OK, this is weird. Google Chrome decided to mark Retro as 'hosting' malware right now. This just happened right now. I have no idea why as well. Lemme restart me browser, just in case :P I use Avast!, which says this site has a good rating but Chrome decided to freak all out right now :l Any idea why? Does anyone else have this problem? Edit: Oh hey, there's this thing called Test Take 2 on the front page. No idea what it is :P Could anyone shed some light?
I'm kinda glad I'm using the shitty PS3 browser during these times. :v: I was using Firefox 12 before my computer went to shit last month bytheway.
im using Firefox and the same thing just happened, I open the page and firefox blocks it as suspicious. I open the report page and says there is nothing wrong with the site yet it still blocks it. My antivirus is Avast. EDIT: forgot to mention that I wasn't checking the frontpage (sonicretro.org) but I have the forum bookmarked and clicked it, so basically I've got the blocking when entering the forum.
Using Google Chrome. Only reason I choose not to care about said malware is because I'm using a temporary loaner computer from the school while mine is being fixed, so I don't care what the hell I do to this thing.
Antivirus programs have nothing to do with it. I'm running Firefox on OS X with no AV (lol mac) and got this warning: …and eventually a link to this site: http://www.stopbadware.org/firefox?hl=en-US&url=http%3A%2F%2Fforums.sonicretro.org%2F So, this feature is intrinsic to Firefox, regardless of whether one has an AV and of its identity.
Oh yeah, I got that too. I honestly can't remember the order in which, and exactly how, I got to each page – but I got them both.
The forums are safe. Here's the deal. Last night it came to our attention that Google had found malware on the front page again. We confirmed that this was indeed the case and promptly took the front page down to sanitize it. As a result of Google's detection, however, any browser that uses Google's safe browsing database - including Firefox and Chrome - will report the entire site (including the forums and wiki, both of which are safe) as having malware until we get removed from that database. We also have a new list of possibly infected IP addresses that we will be posting soon.
To follow up suuuuper fast: The infection started at 10:51 p.m. Central time last night and went on until about 3 a.m. the next day. We did the normal best practices of dealing with an issue like this last time around (security audit, clean install, etc.) but overlooked one file that allowed it to propagate again. At this point, we're fairly confident that's the source. We have the logs of all IPs affected. The plan right now is to run those against both our forum and WordPress IP user logs to notify people. Coffee coffee buzz buzz buzz
It's just people managing to crack Wordpress. Unfortunately this is a relatively new attack and it hasn't been patched yet. I reinstalled wordpress to the very latest version personally last night, so my best guess is they still have some vulnerability to squash.
Okay, so I realised that the "block" (applied by ScarredSun while I was asleep) for the homepage was done improperly, and some files were left available (not accessible unless you were looking for them) and Google found all the files used in the backend for the malware and those were left available, so I did it properly like I had done it when I found the first infection, making those files unavailable and hopefully Google will notice they are gone soon and drop the warnings. Basically, since Google indexes every page on a website, they're able to make a list of every infected file and keep the warning up unless all of them disappear. I made them all disappear, we're just waiting for them to realize.
Only just came up for me today and I got it again just now...that Google warning I mean. I sure hope the issue goes soon.