Hacked! How we got attacked by malware fiends and lived to tell the tale.

Yes, my Web site was hacked. What was almost as damaging, though, were the tools set up to warn people about it.

By  

Fortunately Frank F., our man at Doreo, was on the job. WIthin an hour he had tracked down the problem. Our OpenX software -- one of the programs we use to serve up rotating ads and banners on our site -- had been hacked. Two new admin accounts had been created, both with IP addresses based in Germany. And these two arschlochs had inserted a tiny bit of Javascript code into our banners, so that anyone who clicked on them would be redirected to a malicious site that might do god knows what to their computers -- most likely install malware.

Turns out this was not an uncommon problem with OpenX. For the past year attackers have routinely exploited vulnerabilities in OpenX to serve up 'malvertising' to unsuspecting users. To its credit, OpenX has patched these holes as quickly as it finds them. Unfortunately, we didn't know about these vulnerabilities, and we had not patched our software. We simply set up OpenX to rotate some banners and forgot about it. That was a mistake.

Getting rid of the malware was as easy as getting rid of OpenX. (Hasta la vista, baby. Don't let the virtual screen door hit you on the way out.)

A bigger problem? Getting our site off of Google's blacklist. Even after we'd gotten rid of the malicious code, visitors to our site were still seeing those scary red screens telling the world we were bad bad webmasters who must be shunned. And this was happening on a day that the Google gods had been smiling down upon us, sending us lots of traffic.

It's like getting that cute guy or girl down the hall to finally notice you, on the day you've got a big juicy canker sore on your lip.

In a word, oy. But it gets worse.

My personal site, dantynan.com, was also red flagged. Why? Because I'd installed a widget that served up a scrolling list of headlines from eSarcasm. This meant any other site that had installed that same widget (a few hundred at last count) would also display the Red Screen of Death. This was very bad.

Fortunately, StopBadware has a simple process for reviewing sites that have cleaned up the nasty bits from a hack attack. We submitted our site and waited.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question