sitebulletins

Malware Update, Again Comment Count

Brian

So: we found backdoor shells and various files infected with eval() and unescape() items that turned into the nasty iframes. We decided the best thing to do was throw it all away and start from scratch.

We've changed all the passwords every twenty seconds to various strings of unintelligible gibberish. We've thrown away every bit of code from the old site and re-downloaded fresh, current items. We've scanned incessantly for injection vulnerabilities without finding any. I scanned my laptop with three different AV programs. We updated every bit of software to be the latest and greatest. The server is now in full Dwarf Fortress mode. This time I think we killed it, but these things require constant vigilance and only time will tell.

In the process we broke some things—say hello to yet another ugly, not very functional version of the board!—but right now we're just trying to get online. If/when this proves stable we'll start restoring the stuff that was broken. Cross your fingers.

Comments

Zone Left

January 26th, 2011 at 3:38 PM ^

But I can't create a new thread to discuss my opinion about what Fritz Crisler would have thought about Antonio Poole's commitment!

Also, Doc Saturday is doing his annual defense of the recruiting gurus.  Today's installment was pretty interesting.  Teams with better recruiting rankings in the Big 6 conferences won a collective 66% of the time--despite sub-par (based on recruit rankings) seasons from Texas, Michigan, Georgia, and Notre Dame.   Notre Dame isn't uncommon, but if the other three win their average number of games over the past decade, the percentage would jump significantly.

Joined: 07/03/2008

MGoPoints: 16428

cazzie

January 26th, 2011 at 3:39 PM ^

Is this some hack attack from a jealous osu fan, or something?

purdue is pissed re: their erstwhile qb. could be them. (first snake oil, now hokus pokus)

can we get some theorists out there?

can we shut down some rival sites just to feel a little better?

this wasn't just a random event. they are out to get us. 

(check behind the grassy knoll.)

Joined: 01/26/2009

MGoPoints: 542

Philbert

January 26th, 2011 at 4:09 PM ^

well the original title of the malware started with osu. so i was lead to believe it started in columbus but I have found where it really orginated. It came from the campus of WVU. I'm amazed as everyone else here but the further i looked into it the clearer it became. they have been slowly planting iframes into the code of the greatest michigan website ever to get back at michigan for stealing RR and beilein. the sad thing about it is that it took over 3 years to work and RR is already gone. This tricky hill jacks down there apperently know how screw with computers. conspiracy theory number #3

Joined: 01/24/2011

MGoPoints: 1605

Dark Blue

January 26th, 2011 at 3:48 PM ^

So: we found backdoor shells and various files infected with eval() and unescape() items that turned into the nasty iframes.

 

 

Dammit Brian get your mind off of ASS and fix the site.

Joined: 10/02/2009

MGoPoints: -9388

Not a Member

January 26th, 2011 at 3:49 PM ^

I thought it was my fault for the lousy post I had about Bush/Woodson.  I figured so many people were trying to neg it at once that it broke the MGoIntertubes.

I'm very fortunate that nobody has the vote app right now. 

Joined: 01/12/2011

MGoPoints: 347

BlockM

January 26th, 2011 at 3:59 PM ^

Since the board isn't super useful right now, I'm going to suggest everyone take a few minutes to follow @LeakTweet on twitter and get some recently released music. Tons of albums available for download. I'm working my way through the new Talib Kweli album, "Gutter Rainbows."

Enjoy!

Joined: 07/03/2008

MGoPoints: 40730

jaggs

January 26th, 2011 at 4:09 PM ^

please tell me my mgopoints weren't erased! I've spent so long posting witty remarks, funny gifs, and saying whatever the masses wanted to hear that I couldn't bare going through that again...

Joined: 02/03/2009

MGoPoints: 4835

Don

January 26th, 2011 at 5:53 PM ^

I'm on a Mac running OSX 10.5.8 using FF 3.6.13.

Have any Mac users out there experienced an actual infection that they've had to remedy because of this?

Joined: 06/30/2008

MGoPoints: 148237

Rasmus

January 26th, 2011 at 7:01 PM ^

No -- from the descriptions online, it has a group of .exe files as its core, which won't run on a Mac.

I'm not sure about the situation if you have Fusion or Parallels running Windows in the background with no barriers or protection -- I suppose it could somehow find its way onto the virtual machine and infect that (the Mac side would still be fine).

Joined: 07/02/2009

MGoPoints: 2412

Njia

January 26th, 2011 at 9:58 PM ^

I'm just glad the gosh darn thing works (sorta). After the day I've had, if the site hadn't come up, I'd have gone out to club a baby seal.

I have to use IE to get here, but darn it, I think it was worth the effort.

Joined: 09/15/2009

MGoPoints: 35773

J.Swift

January 27th, 2011 at 8:39 AM ^

Malware is the worst, just the worst.

Thanks for hanging in there and bring MGblog back to life.  I need my daily obsession with all things Michigan! 

Joined: 10/31/2009

MGoPoints: 629

NYCJHGoblue

January 27th, 2011 at 10:45 AM ^

Although i was able to post a reply to the main page posts, there are still 2 techinical difficulties I am experiencing with the MGoBoard. 1) I am unable to start a new topic. I have the required points to do so but not seeing the option on the top left of the board. 2) I also noticed that on the MGoBoard posts, when I try to post a reply there is no box for the comment part, there is just a box for the subject. Any way this can be resolved? Thanks!

Joined: 01/09/2009

MGoPoints: 192

Dolphonkey

January 27th, 2011 at 11:03 AM ^

Malware is awful, but this timing is awfully suspicious...

DB goes retro by hiring Hoke, mgoblog goes retro with its look...I'm just sayin...coincidence?

Let's get the "DB-MALWARE-ATTACK-TO-FORCE-PRE-RR-LAYOUT-ZOMG-QUICK-TO-THE-FLIGHT-TRACKER!!!" conspiracies rollin.

Joined: 01/08/2011

MGoPoints: 549