Hacked :( Options

[Mata]

So, this site (and every other site that I host) was hacked in the past twelve hours. It might be a good idea to run a virus check on your machine.

Sorry about this - my site became hosted by a new company about six months ago and there seem to be a lot more breaches since this new company took over.

The telltale sign of a hack is often a tiny square, just a few pixels wide and tall, usually at the very top or the very bottom of the screen. If you see one of these then please let me know immediately.

[Moosh]

I did wonder why AVG went mental at me when I tried to come on here last night, but I assumed it was something to do with Rob's site again. Poor show by your hosting company.

[Hobbes]

AVG shouted at me at home, and at work today, when accessing the site.

Just as a heads up: at work, AVG (fully updated) spotted the threat, but for some reason still seemed to let it do its dirty work. I used Malwarebytes' Ant-Malware program to help get rid of it, since AVG wasn't defeating it. So you might wanna run through a couple of scans with alternative software just in case? Particularly as the virus in question is a relatively new one.

[mooooooooooopo]

Google Chrome gave me a full screen warning about it as soon as I tried to come near the site earlier today.

[Moosh]

Just came on with Chrome and it's still warning me about comic.matazone.co.uk specifically.

[Hobbes]

Just came on with Chrome and it's still warning me about comic.matazone.co.uk specifically.

I haven't had any problems elsewhere, or here, since Mata took action. Could it be a cached version of the page that Chrome is getting angry with?

[mooooooooooopo]

Just came on with Chrome and it's still warning me about comic.matazone.co.uk specifically.

I haven't had any problems elsewhere, or here, since Mata took action. Could it be a cached version of the page that Chrome is getting angry with?

I'm getting the same warning as moosh and wasn't earlier so doesn't seem related to cacheing. :/

[Mata]

I've just registered the site in Google's webmaster tools and that site is listing the site as having no malware, so hopefully that means it will have the all-clear again very soon. This is very annoying since I'm about to draw tomorrow's comic and I can't be sure if anyone's going to read it...

[SPEAKERfortheLOS...]

And this is why I use Linux. I don't have to worry about these little headaches.

[MataTeachesMeLud...]

Fun-fact: Computers can't get viruses from websites unless you download something like an executable, or batch file (exe or bat).

The message you probably received was the one that said that the website you are visiting is unsafe. This could basically mean the site would provide child pornography, viruses, or offer other stuff that can be regarded as unsafe.

http://safebrowsing.clients.google.com/saf...matazone.co.uk/
This is why it has been reported.

http://www.stopbadware.org/firefox?hl=nl&a...tazone.co.uk%2F
This is how you fix this. Read some stuff about it.

Worst-case scenario: Someone actually hacked your site and puts scripts on it for advertisement purposes. In this case you should deny ALL downloads coming from this website, close pop-ups and press cancel to everything it offers you. Don't use anything that requires input, which unfortunately includes the donate button (You would possibly donate to a random person in Nigeria all of the sudden). Mata, I suggest that you check if everything still links to where you want it to link, and possibly, get someone that does the technical stuff on this website for you.

[Pikasyuu]

And this is why I use Linux. I don't have to worry about these little headaches.

helpful!

anyway, i haven't seen the little pixel boxes myself and malware bites hasn't picked anything up. have you spoken with your webhost at all about their incompetence and/or submitted a ticket?

[mooooooooooopo]

Fun-fact: Computers can't get viruses from websites unless you download something like an executable, or batch file (exe or bat).

The message you probably received was the one that said that the website you are visiting is unsafe. This could basically mean the site would provide child pornography, viruses, or offer other stuff that can be regarded as unsafe.

http://safebrowsing.clients.google.com/saf...matazone.co.uk/
This is why it has been reported.

http://www.stopbadware.org/firefox?hl=nl&a...tazone.co.uk%2F
This is how you fix this. Read some stuff about it.

Worst-case scenario: Someone actually hacked your site and puts scripts on it for advertisement purposes. In this case you should deny ALL downloads coming from this website, close pop-ups and press cancel to everything it offers you. Don't use anything that requires input, which unfortunately includes the donate button (You would possibly donate to a random person in Nigeria all of the sudden). Mata, I suggest that you check if everything still links to where you want it to link, and possibly, get someone that does the technical stuff on this website for you.

Even if it can't download executables and run them (though I'm sure there are problems in older browsers that would allow that) they've clearly injected data into the page and from there it's a trivial step to scripting vulnerabilities that could give access to someone's MZ password and email, and from there access to their email if they've not been careful and used the same password for both. That's pretty bad.

My points is, it's best not to be complacent about security. Being condescending to people for worrying about such things is just going to discourage them from sensible computer security habits. It's a lot less harmful to just let them run the virus scan!

[CrazyFooIAintGet...]

And this is why I use Linux. I don't have to worry about these little headaches.

Fun-fact: Computers can't get viruses from websites unless you download something like an executable, or batch file (exe or bat).

hmm. What about stuff that exploits vulnerabilities in the browser/java? Also: what moop said.

http://safebrowsing.clients.google.com/saf...matazone.co.uk/
This is why it has been reported.

english translation

What is the current listing status for comic.matazone.co.uk?

Site is listed as suspicious - visiting this web site may harm your computer.

Part of this site was listed for suspicious activity 1 time(s) over the past 90 days.

What happened when Google visited this site?

Of the 1 pages we tested on the site over the past 90 days, 1 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2011-02-17, and the last time suspicious content was found on this site was on 2011-02-17.

Malicious software is hosted on 1 domain(s), including gs34grsgdg.vv.cc/.

This site was hosted on 1 network(s) including AS33552 (FLUIDHOSTING).

[...]

Next steps:

* Return to the previous page.
* If you are the owner of this web site, you can request a review of your site using Google Webmaster Tools. More information about the review process is available in Google's Webmaster Help Center.

[Mata]

And now my sites have been attacked again. The bastards.

I've GOT to find the vulnerability.

[Phantom]

<3 for my avast! doing a virus scan and a boot virus scan XD and protecting me well.. otherwise I just re-install windows anyway >.>

[Mata]

We have McAfee on the university computers... Guess what I'm trying to clean up now.

[Phantom]

We have McAfee on the university computers... Guess what I'm trying to clean up now.

Me spamming one of my teachers... *looks innocent to the other way*

[Mata]

It took about six hours, but I'm pretty sure I've got everything at last. My machine is clean (thanks Hobbes for the tip on Malwarebyte's software, it worked a treat http://www.malwarebytes.org/mbam.php ), my grading is done, and it's time for a beer.

[Hobbes]

It took about six hours, but I'm pretty sure I've got everything at last. My machine is clean (thanks Hobbes for the tip on Malwarebyte's software, it worked a treat http://www.malwarebytes.org/mbam.php ), my grading is done, and it's time for a beer.

No problem, and sounds like a well-earned rest

[SPEAKERfortheLOS...]

I would suggest you look into changing ALL your site passwords with very strong ones (14+ characters including upper and lower case, numbers, and symbols). And I would update every bit of software on the server. After that, it would seem that it is a server issue and then you would have to move to a different host. If you want help with this, let me know.

[MataTeachesMeLud...]

Fun-fact: Computers can't get viruses from websites unless you download something like an executable, or batch file (exe or bat).

The message you probably received was the one that said that the website you are visiting is unsafe. This could basically mean the site would provide child pornography, viruses, or offer other stuff that can be regarded as unsafe.

http://safebrowsing.clients.google.com/saf...matazone.co.uk/
This is why it has been reported.

http://www.stopbadware.org/firefox?hl=nl&a...tazone.co.uk%2F
This is how you fix this. Read some stuff about it.

Worst-case scenario: Someone actually hacked your site and puts scripts on it for advertisement purposes. In this case you should deny ALL downloads coming from this website, close pop-ups and press cancel to everything it offers you. Don't use anything that requires input, which unfortunately includes the donate button (You would possibly donate to a random person in Nigeria all of the sudden). Mata, I suggest that you check if everything still links to where you want it to link, and possibly, get someone that does the technical stuff on this website for you.

Even if it can't download executables and run them (though I'm sure there are problems in older browsers that would allow that) they've clearly injected data into the page and from there it's a trivial step to scripting vulnerabilities that could give access to someone's MZ password and email, and from there access to their email if they've not been careful and used the same password for both. That's pretty bad.

My points is, it's best not to be complacent about security. Being condescending to people for worrying about such things is just going to discourage them from sensible computer security habits. It's a lot less harmful to just let them run the virus scan!

Up-to-date browser USUALLY (as in, almost always, but there are small exceptions) does not allow applications to be stored on your computer under any circumstance without properly notifying the user about this. Next to that, the latest versions of Windows automatically detect whenever an application that is downloaded from the internet or is coming from a questionable source and notifies the user whenever that application is trying to run. This means basically that the user can deny the launch of any unwanted applications as well.

Java could do stuff to your computer, but you're properly notified of the fact that it's trying to do that by the Java application itself. Exploits could still happen, but is rather unlikely.

My point is, you're pretty safe as long as you know what you're doing. I've been running without a virus-scanner for quite some time now and I am doing fine, because I know what I can download and what not. But, as long as you're unsure about what to download, keep your virus-scanner on.

And next to that, injecting data into a page is useless, as it's stored on your own computer. You'd be doing nothing at all. You'd have to send something to the server.

I would suggest you look into changing ALL your site passwords with very strong ones (14+ characters including upper and lower case, numbers, and symbols). And I would update every bit of software on the server. After that, it would seem that it is a server issue and then you would have to move to a different host. If you want help with this, let me know.

I'd only do this if Mata keeps your passwords stored without an hash. Which, by standards, he'll probably do. (I don't see him changing the source code of IPS, no offence)

[mooooooooooopo]

And next to that, injecting data into a page is useless, as it's stored on your own computer. You'd be doing nothing at all. You'd have to send something to the server.

Are you quite sure of that? I was suggesting someone could inject some Javascript.

Did you realise that Javascript is perfectly capable of sending off asynchronous HTTP requests? There is protection against cross site requests in browsers but I can think of a few exploits where sending a request to the server on which the forum is hosted would be enough. I'm not going to post any details as I'm sure Mata wouldn't appreciate it.

I'm not going to change your opinion and I'm getting pretty tired of this argument. It seems like you're happy to be complacent about security and have decided you don't need the protection, but in the end you need to guard against all possibilities whereas an attacker need only consider one. Bear in mind that viruses and worms like to spread themselves around so by ignoring such things it is not just yourself you put at risk. I hope your friends don't get any fallout when you inevitably get an infection.

Up-to-date browser USUALLY (as in, almost always, but there are small exceptions) does not allow applications to be stored on your computer under any circumstance without properly notifying the user about this. Next to that, the latest versions of Windows automatically detect whenever an application that is downloaded from the internet or is coming from a questionable source and notifies the user whenever that application is trying to run. This means basically that the user can deny the launch of any unwanted applications as well.

Java could do stuff to your computer, but you're properly notified of the fact that it's trying to do that by the Java application itself. Exploits could still happen, but is rather unlikely.

It's all in the usually. That minority to which it doesn't apply are going to get screwed by your poor advice. The others won't be terribly inconvenienced so I still consider it a fairly irresponsible thing to say.

I'd only do this if Mata keeps your passwords stored without an hash. Which, by standards, he'll probably do. (I don't see him changing the source code of IPS, no offence)

Why must you get so uppity every time anyone offers people decent advice? I think speaker was talking about Mata's passwords for administering the server, rather than every user.

Why bother with this sentence if you're immediately going to point out that it's probably bad advice in the next? It doesn't impart any information and is just confusing.

[Mata]

MTML - Moop is a pretty hardcore coder and has been in the industry for many years. With all due respect, I'm going to take his advice on this. For example, having anti-virus software is just a sensible precaution given the various server tricks that can be played: advising people against this is a little on the foolhardy side, because you only need one slip and somthing will get through.

[CrazyFooIAintGet...]

I'd like to add that Speaker's advice shouldn't be taken lightly. The attack surface presented to hackers by ubiquitous software like IPB & wordpress is pretty significant, so you do not want to be running old versions that have known security problems. And using strong passwords should be a no brainer anyway. It doesn't matter what security measures take place on the server has if someone can just guess it.

[SPEAKERfortheLOS...]

Thanks for agreeing. Working as the network administrator for a fairly large medical practice I come across this problem all the time. Unfortunately, before I came on board, the practice had an issue with data security and couldn't manage to get rid of the conficker worm/virus due to their issues. Its just amazing what out-of-date software and bad passwords can cause.

<pulpit>

The tenents of the Network Security religion are:
1. STRONG PASSWORDS
2. UP-TO-DATE SECURITY SOFTWARE
3. UP-TO-DATE APPLICATION SOFTWARE
4. MINIMAL USER RIGHTS
5. RTFM

</pulpit>