Malware Update, Again
So: we found backdoor shells and various files infected with eval() and unescape() items that turned into the nasty iframes. We decided the best thing to do was throw it all away and start from scratch.
We've changed all the passwords every twenty seconds to various strings of unintelligible gibberish. We've thrown away every bit of code from the old site and re-downloaded fresh, current items. We've scanned incessantly for injection vulnerabilities without finding any. I scanned my laptop with three different AV programs. We updated every bit of software to be the latest and greatest. The server is now in full Dwarf Fortress mode. This time I think we killed it, but these things require constant vigilance and only time will tell.
In the process we broke some things—say hello to yet another ugly, not very functional version of the board!—but right now we're just trying to get online. If/when this proves stable we'll start restoring the stuff that was broken. Cross your fingers.
January 26th, 2011 at 3:31 PM ^
This reminds me of the old layout. I kinda like it.
January 26th, 2011 at 3:32 PM ^
When all this is sorted out (and safe), I recommend some Beveled Guilt clicks - this can't be cheap/easy...
January 26th, 2011 at 3:33 PM ^
Brian Cook FTW. Suck it Malware....
January 26th, 2011 at 3:35 PM ^
Anyone else experiencing the same problem?
January 26th, 2011 at 3:39 PM ^
You just have to right click on the arrow, and click "open link in new tab".
January 26th, 2011 at 3:38 PM ^
But I can't create a new thread to discuss my opinion about what Fritz Crisler would have thought about Antonio Poole's commitment!
Also, Doc Saturday is doing his annual defense of the recruiting gurus. Today's installment was pretty interesting. Teams with better recruiting rankings in the Big 6 conferences won a collective 66% of the time--despite sub-par (based on recruit rankings) seasons from Texas, Michigan, Georgia, and Notre Dame. Notre Dame isn't uncommon, but if the other three win their average number of games over the past decade, the percentage would jump significantly.
January 26th, 2011 at 3:39 PM ^
Is this some hack attack from a jealous osu fan, or something?
purdue is pissed re: their erstwhile qb. could be them. (first snake oil, now hokus pokus)
can we get some theorists out there?
can we shut down some rival sites just to feel a little better?
this wasn't just a random event. they are out to get us.
(check behind the grassy knoll.)
January 26th, 2011 at 3:50 PM ^
I'm inclined to believe that Al Qaeda in conjunction with Danny Hope and Drew Sharp is somehow responsible...
January 26th, 2011 at 4:09 PM ^
well the original title of the malware started with osu. so i was lead to believe it started in columbus but I have found where it really orginated. It came from the campus of WVU. I'm amazed as everyone else here but the further i looked into it the clearer it became. they have been slowly planting iframes into the code of the greatest michigan website ever to get back at michigan for stealing RR and beilein. the sad thing about it is that it took over 3 years to work and RR is already gone. This tricky hill jacks down there apperently know how screw with computers. conspiracy theory number #3
January 26th, 2011 at 4:27 PM ^
This can only mean one thing:
War!!
We need an all volunteer army of al Geeka jihadists.
Kill their web sites.
Rape their blogs!
Hack up their tweets and Face Book pages.
no mercy.
go blue
this will not stand.
(nothing quite as sweet as revenge)
January 26th, 2011 at 3:42 PM ^
Guess those CE degrees proved valuable.
Hope you get it straightened out in a hurry./
January 26th, 2011 at 3:44 PM ^
Dwarf Fortress mode? So the whole server is going to be wiped out brutally by a swarm of rats or a posessed one-armed old woman?
January 26th, 2011 at 11:28 PM ^
The whole server will be driven out of cyberspace by Durin's Bane: A Balrog, a demon from the ancient world.
January 26th, 2011 at 3:44 PM ^
MGoBlog:1, Malware:0
January 26th, 2011 at 3:48 PM ^
So: we found backdoor shells and various files infected with eval() and unescape() items that turned into the nasty iframes.
Dammit Brian get your mind off of ASS and fix the site.
January 26th, 2011 at 3:49 PM ^
I don't understand a word you just said but I'm glad you do.
January 26th, 2011 at 3:49 PM ^
I thought it was my fault for the lousy post I had about Bush/Woodson. I figured so many people were trying to neg it at once that it broke the MGoIntertubes.
I'm very fortunate that nobody has the vote app right now.
January 26th, 2011 at 3:50 PM ^
its like 2006/2007 all over again.
January 26th, 2011 at 3:59 PM ^
Since the board isn't super useful right now, I'm going to suggest everyone take a few minutes to follow @LeakTweet on twitter and get some recently released music. Tons of albums available for download. I'm working my way through the new Talib Kweli album, "Gutter Rainbows."
Enjoy!
January 26th, 2011 at 4:04 PM ^
It would make me feel young again.
January 26th, 2011 at 4:51 PM ^
I plus 1ed you in my heart. Not the same as replying with a clever fake username, I know.
This sort of thing never happens with Blogger, I just have to believe.
January 26th, 2011 at 4:09 PM ^
please tell me my mgopoints weren't erased! I've spent so long posting witty remarks, funny gifs, and saying whatever the masses wanted to hear that I couldn't bare going through that again...
January 26th, 2011 at 4:26 PM ^
Can't start a thread but just saw this on SI.com
January 26th, 2011 at 4:29 PM ^
January 26th, 2011 at 4:35 PM ^
Forcier Hurricane.
January 26th, 2011 at 4:38 PM ^
January 26th, 2011 at 5:50 PM ^
Netscape FTW
January 26th, 2011 at 11:29 PM ^
Netscape? Did that come on CDs like AOL?
January 27th, 2011 at 6:33 AM ^
The internet has porn? I'm still buying dirty mags from 7/11...
January 26th, 2011 at 4:45 PM ^
My anti-virus still does not want me opening forum topics on the right side. I get the red box warning every time. I might try Firefox and see if that helps.
January 26th, 2011 at 5:49 PM ^
It was like this when I first joined. memories....
January 26th, 2011 at 5:53 PM ^
I'm on a Mac running OSX 10.5.8 using FF 3.6.13.
Have any Mac users out there experienced an actual infection that they've had to remedy because of this?
January 26th, 2011 at 5:59 PM ^
I have not seen any indication of actual malware (OSX 10.5.x, chrome)
January 26th, 2011 at 7:01 PM ^
No -- from the descriptions online, it has a group of .exe files as its core, which won't run on a Mac.
I'm not sure about the situation if you have Fusion or Parallels running Windows in the background with no barriers or protection -- I suppose it could somehow find its way onto the virtual machine and infect that (the Mac side would still be fine).
January 26th, 2011 at 7:47 PM ^
"Constant Vigilance" - Mad Eye Moody
January 26th, 2011 at 9:58 PM ^
I'm just glad the gosh darn thing works (sorta). After the day I've had, if the site hadn't come up, I'd have gone out to club a baby seal.
I have to use IE to get here, but darn it, I think it was worth the effort.
January 26th, 2011 at 11:15 PM ^
I expect this is the bad side of webblogging for a living. Good to know that a Michigan technical education is still serving you well.
January 26th, 2011 at 11:57 PM ^
but it works now- Mac/Safari
January 27th, 2011 at 7:49 AM ^
Hello old friend (MGoBlog).
I've missed you.
January 27th, 2011 at 8:39 AM ^
Malware is the worst, just the worst.
Thanks for hanging in there and bring MGblog back to life. I need my daily obsession with all things Michigan!
January 27th, 2011 at 9:35 AM ^
It's still acting up for me on the forum topics.
January 27th, 2011 at 10:45 AM ^
Although i was able to post a reply to the main page posts, there are still 2 techinical difficulties I am experiencing with the MGoBoard. 1) I am unable to start a new topic. I have the required points to do so but not seeing the option on the top left of the board. 2) I also noticed that on the MGoBoard posts, when I try to post a reply there is no box for the comment part, there is just a box for the subject. Any way this can be resolved? Thanks!
January 27th, 2011 at 11:03 AM ^
Malware is awful, but this timing is awfully suspicious...
DB goes retro by hiring Hoke, mgoblog goes retro with its look...I'm just sayin...coincidence?
Let's get the "DB-MALWARE-ATTACK-TO-FORCE-PRE-RR-LAYOUT-ZOMG-QUICK-TO-THE-FLIGHT-TRACKER!!!" conspiracies rollin.
Comments