DON'T GO TO OUR HOME!!! ROKA!!!

[Canukistani]

it's been hacked.  the news page isn't showing and my comp security gives a Virus has been Removed msg when i go there.

[Jelly]

Is it those "blader" people? (when you over over the names, the E-mail adress has 'blader' in it)

The ones that spam?

[Canukistani]

i dunno

[Jelly]

Do you mean the homepage? Just doesn't show up? Cause' it did when I tried it.

[Canukistani]

it didn't show up for me and i got webtraffic virus removed notice

[Jelly]

It works...for me anyway...a couple of times lately when I've been on it, the news didn't show up, just the login bit for news staff.

[Shendare]

Nothing appears to be out of the ordinary to me, aside from the comment bot spam in some of the news posts.

 

Of course, I'd never seen the site before, so I couldn't say what it's supposed to look like normally. ;D

[Roxinos]

Looks fine and works fine for me.

[Canukistani]

well, mine's screwed, i'll try it on IE

[Canukistani]

nope, i can't go to Home anymore.  anyone have any ideas?

[Jelly]

Well, you could do what I did a while back- delete all anti-virus software as it's darn annoying.  8)

 

Or if you don't fancy that...let me think....

[Roka]

You can't get a virus simply by going to a link Canuki (unless you use old IE :D), I don't know what's up with your anti-virus program, but if anything is hacked, it's that program, not the site...

 

 

[Canukistani]

i don't know, i sent an email to my tech support with the problem

[Canukistani]

i use firefox 2.whatever and i tried with the new IE

[Jelly]

Is your anti-virus thing locking onto certain words?

[Dunbar]

works for mah!

[cosmicpanda]

I get this:

 

2/28/2008 3:04:04 PM:

 

HTML/TrojanClicker.IFrame.AG trojan connection terminated - quarantined LAPTOP\Admin

 

Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.

 

stupid viruses. Y'all should get your computers checked.

[Jelly]

ha! It's blocking I-frames!!! rofl :D

[Shendare]

You know what, CP's right.

 

It looks like someone managed to inject code into the page calling for the browser to open a malicious website and try to hack the visitor's computer. The malicious site itself has been taken offline, but the harmless code injection residue is still around, and CP's anti-virus caught it.

 

Apparently what infected the SG website (among many others on the Internet) is being called the Argentina Attack, since the malicious website was based in Argentina.

 

This is the URL that gets injected into the web pages:

 

usuarios.arnet.com.ar/alvarezluque/morgan.html

 

Of course, it is now offline, but I still de-linkified it. Apparently that particular server houses many users of questionable scruples, so I wouldn't recommend browsing around or you might find another with viruses or malware attached.

 

This is the Google search that yields information about the attack and possibilities for fixing the server:

 

http://www.google.com/search?q=usuarios.arnet.com.ar%2Falvarezluque

 

This is a page that talks about a WordPress plugin that may have been one method the hacker used to infect websites. It's possible the SG website has a similarly vulnerable plugin if it runs off WordPress:

 

http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2007-05/msg00010.html

 

It is highly recommended that the server admin check the PHP files, any CMS system files and their plugins, and the database itself to try to find where this code is getting injected from and clean it.

 

Failing surgical removal, other admins have had to request a rollback to a previous site/database backup in order to get rid of the problem.

[Canukistani]

HA!! TOLD YOU ROKA!!!  better get to the website to fix it.

[Roka]

Zyr! Fix it! :D

[TheMasterDude]

aah...and lazyness again prevails 8)

[Gerrendus]

No, zyr is our resident tech overlord

[Master Blade X]

Well Shendare sounds really good with computers too.

 

As for me I get lost trying to find something that's equivalent to wordpad.

[Dunbar]

openoffice? <.<