Friday, October 21, 2011

Site Update: 10/21/11 2:00pm Eastern

I'm prepared to give the all clear on this one. We are successfully moved on the new server and have remained malware free for a whole day! Google has cleared the malware warning so you shouldn't be smacked in the face with that any longer either.

We are still working on little things to recover from the last attack but for the most part we are back to business as usual with most (if not all) the posts restored.

Thursday, October 20, 2011

Site Update: 10/20/11 12:00pm Eastern

The site has successfully been moved to the new server. The malware warning from google will remain until they conduct a review of the site. There is nothing I can do about that.

We had to do a restore and as a result we lost posts from Tuesday afternoon on and all the comments. The comments are lost but I have been able to pull up copies of the posts from my blog writer to restore at least the information.

The host is finishing tweeting and securing everything on the new server but we should be back up and running this afternoon.

Again - I cannot do anything about the malware message. If you are concerned until it is cleared, please avoid the site. The google warning is not something I control.

Site Update: 10/20/11 10:00am

We just got word from our host that they are attempting to do a restore of our site on a fresh server. CSTM will continue to be down for a while.

In an attempt to still be helpful I have posted the 2010 Fall Festival Guide and the Printer Friendly Version of the Haunted Burrow Map to google docs for reference for everyone.

The quests have not changed from 2010 version. The only updates to the 2011 version is the new horse, new cosmetics, 4 new maps and the consumable deeds. You can still use the guide to find and complete all the quests for the Fall Festival. Have fun!

Wednesday, October 19, 2011

Malware Again 10/19/2011

I don't know what to tell you on this. Either we're extremely bad at security or we're really disliked by Russian hackers. This afternoon the site started redirecting once again when attempting to access it. I've checked our files, nothing has been updated to cause the redirect. All our .htaccess files are un-edited since 10/13. I've looked through other files and see nothing updated to have caused this redirect. We've asked the host for assistance.

You can still donate to the fellowship walk. I've added the chip-in widget to our blogspot temporary blog. Donating $20 or more will still enter you to win the Mad Catz gamer gear and any donation at all will enter you to win the 2,500 Turbine Point codes. Theses are all separate from the site and are not affected.

Thursday, October 13, 2011

Site Update: 10/14/11 2:00am Eastern

The blog has remained malware free!

  • Site scans are reporting us infection free
  • Google has removed the warning associated with our site when attempting to visit.
  • We've monitored our .htaccess file and it has not been modified since before 4pm today and staying stable.

I'm unsure of any other fail safe that I should perform at this point.

I think it may be safe to return to CSTM's main site!

Site Update: 10/13/11 7:00pm Eastern

I'm happy to report that since about 4:00pm the site has been clean of the malware script! Since it was running hourly I have to say this is a very good sign. It also appears that Google has removed our malware warning when visiting the site as well.

Things are looking up. Let us do some verifying, monitoring and scanning and we'll let you know if the site stays clean enough for us to return to!

Site Update: 10/13/11 3:30pm Eastern

Malware script is still running. We noticed the .htaccess file hacked again at 2:45pm. Host has been alerted and is quick to respond that the script is embedded in several places. They are scanning the entire account (apparently again as we were told they were scanning last night.)

For now please continue to avoid using the CSTM web site until things are cleaned up.

We believe this to be the work of Saruman's agents.

And don't forget to vote for us in the Podcast Awards today! Cuz if you don't, some malware free podcast will totally win and that's just not acceptable! Pffftttt ... clean virus free site. What is the podcasting world coming to. All the cool sites have malware these days...

Site Update: 10/13/11 12:00pm Eastern

Our server host believes to have found and removed the code altering our site into a malware redirection robot. The warning from google will remain up until google reviews the site and finds it malware free so the warning will continue for a while.

Merric and I are testing the site and will be running scans of our own to make sure it a) is malware free and b) stays malware free for several hours and the script doesn't change things again.

The site is not ok to view but we are closer to resolution than before! We'll keep you updated!

CSTM and the Malware Attack

Monday evening around 9:00pm Eastern, we started receiving reports that our site had a malware redirect issue. Merric was with Baby Hobbit and I was actually grocery shopping so we weren't sure what happened or changed with our site to allow this to happen.

Merric has put in a ticket with our host and to attempt to temporary stop the issue researched and corrected our .htaccess file to stop the redirect to the malware site and we promptly change all our passwords.

However this fix was only temporary as a script is hidden somewhere in our files to change this file repeatedly to ensure this malware redirection stays up. Merric tried several things to prevent access but no luck.

Our host is currently scanning and trying to find the script causing all this trouble for us. We may also need to start from scratch on a new word press installation. That is the only information I have to give right now but I wanted to keep everyone up to date.

Please DO NOT visit as we do not feel it is safe. We hope to have it corrected soon but I have no ETA.

I have redirected our RSS feed to our Temporary Halt to Mordor blog to keep updates going from us. We are also posting any news we have on our Facebook page.