Malware, Malicious Code found and removed

Discussion in 'Forum Problems & Issues' started by TDPRI, Oct 16, 2011.

  1. TDPRI

    TDPRI Retired

    Posts:
    11,973
    Joined:
    Mar 2, 2003
    Location:
    -
    Admin Post
    Early Sunday (Oct 16th) morning some hacker bot penetrated one of our server's defenses and placed malicious code on some software that generates code for all of our websites. We were notified very quickly and took steps to both remove the malicious code but also to prevent it from happening again.

    As soon as we learned of the problem we shut down all of our websites and got working on the problem. As best we can tell, the malicious code existed on our server for approximately 4 hours -- from approximately 7am EDST to approximately 11 am EDST.

    Google has put malware warnings on TDPRI.com and Strat-Talk.com but the malicious code effected ALL of our websites.

    We are confident that the malicious code is now gone and we have requested that Google rescan our sites to remove the warnings. Once this is done and you don't see the Google warnings any longer you can be confident that all traces of the problem have been removed.

    We take security very seriously and are sorry that this episode took place. We will redouble our efforts to insure that this kind of indecent doesn't reoccur.

    Thanks for your patience.
     
    Last edited: Oct 17, 2011
  2. Bolide

    Bolide Friend of Leo's

    Posts:
    4,920
    Joined:
    Nov 21, 2010
    Location:
    Rocky Hill, CT
    Thank you for your care, and for giving us this update.
    Missed Y'all, but knew you had a lot of work to do, and on a Sunday to boot.
     
  3. rolling56

    rolling56 Friend of Leo's

    Posts:
    3,023
    Joined:
    May 8, 2010
    Location:
    Mangling notes since '81 in SW Misery
    Glad you got on it and hope it is all gone. Thank you for replying over this ordeal :cool:
     
  4. Phaze

    Phaze Tele-Holic

    Posts:
    513
    Joined:
    Mar 28, 2008
    Location:
    o HI o, In the middle of the road.
    Incidents like this are quite indecent.





    I'm making a funny at your expense, but sincerely, and sympathetically, it's a cybercrime and sucks for everyone having to defend against this. Godspeed.
     
  5. LiveAtLeeds

    LiveAtLeeds Tele-Meister

    Posts:
    267
    Joined:
    Mar 12, 2011
    Location:
    Maryland
    Did the malicious code affect users?
     
  6. TDPRI

    TDPRI Retired

    Posts:
    11,973
    Joined:
    Mar 2, 2003
    Location:
    -
    Admin Post
    We do not know. All users today should run a malware check just to be sure.

    I've been deep in that code all morning and a check of my computer comes back without issues of any kind.
     
  7. jh45gun

    jh45gun Banned

    Age:
    67
    Posts:
    4,434
    Joined:
    Jan 20, 2006
    Location:
    Northern WI Gods Country!
    still getting this message at 3:08

    Reported Attack Page!







    This web page at www.tdpri.com has been reported as an attack page and has been blocked based on your security preferences.





    Attack pages try to install programs that steal private information, use your computer to attack others, or damage your system.Some attack pages intentionally distribute harmful software, but many are compromised without the knowledge or permission of their owners.
     
  8. Bones

    Bones Telefied Ad Free Member

    Posts:
    21,615
    Joined:
    Dec 31, 2005
    Location:
    Luddite Island, NY
    That wont go away until they rescan the site.
     
  9. TDPRI

    TDPRI Retired

    Posts:
    11,973
    Joined:
    Mar 2, 2003
    Location:
    -
    Admin Post
    Yes, we are waiting for those notices to be reviewed and removed.

    This is what I mentioned in my OP. Google has put the warnings out and we have asked Google to review the site and remove the warnings. This takes time for them to do, they make take a number of hours until this is completed.
     
  10. Bones

    Bones Telefied Ad Free Member

    Posts:
    21,615
    Joined:
    Dec 31, 2005
    Location:
    Luddite Island, NY
    Nice way to spend your Sunday morning, eh?
     
  11. Skub

    Skub Friend of Leo's

    Posts:
    4,789
    Joined:
    Jul 28, 2010
    Location:
    N.Ireland
    So far this evening I'm unable to change page or post without having to clear this first. It makes the site unusable for me,using Firefox.
     
  12. axeornot

    axeornot Tele-Meister

    Posts:
    137
    Joined:
    Feb 22, 2011
    Location:
    the here & now region
    I saw the warning pop up on my Mac but not my PC...either way it all seems fine now. Thanks for the info.
     
  13. BradL

    BradL Friend of Leo's Gold Supporter

    Posts:
    2,041
    Joined:
    Feb 9, 2009
    Location:
    Sussex, UK
    I found 4 java based nasties on my pc after scanning and they weren't there previously to the best of my knowledge. This was after using TDPRI & Strat-Talk this morning (European time).

    FWIW these were the bad boys:
    [​IMG]
     
  14. rolling56

    rolling56 Friend of Leo's

    Posts:
    3,023
    Joined:
    May 8, 2010
    Location:
    Mangling notes since '81 in SW Misery
    I ran a deep scan earlier using Avira and no nasties on my all 4 of my peecee's network and thank you again for letting us know.

    Hopefully it was just a disgruntled member/person reporting nonsense to Google :rolleyes:
     
  15. elicross

    elicross Poster Extraordinaire

    Posts:
    8,056
    Joined:
    Aug 26, 2010
    Location:
    SC
    This kind of thing is going to happen; that's why it's important to have good virus and malware protection on all your computers -- active protection that's always on, plus regular system scans. Even reputable sites can become sources for threats, so you can't count on them to protect your computer when you visit.

    Always practice safe surfing!
     
  16. Slow Reflexes

    Slow Reflexes Poster Extraordinaire

    Age:
    116
    Posts:
    8,122
    Joined:
    Nov 17, 2007
    Location:
    Willamette and Columbia
    That sucks - and once it's flagged, it's apparently gonna keep screaming every time I go to a new page even after I click "ignore this warning." Even the "This isn't an attack site" button doesn't tell Firefox that I want to keep coming here; it's just a link to an info page saying that I might not be taking this seriously enough. :(

    Reputable website seemingly perma-besmirched by jerkwads... Talk about bad advertising. Guess I'll be clicking "ignore" a lot...
     
  17. tazzboy

    tazzboy Former Member

    Posts:
    9,210
    Joined:
    May 5, 2005
    Location:
    Oregon
    Yeah I just got the message as well. I'm running Malwarebytes right now and will be checking with SuperAntiSpyware next.
     
  18. bingy

    bingy Friend of Leo's

    Posts:
    3,799
    Joined:
    Aug 26, 2007
    Location:
    Champlain Valley, VT, USA
  19. R. Stratenstein

    R. Stratenstein Doctor of Teleocity Silver Supporter

    Posts:
    15,909
    Joined:
    Aug 3, 2010
    Location:
    Loganville, Ga.
    Got AVG attack notices on a couple of posts as late as about 6:30 PM Eastern. The links just have disappeared, maybe it was a cache thing or something. So far looks like problems are gone. Thanks!
     
  20. Thundersleet

    Thundersleet Tele-Afflicted

    Posts:
    1,141
    Joined:
    Jan 29, 2009
    Location:
    Wisconsin
    It was probably someone with a pointy shredder guitar.
     
IMPORTANT: Treat everyone here with respect, no matter how difficult!
No sex, drug, political, religion or hate discussion permitted here.


  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.