|
|
TDPRI October 16th, 2011, 03:38 PM Early Sunday (Oct 16th) morning some hacker bot penetrated one of our server's defenses and placed malicious code on some software that generates code for all of our websites. We were notified very quickly and took steps to both remove the malicious code but also to prevent it from happening again.
As soon as we learned of the problem we shut down all of our websites and got working on the problem. As best we can tell, the malicious code existed on our server for approximately 4 hours -- from approximately 7am EDST to approximately 11 am EDST.
Google has put malware warnings on TDPRI.com and Strat-Talk.com but the malicious code effected ALL of our websites.
We are confident that the malicious code is now gone and we have requested that Google rescan our sites to remove the warnings. Once this is done and you don't see the Google warnings any longer you can be confident that all traces of the problem have been removed.
We take security very seriously and are sorry that this episode took place. We will redouble our efforts to insure that this kind of indecent doesn't reoccur.
Thanks for your patience.
Bolide October 16th, 2011, 03:40 PM Thank you for your care, and for giving us this update.
Missed Y'all, but knew you had a lot of work to do, and on a Sunday to boot.
rolling56 October 16th, 2011, 03:42 PM Glad you got on it and hope it is all gone. Thank you for replying over this ordeal :cool:
Phaze October 16th, 2011, 03:56 PM Early this morning some hacker bot penetrated one of our server's defenses and placed malicious code on some software that generates code for all of our websites. We were notified very quickly and took steps to both remove the malicious code but also to prevent it from happening again.
As soon as we learned of the problem we shut down all of our websites and got working on the problem. As best we can tell, the malicious code existed on our server for approximately 4 hours -- from approximately 7am EDST to approximately 11 am EDST.
Google has put malware warnings on TDPRI.com and Strat-Talk.com but the malicious code effected ALL of our websites.
We are confident that the malicious code is now gone and we have requested that Google rescan our sites to remove the warnings. Once this is done and you don't see the Google warnings any longer you can be confident that all traces of the problem have been removed.
We take security very seriously and are sorry that this episode took place. We will redouble our efforts to insure that this kind of indecent doesn't reoccur.
Thanks for your patience.
Incidents like this are quite indecent.
I'm making a funny at your expense, but sincerely, and sympathetically, it's a cybercrime and sucks for everyone having to defend against this. Godspeed.
LiveAtLeeds October 16th, 2011, 04:04 PM Did the malicious code affect users?
TDPRI October 16th, 2011, 04:06 PM We do not know. All users today should run a malware check just to be sure.
I've been deep in that code all morning and a check of my computer comes back without issues of any kind.
jh45gun October 16th, 2011, 04:09 PM still getting this message at 3:08
Reported Attack Page!
This web page at www.tdpri.com has been reported as an attack page and has been blocked based on your security preferences.
Attack pages try to install programs that steal private information, use your computer to attack others, or damage your system.Some attack pages intentionally distribute harmful software, but many are compromised without the knowledge or permission of their owners.
Bones October 16th, 2011, 04:12 PM still getting this message at 3:08
Reported Attack Page!
This web page at www.tdpri.com has been reported as an attack page and has been blocked based on your security preferences.
Attack pages try to install programs that steal private information, use your computer to attack others, or damage your system.Some attack pages intentionally distribute harmful software, but many are compromised without the knowledge or permission of their owners.
That wont go away until they rescan the site.
TDPRI October 16th, 2011, 04:12 PM Yes, we are waiting for those notices to be reviewed and removed.
This is what I mentioned in my OP. Google has put the warnings out and we have asked Google to review the site and remove the warnings. This takes time for them to do, they make take a number of hours until this is completed.
Bones October 16th, 2011, 04:12 PM We do not know. All users today should run a malware check just to be sure.
I've been deep in that code all morning and a check of my computer comes back without issues of any kind.
Nice way to spend your Sunday morning, eh?
Skub October 16th, 2011, 04:20 PM So far this evening I'm unable to change page or post without having to clear this first. It makes the site unusable for me,using Firefox.
axeornot October 16th, 2011, 04:22 PM I saw the warning pop up on my Mac but not my PC...either way it all seems fine now. Thanks for the info.
BLAM October 16th, 2011, 04:30 PM I found 4 java based nasties on my pc after scanning and they weren't there previously to the best of my knowledge. This was after using TDPRI & Strat-Talk this morning (European time).
FWIW these were the bad boys:
http://farm7.static.flickr.com/6224/6251326956_d6e6e4cb0e_b.jpg
rolling56 October 16th, 2011, 04:37 PM Yes, we are waiting for those notices to be reviewed and removed.
This is what I mentioned in my OP. Google has put the warnings out and we have asked Google to review the site and remove the warnings. This takes time for them to do, they make take a number of hours until this is completed.
I ran a deep scan earlier using Avira and no nasties on my all 4 of my peecee's network and thank you again for letting us know.
Hopefully it was just a disgruntled member/person reporting nonsense to Google :roll:
elicross October 16th, 2011, 04:45 PM This kind of thing is going to happen; that's why it's important to have good virus and malware protection on all your computers -- active protection that's always on, plus regular system scans. Even reputable sites can become sources for threats, so you can't count on them to protect your computer when you visit.
Always practice safe surfing!
Slow Reflexes October 16th, 2011, 04:50 PM That sucks - and once it's flagged, it's apparently gonna keep screaming every time I go to a new page even after I click "ignore this warning." Even the "This isn't an attack site" button doesn't tell Firefox that I want to keep coming here; it's just a link to an info page saying that I might not be taking this seriously enough. :sad:
Reputable website seemingly perma-besmirched by jerkwads... Talk about bad advertising. Guess I'll be clicking "ignore" a lot...
tazzboy October 16th, 2011, 04:57 PM Yeah I just got the message as well. I'm running Malwarebytes right now and will be checking with SuperAntiSpyware next.
bingy October 16th, 2011, 06:23 PM My favorite malware rooter is:
http://www.bleepingcomputer.com/download/anti-virus/combofix
I ran it after ignoring the warnings this morning... I wanted my TDPRI.
I realize how much I enjoy this forum especially with coffee on Sunday morning.
Thanks for being here, everyone.
R. Stratenstein October 16th, 2011, 06:42 PM Got AVG attack notices on a couple of posts as late as about 6:30 PM Eastern. The links just have disappeared, maybe it was a cache thing or something. So far looks like problems are gone. Thanks!
Thundersleet October 16th, 2011, 07:12 PM It was probably someone with a pointy shredder guitar.
TG October 16th, 2011, 07:12 PM I'm only just in again now.
Any idea who it was and/or from where?
TDPRI October 16th, 2011, 07:26 PM I've been working on this issue nonstop all day long. We think it is both cleared and is set so that the bad guys can't return.
We think it was a "bot" and the ip address was in Sweden. But hey, that means nothing.
They came in through an unexpected place (as is always the case) but that place is no longer available.
TDPRI October 16th, 2011, 07:28 PM SCAN YOUR COMPUTERS JUST TO BE SAFE.
I scanned mine, and believe me I was knee deep in the thing, and it came back clean.
I'll keep checking, too.
SPUDCASTER October 16th, 2011, 07:34 PM I got on just before you shut down for repairs. I never recieved any google notice or had any malware after performing a scan. Just lucky I guess.
Glad to see you were able to jump on it and correct the problem.:grin:
tazzboy October 16th, 2011, 08:31 PM I check as well no problem on my end
tazzboy October 16th, 2011, 08:31 PM It was probably someone with a pointy shredder guitar.
I think it's chet.
bluesfordan October 16th, 2011, 08:54 PM been bogie free since I PMed you and got your reply. Good work, sir.
I just don't get why people feel this is a productive use of their time to do crap like this.
Eric W October 16th, 2011, 09:12 PM Thanks for all your hard work to keep this forum safe and secure!
INFANT October 16th, 2011, 11:22 PM Not to sound stupid here but should I be concerned about this infecting my iPhone or iPod?
SPUDCASTER October 16th, 2011, 11:27 PM I was just on the site at 8:10 PM PDT and encountered a malware warning. My Webroot program caught it and quarantined the threat. I ran another scan and there was no other threats.
I hope it's nothing, but thought you should know.
F6_FullMelt October 16th, 2011, 11:34 PM Not to sound stupid here but should I be concerned about this infecting my iPhone or iPod?
+1
I was lurking on the bad dog today using my android phone... Curious.
My Mac did not warn me of any impending doom upon coming to the tdpri not 5 minutes ago FWIW.
jas1973 October 16th, 2011, 11:34 PM i use a mac. and when i tried to get on the forum earlier i got a notice that going to this page could harm my computer,, so i clicked out.. glad i got the warning
Enaitz October 17th, 2011, 03:35 AM Thanks for resolving the problem so quickly.
Bongocaster October 17th, 2011, 10:46 AM It was probably someone from Gibson.
Just a bump so that unsuspecting members that may not be aware of this can be warned and know to do a virus/malware scan.
|
|
![$vboptions[bbtitle]](../../gifs/tdpr-headTRANS.gif)