Wednesday, October 19, 2011

Malware Again 10/19/2011

I don't know what to tell you on this. Either we're extremely bad at security or we're really disliked by Russian hackers. This afternoon the site started redirecting once again when attempting to access it. I've checked our files, nothing has been updated to cause the redirect. All our .htaccess files are un-edited since 10/13. I've looked through other files and see nothing updated to have caused this redirect. We've asked the host for assistance.

You can still donate to the fellowship walk. I've added the chip-in widget to our blogspot temporary blog. Donating $20 or more will still enter you to win the Mad Catz gamer gear and any donation at all will enter you to win the 2,500 Turbine Point codes. Theses are all separate from the site and are not affected.

18 comments:

  1. Ok, that really sucks, I hope you get it running properly again soon.

    ReplyDelete
  2. Not sure if this is of any help: http://digwp.com/2010/07/wordpress-security-lockdown/ but it has resources about wordpress security.

    ReplyDelete
  3. The host blamed the last hack on WP or our theme. Specifically that I don't update things (which is untrue, there was nothing on our site that wasn't up to date). I installed exploit scanners and none of them found anything with wordpress. I've checked our wordpress files and nothing appears to have been modified.

    I'm not convinced that this hacking is due to our negligence despite what we keep being told.

    ReplyDelete
  4. Good luck Goldenstar and Merric...the last hack I had to fix required a reinstall of Wordpress, but it was a small site and didn't take much effort to restore.

    And thanks Caleb for the resource - looks like some great advice!

    ReplyDelete
  5. I have to admit I've not used this, but I've read that this plugin can catch some of the more obvious attacks:

    http://www.seoegghead.com/software/wordpress-firewall.seo

    or

    http://wordpress.org/extend/plugins/wordpress-firewall-2/

    ReplyDelete
  6. Oh guys I am so sorry! I hope it gets resolved again soon. Why in the world do Russian hackers want to hack your site?? Just to be mean? Jeez.

    ReplyDelete
  7. Geez, of course, they only go after the popular and heavy trafficked sites.. so there is that :)

    ReplyDelete
  8. I just noticed when i got a warning while trying to enter your site... good luck fixing it!

    Just wanted to post a comment about a kinmember i showed the Poorly Hidden Chest in the Haunted Burrow. He didnt know how to find it or what drops from that chest. I tried all of my 9 chars and no Mount drop... his first try and he got the Glowing Green Skeleton Mount! Life is soooo unfair! But im really happy for my Kinnie! ;)

    ReplyDelete
  9. Wait..the glowing green one? I'd only gotten confirmed reports of it dropping last years.

    ReplyDelete
  10. Yes, someone please confirm it's drops the GREEN horse!!! I'll park all my chars in there till the end of the fest if that's the case!!!

    ReplyDelete
  11. For all the festival folks looking for last years guide.

    http://web.archive.org/web/20110207205905/http://www.casualstrolltomordor.com/2010/10/fallfestival2010/

    ReplyDelete
  12. Sorry to hear that! I hope its not too difficult to get it fixed.

    ReplyDelete
  13. In fact, a lot of people consult and use your site, you cleaned your bases and your host checked everything BUT the malware could be on one of the intervener posting on your site, without this one be aware of it, and each time this intervener would use or upload something on your site ..... you are infected again. May be ask to all the people uploading on your site to check their own bases and computer ....

    ReplyDelete
  14. I hope you get it resolved soon. My hunch is that your host is on the right track; the problem very well be in your theme or a plugin. There have been reports of a large number of hacks through a vulnerability in TimThumb.php, which is used in a lot of themes and plugins:

    http://markmaunder.com/2011/08/01/zero-day-vulnerability-in-many-wordpress-themes/

    ReplyDelete
  15. Hope you get it sorted soon. gotta admit it is suspicious that you get hacked again so soon after the last hack and when there's a charity drive going on

    ReplyDelete
  16. I'm not sure if this will help, but there is currently a mass attack of websites. Sophos has provided some analysis at the site below. Check any PHP scripts which may be in the site.

    http://nakedsecurity.sophos.com/2011/10/19/analysis-of-compromised-web-sites-hacked-php-scripts

    ReplyDelete
  17. Just curious: are other sites hosted with the same host affected? You can update things on your end, but if the host doesn't do its apache updates and stuff, you still will end up getting hacked.

    When the host says your stuff isn't up-to-date when it actually is, I would sack them. That's no customer service when the first thing they do is telling it's your own fault.

    ReplyDelete
  18. Could it be malware being served from the ad servers ?

    ReplyDelete