Pop up ads

Does what it says on the tin!
User avatar
CharlieM
Posts: 55
Joined: Wed Nov 01, 2006 3:11 pm

Post by CharlieM » Tue Oct 05, 2010 1:10 pm

No, this is a real virus which is trying to drop down onto every visitors machine. It has been around for a while and most virus checkers will catch it but that is no reason to do nothing. I know Bruce is away and Nige is in Tibet or somewhere but I have offered my help 24 hours ago and nothing at all?

The simple thing to do for now would be to create a very simple html page explaining that the site has temporarily been taken down and place that in the root of the site while everthing else is moved down into a subdirectory until someone can fix it.

My set up is already issuing a warning about visiting the site, advising that the site has a history of hosting malware.

I, and many others, link back here and as of now we are linking to a known bad neighbourhood which is not good, especially as CDGC is on a shared IP address with several other sites. There are many links in the CDGC forum and it is quite a hassle finding all of them and removing them but I guess I have to now.

User avatar
Jon
Posts: 306
Joined: Mon Nov 28, 2005 4:31 pm

Post by Jon » Tue Oct 05, 2010 3:24 pm

Please don't assume nothing is/has been done.... also please don't assume 24 hours is a long time for a site run by volunteers the server administrator of which is out of the country!

A little background.....

The forum and bdga site run on the same host within the same hosting space. An exploit was used to infect every single php file on the server with code that called upon a third party (evil) site. After initial investigation and attempts to contact administrator for a restore from backup had failed the site was downloaded, cleaned (by which I mean manuallyish removing the offending code from over 600php files!) and reuploaded.

The Joomla site (main BDGA site) was the likely culprit and was immediately patched to the latest version within that fork! Unfortunately this was obviously not enough and it got reinfected.

Subsequently the BDGA site has now been disabled with all scripts redirecting to a holding page (which will be updated with some basic detail soon). The forum has currently been allowed to continue, however if it turns out the phpbb code is being exploited this will have to be taken off line as well.

Going forward
Despite uneducated claims to the contrary updating the current BDGA site from Joomla 1.0.x to 1.5.x is a BIG job. There are many extra addons and modules that will simply not work, let alone the job of moving the content. The site is over 5 years old now (I believe) and has had little attention during that period.

This is however a requirement now, but should not be expected in the coming days.

Likewise moving the forum to the latest phpBB version 3, whilst much more possible, is still a fair amount of work to bed in. This will however be undertaken asap.

Now that's quite enough of my work time been spent on this.... I'll think I'll go and do what I'm actually paid for!

User avatar
TheGroover
Posts: 477
Joined: Mon Nov 07, 2005 8:26 am
Location: Oxford
Contact:

Post by TheGroover » Tue Oct 05, 2010 3:39 pm

Great effort, Jon. I for one appreciate the work you've done, as I am sure does everyone else.
----------------
Keep up to date with Oxford's summer league...
Oxdisc blog: http://oxdisc.blogspot.com

User avatar
CharlieM
Posts: 55
Joined: Wed Nov 01, 2006 3:11 pm

Post by CharlieM » Tue Oct 05, 2010 8:35 pm

Please don't be offended or think I don't appreciate that the forum is run by volunteers, I do exactly the same for several fora and websites.

My point was not that 24 hours was too long as such, but that it was long enough for serious damage to occur to users, the BDGA and the sport at large. I was simply expressing my anguish at the situation given that I had offered my assistance and heard nothing and the measures that have now been taken, which I recommended, could be actioned in minutes.

Also it has been 24 hours since I offered to help by either taking down the site my self or to advise anyone who had access on what best to do not 24 hours since the threat started.

I thank you for taking it down now!

User avatar
richard
Posts: 444
Joined: Sat Nov 05, 2005 8:07 pm
Location: Croydon, Surrey
Contact:

Post by richard » Tue Oct 05, 2010 9:38 pm

Evening all

Just wanted to back Charlie up here... I got infected by the virus/malware thingy I suspect and talked to both Charlie and Westie about it yesterday. I also had a right b0££icking by my boss for nearly screwing up the works system as well!

We all know we do all we do on a voluntary basis but when something urgent needs attention, it needs attention urgently! The virus has been around for quite a long time now. i know Charlie wasnt being rude or impatient, just concerned.

thanks for getting it sorted... i am banned from work!!!
BDGA #259
PDGA #8840
-------------------------------------------------------
Croydon DGC: Hyzer Cup Champions 08/09 and 2013/14

User avatar
Nige
Posts: 85
Joined: Wed Oct 26, 2005 9:49 am
Location: Shropshire
Contact:

Post by Nige » Fri Oct 22, 2010 10:52 am

Site's now back up and running in a slightly vanilla fashion. Thanks to Jon for sorting things while I was chucking plastic in the Himalayas :D

Looks like the issue was arising from the Joomla install, which is now updated to the latest stable version - as Jon alluded to, that's no quick and easy job, and some functionality has fallen by the wayside for the time being. For all intents and purposes, though, it's fixed.... The forum will also be updated in due course. Not all of us have thumb-twiddling jobs, so it's down the to-do list a ways!

Now, everyone go get Firefox and NoScript....

User avatar
West
Posts: 2624
Joined: Thu Oct 27, 2005 4:51 pm
Location: Leamington Spa, UK

Post by West » Fri Oct 22, 2010 2:25 pm

Cheers Nige! :D
"West"
PDGA: #8823
BDGA: #250
Twitter: @WestDiscGolf
BDGA DoC 2007 - 2011

User avatar
Village
Posts: 1024
Joined: Mon Nov 07, 2005 1:54 pm
Location: I could tell you, but then I'd have to kill you

Post by Village » Fri Oct 22, 2010 7:37 pm

Firefox FTW!!
The worst thing about having a failing memory is.....no, its gone...

Running with scissors since 1977

BDGA 173 PDGA 8831

Mark.A.D
Posts: 624
Joined: Thu May 06, 2010 7:19 pm
Location: Leamington Spa

Post by Mark.A.D » Sun Oct 24, 2010 3:49 pm

Ive just been redirected to a virus type page when trying to load the forum, I'm using safari so don't say it's my fault
Hyzer Cup Champions 09/10, 10/11, 11/12, 12/13
BDGA #357
PDGA #45315

Tapanote
Posts: 12
Joined: Wed Sep 15, 2010 8:06 am
Location: Tampere, Finland

Post by Tapanote » Sun Oct 24, 2010 6:32 pm

Same with Chrome and Firefox...

User avatar
rhatton1
Posts: 1692
Joined: Wed Oct 24, 2007 12:13 pm
Location: Leamington Spa
Contact:

Post by rhatton1 » Mon Oct 25, 2010 6:44 am

Once again Java script coming off is stopping the problem but yep its there again. Slightly different this time.
www.discgolfuk.com
richard@discgolfuk.com
Home of the Midlands One Day Series
Talk to us about courses!

bruce
Posts: 2581
Joined: Thu Oct 27, 2005 4:13 pm
Location: Leamington Spa
Contact:

Re: Pop up ads

Post by bruce » Mon Oct 25, 2010 12:26 pm

As you can see, we've migrated the forum to a new version and have hopefully fixed the back end issue, so the BDGA site *should* be fully up and running again now.

I can only apologise to anyone who was adversely affected by this, as an IT security professional I can tell you that this kind of thing is a non-stop arms race; you can't win, you just have to fight a constant rear-guard battle, which we will try to be better at.

The Board is investigating options for purchasing some web security services, which should do 2 things; 1 - spot we have an issue faster, 2 - provide a remediation service that isn't dependant on our volunteer's availability.
[Standard post disclaimer] My posts are never intended to undermine the work of the Board or individuals putting in effort to grow the sport, they are my honest thoughts on the best ways to grow the game

BDGA: 145
PDGA: 8824

User avatar
JesseD
Posts: 470
Joined: Tue Apr 29, 2008 12:04 pm

Re: Pop up ads

Post by JesseD » Mon Oct 25, 2010 12:48 pm

cool, so does this this now make it possible for the bdga forum to work with forum runner app? :D
um,,,, ah,,,, um,,, a,,, um,, ah,,,

Scuttler
Posts: 533
Joined: Thu Oct 27, 2005 3:17 pm
Location: Edinburgh

Re: Pop up ads

Post by Scuttler » Mon Oct 25, 2010 1:19 pm

Ahhhhh, change. I hate change. Sends my borderline OCD nuts.

Seriously, though, well done to those involved in resolving the issue.

User avatar
Nige
Posts: 85
Joined: Wed Oct 26, 2005 9:49 am
Location: Shropshire
Contact:

Re: Pop up ads

Post by Nige » Mon Oct 25, 2010 1:35 pm

Fingers crossed this time....! There's a few different scripts on the BDGA site, most of which have now been updated to the latest versions, so here's hoping it 's finally fixed!

I think the feed address may have moved, too - it's now at http://bdga.org.uk/forum/feed.php for those who need it.

Enjoy :D

User avatar
Steve
Posts: 814
Joined: Wed Oct 26, 2005 11:33 am
Location: Shrewsbury, Shropshire
Contact:

Re: Pop up ads

Post by Steve » Mon Oct 25, 2010 7:34 pm

www.bdga.org.uk is still infecting pc's. I think it should be taken down until a fix can be found.
[url=http://www.shropdisc.co.uk/]Disc Golf In Shropshire[/url]

[color=red] BDGA # 266
[url=http://www.pdga.org/tournament/playerstats.php?PDGANum=8833&year=2007]PDGA # 8833[/url]
[/color]

User avatar
Steve
Posts: 814
Joined: Wed Oct 26, 2005 11:33 am
Location: Shrewsbury, Shropshire
Contact:

Re: Pop up ads

Post by Steve » Wed Oct 27, 2010 8:55 am

It's like groundhog day round here!
[url=http://www.shropdisc.co.uk/]Disc Golf In Shropshire[/url]

[color=red] BDGA # 266
[url=http://www.pdga.org/tournament/playerstats.php?PDGANum=8833&year=2007]PDGA # 8833[/url]
[/color]

Post Reply