10 replies to this topic

[Mike]

I had to close the site on Friday afternoon following browser warnings that we were serving malware.

Because this site runs on a dedicated server, I'm responsible for all maintenance so to be sure I'd fixed the problem I had to employ a third party to run scans and identify where the "security hole" was, identify which part of the system or file structure had allowed the exploit to occur - and of course be 100% sure it was fixed. It turns out that it was the old xpmediacentre site which appears to have been the target and not this one.

Back in January when I switched over to Invision form software, I had to leave the old site in place on the server to enable individual thread and post redirects to send visitors who followed the all the old backlinks out there to find the corresponding content here. Even though I had believed that nobody could access the old site, it seems under certain circumstances it was still possible, and because I hadn't upgraded it in over 8 months it was a soft target.

The first job was to completely remove the old site to avoid any possibility of a repeat incident, after that new server software was installed and new scans run which all came up clean. I finally got it sorted out late yesterday afternoon, then it was off to Google and others to lodge a request for a security review to be able to get rid of those horrible red warning screens - and here we are.

I'm still scratching my head about why the wankers that do this stuff even bother with a small, under-the-radar website like this one, and according to the security experts I hired, there was nothing to be concerned about anyhow, no virus or malicious script was found - they believe it was an uploaded image file which had triggered the warning - so at least we can all feel good that our browsers are working well and taking care of us.

My apologies for any inconvenience or alarm this incident may have caused.

Mike

[hutchley]

Mike - thanks for all the hard work in getting things straightened out.

[DDH]

Mike, thanks, as always, for keeping one of the sources of my addiction alive.

[morphjk]

Mike seeing you had to pay for a security expert and I know that you normally don't except donations but if you were willing to on this occasion then I would be very happy to make a donation to assist with the costs

Sent from my Galaxy S

[morphjk]

Mike just so you know I just got the warning again. This was after clicking on a link to an old post.

[bill24]

< snip >

Thanks Bill but I'd rather not advertise bogus login information from BugMeNot - I'm sure you understand why.

As for what they have over there - it was wrong anyway however I've now banned the account and submitted a block request to BugMeNot.

Thanks for the heads up but perhaps a PM might be a better idea in future. - Mike

[Mike]

@morphjk - thank you sincerely for the kind offer of a donation, but I'll have to decline I'm afraid. The crappy advertising covers the cost pretty well these days, and even though revenue has been down since the change of domain name, it still pretty much covers all costs and as long as that continues I've said I won't accept donations. If however circumstances change, I'll be sure to let everyone know.

As for the warning appearing again, I haven't seen it so it's a bit difficult to know where to look. As part of my housekeeping yesterday I removed lots and lots of files & old directories and 5 scans since that clean-out have produced nothing.

I'm not sure how Google runs its checks but as I write, it's showing as clear in all my browsers and MSSE is quiet as well. Hopefully it was just something in the cache showing up - if not I'm in trouble since I wouldn't know where to start looking next.

Fingers crossed...

[morphjk]

No worries at all Mike.

It was the link in this post but I just tried it again and didn't get the error.

When I got the error before it was in Firefox. Trying Internet Explorer it didn't do it but now it is fine other than url not being found.

[debo]

thanks Mike for sorting the issue

[Tak]

Thanks from me too Mike, I'm just glad I wasn't suffering from a media centre problem at the time as I wouldn't have known where else to go

At least it's forced me to update my bookmark to the pcmediacentre site, my old favourite was still pointed at the xpmediacentre site that's still getting a warning screen.

[Mike]

my old favourite was still pointed at the xpmediacentre site that's still getting a warning screen.

You gotta love the internet cache.

I completely removed that account & DNS from my server yesterday and still it shows a warning!