Quick note to those who do not check the front page: Malware was detected embedded in the Wordpress' code, and could have been there as far back as June 23rd. I found a file full of potentially infected hosts, hosted here: https://blessedra.in/files/docs/hits.html As far as I know it only infects Internet Explorer and Firefox users with out of date Java installed. If your IP is on that list, I urge you to check your machine.
Yes, I found it odd that Avast said malware on the network bound traffic scanner. Atleast I know I wasn't crazy. Edit: My IP is on the list, yes. But nothing is my machine... My Anti-Virus has been very good at stopping infections before getting on my machine and do damage. It can detect while .zip files download and attemp to remove during the download before it even gets on my hard drive. It's why I Sonic 2HD demo download kept getting corrupted and unreadable. But I'm double-checking again to be sure. 2nd Edit: I like to add that I'm checking right now and will post anything suspicious that I found. I keep all parts of Winodows fully update to date. Hi-Jack This, I see nothing odd there. Anti-Virus and Anti-Spyware check in progress. 3rd edit: Nothing found.
My IP is also on this list, my usual antivirus found nothing, but I am currently doing a scan with malwarebytes. Thanks for the heads up. Is there any information available on the nature of this malware?
I was wondering why my computer picked up a virus. I've haven't got one since before college... Regardless, Avast! cleaned it up for me so its not a fatal kind of virus at least.
Nope, you'd have known if something would have happened, you'dve gotten a broken page and Java would have popped up, and you'd have to actually been using IE at the time.
While I have the ability to, I thought I'd give you all an update. I've dis-infected the home page, and we've switched Retro over to a CloudFlare setup. CloudFlare is basically this really fancy service that a lot of people are using these days, which claims to protect and speed up websites by bringing advantages of "the cloud" to conventional sites. Because the system they use is so simple, it's also quite a bit less susceptible to security problems than the webserver we use. They also actively monitor incoming connections for people doing things they shouldn't do, and challenges their ability to connect to the site. Being in the cloud, it geographically distributes cached content from the site, so people far away from Retro's actual server may notice an increase in speed, and it reduces Retro's bandwidth usage as well. It's not perfect though. You may notice occasional cloudflare error pages, or sometimes Cloudflare goes down when the site does not. I made a whole report and everyone else weighed the options and decided to just use Cloudflare, that the potential hiccups every so often were worth the no-effort security layer. Some people may still not be able to reach Retro yet because we had to overhaul the DNS setup to use Cloudflare. Everyone should hopefully be caught up within a matter of hours after this post. If you know someone who's STILL stuck over 4 hours past the timestamp on this post, let me know.
I went over it in the original post, all it was was a Wordpress "0-day" exploit that tried to exploit outdated versions of Java and Adobe Reader in vulnerable Firefox and IE versions, and dropped a list of IPs it tried to infect on the server to come back and get later.
AVG just blocked an "Exploit Blackhole Exploit Kit (type 2170)" from me just opening up the RSS feed o.0
Would someone be able to explain how it was possible to list which IP addresses were affected, and why that list was hosted outside of Retro?
It seems to be back again... My Anti-Virus just flashed a warning and blocked the front page. Is there a bug in the version of WordPress being used? This is unnerving.
AVG's blacklist (assuming you're using AVG) takes a few days to clear, even if the website itself is clean (which Retro now is). No need to panic.
Not using AVG. Didn't this server run on a cloud? Could it be cached copies from my ISP or something else?
Just happened once (around the time I posted it). Avast (Internet Explorer - Lastest Version), I don't really use Java for anything when I browse the web that I'm aware of. Be nice to know if I needed or not, I guess. It probally was a fluke as my ISP probally didn't clear it's servers.