It was part of the testing for the problems people were having getting the last change to take.
You're right. He's evil. But you should see him naked. I mean really!
Buffybot ,'Dirty Girls'
Buffistas Building a Better Board ++
Do you have problems, concerns, or recommendations about the technical side of the Phoenix? Air them here. Compliments also welcome.
§ ita § - Jul 08, 2012 6:37:45 pm PDT #3239 of 4673
Well not canonically, no, but this is transformative fiction.
Consuela - Jul 13, 2012 6:21:26 am PDT #3240 of 4673
We are Buffistas. This isn't our first apocalypse. -- Pix
So Google claims that the alt.buffistas.net site is infected:
Of the 1 pages we tested on the site over the past 90 days, 1 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2012-07-11, and the last time suspicious content was found on this site was on 2012-07-11.
Malicious software is hosted on 1 domain(s), including vznrahwzgntmfcqk.ru/.
This site was hosted on 1 network(s) including AS6936 (NETGATE).
§ ita § - Jul 13, 2012 6:32:33 am PDT #3241 of 4673
Well not canonically, no, but this is transformative fiction.
How can I find out if buffistas.org is also infected? Where do you get this information?
§ ita § - Jul 13, 2012 6:41:34 am PDT #3242 of 4673
Well not canonically, no, but this is transformative fiction.
Okay, I went to Google's webmaster tools (good god, they get into fucking everything--it's exhausting), and they think alt.buffistas.net is infected and buffistas.org isn't which would be a cute achievement, since they are exactly the same unless someone's hijacked the DNS.
Which I'm assuming Suela would notice if we'd all been replaced by Russian mobster AIs.
So I've submitted that URL for a review. We'll see what happens.
Rob - Jul 13, 2012 7:42:28 am PDT #3243 of 4673
If it's the same problem I had with my iStrata hosted server it's based on a Plesk exploit. The attacker users Plesk to insert some evil JavaScript into index.html files. It could be that the more complex setup of b.org defeats the script.
I ended up changing all the control panel account passwords and applying two patches and I think that's taken care of it. I didn't see any new accounts or cron jobs and the security scan came up clean.
I think [link] pretty much covers what you'd need to do.
Consuela - Jul 13, 2012 8:41:33 am PDT #3244 of 4673
We are Buffistas. This isn't our first apocalypse. -- Pix
Russian mobster AIs would not, I think, be capable of earworming Dana with five musicals simultaneously.
§ ita § - Jul 13, 2012 9:50:26 am PDT #3245 of 4673
Well not canonically, no, but this is transformative fiction.
We already dealt with the Plesk exploit. I can't think why one of the URLs would be showing anything to do with it and not the other.
Unless there are two Plesk exploit malware issues?
Rob - Jul 13, 2012 12:21:51 pm PDT #3246 of 4673
There are two. I had patched the first one right after you patched b.org but never heard about the second.
In plesk, check Server -> Action Log and see if any of the CP logins look fishy.
Does b.org have an index.html? I'd assumed not, since it's dynamically generated. The only thing the hacker did on my server was mess with various domain's index.html files.
§ ita § - Jul 13, 2012 12:35:11 pm PDT #3247 of 4673
Well not canonically, no, but this is transformative fiction.
There is one (it's a server down page--I yank index.php in that case), but it's kashrut like pesach.
And I got no explanation for that urge to express. I'm gonna get some chocolate.
Lee - Jul 14, 2012 7:57:10 am PDT #3248 of 4673
The feeling you get when your brain finally lets your heart get in its pants.
I'm gonna get some chocolate.
Finally, a sentence I understand!