The Tournament Director Forums
Main => Suggestions => Topic started by: Corey Cooper on October 13, 2009, 12:09:17 PM
-
Yesterday the Tournament Director website was hit with a virus. It compromised a lot of pages, and I spent a good few hours cleaning it up. I believe I have it cleaned at this point.
Mainly it tried to add some tasteless advertising to the site, but it also attempted to redirect your browser to a page with known browser exploits. I was using Firefox 3 and the virus was unable to redirect my browser. I hope this was also the case with other browsers. I tried to visit the intended destination using the Chrome browser and it immediately warned me that it was a known bad site. Again, I hope that other browsers would do the same.
The end effect, it seems, was to break the forums, but that's about it. I'm sorry if anyone else was affected by this. Please let me know if you notice anything strange on the site.
-
yeah I just got the bad page warning via Chrome just now... how annoying it must be for you, as well as a kick in the balls for the business... good luck bud
-
Believe me, it is. It hit two days in a row. Since then I've updated all passwords, update the forum software (to patch any security vulnerabilities), and now have a script that I can run at any time to detect and clean up the site in a matter of seconds. That's the lazy programmer way. Get sick of doing something, and he will write a script to do the work. :)
I don't see a warning with Chrome, however. And according to my script, the site is clean. What page gave you the warning?
-
just went on again tonight and I have this page bookmarked : http://thetournamentdirector.net/forums/index.php
It gave the warning again via chrome
-
The only thing i saw, was that the complete site was down for a few hours.
This was 2 day's ago.
I don't get any virus warnings.
I'm using AVG as my virusscan
-
just went on again tonight and I have this page bookmarked : http://thetournamentdirector.net/forums/index.php
It gave the warning again via chrome
That's odd. I don't get a warning with Chrome.
I've been running the "check" script multiple times a day, and manually checking various files I know were hit previously. The site is clean. I checked some log files and it appears that the culprit managed to get the ftp password, and that's how the site was compromised. As I said previously, the passwords were changed and since then nothing has happened.
And just to clarify, the "virus" was not really the same thing as a virus you might get on your PC. Basically, the culprit modified a number of the pages in such a way that, when you visited the Tournament Director website, it was SUPPOSED to redirect your browser to a website that contained a number of browser "exploits" - code that could hopefully get around browser security and infect your computer with a virus/trojan/adware stuff. I say "supposed" to because using Internet Explorer 7, Firefox 3, and Chrome 3, it did NOT in fact redirect any of my browsers.
Edit: By the way, thank you for the info.
-
Got the warning just now with Chrome.
-
I wonder if it is the version of Chrome. What version are you guys using? Mine is 3.0.195.27.
-
I wonder if it is the version of Chrome. What version are you guys using? Mine is 3.0.195.27.
Same for me.
-
Same Chrome version here and the same virus warning for me just now. IE 7.0 doesn't object at all.
-
It seems that it is Google who have registred the homepage as "suspicious" according to the helpfile.
According to the Google logs, they have visited the site 10-21 and still found "malicious software" on the site.
-
Just to put people's minds at ease, here is Google's report of the site. Would someone with Chrome who has seen the warning take a screenshot of it and send it to support@thetournamentdirector.net? Maybe I can get someone at Google to let me know what's going on. (ha)
-
Here you go.
-
Thank you very much, I'm seeing it now in Chrome. Not sure why Google's malware reports aren't sync'ed up...
-
There was indeed still some nasty stuff in there. The good news is that the location that all of this hacked code was sending browsers to is apparently defunct, so there wasn't any chance of infection.
I've modified my scan script to be a lot more sensitive and it found the last (I hope!) of the bad stuff. My Chrome warning went away as soon as I emptied Chrome's cache (the wrench icon, then "Clear browsing data" - you only need to clear the cache). Or, when you hit the TD forums and get the Chrome warning, you can press Ctrl+F5 to make it reload everything. This should make it go away.
Thanks very much to everyone for helping with this.
-
I just installed chrome.
No warnings whatsoever.:) Looks good.
-
Thank you.