encountering this Chrome/Firefox error, it would be helpful if you followed up here, and listed the site mentioned in the error message. For example, in the case of Chrome you can see the site right after "Content from..." in the error message shown above.

 

[DuckDogTitus]

I haven't been on this PC since friday morning (i'm back at work, an appropriate time for foruming) and trying to visit c-brats yielded a request to sign in (unusual since I had not cleared my cache) and that's the only time I saw the malware notice. I'll log out and log back in right now and see if it does it again.


edit: can't get it to replicate...

 

[416rigby]

I got the first malware warning by Nortons and just got another one this morning picked up by Nortons from whiskerwoods

 

[redbaronace]

OK, I believe I may have gotten the virus from this site.

Can someone please tell me the best way of getting rid of it.

Apple- macbook pro running firefox and safari.