Looks like pw was hacked and some bad code placed (again) in the site footer. I’ve removed it and requested a re-evaluation of the site, but Google tells me that can take “several weeks” — and I still have no idea how to stop the insertion of this bad code.
Personally, I can’t reach the site on Firefox; I am able to reach it on Safari and Internet Explorer.
I’ve contacted my host to see what he can do, but I haven’t heard back from him. Evidently, this just happened. My site is not even yet listed on badware.
Also, I’ve tried responding to several emails and I’m getting error messages. My domain appears to be blocked on att.net, so if you’ve emailed me and didn’t get a response, that’s likely why.
I have no idea what to do going forward. This is where we are.
*****
update: you can safely bypass any warning you receive. Until this is resolved, I’ve changed my browser security settings to allow me to get to the site.
There don’t appear to be any untoward consequences to bypassing the warning page. On the other hand, Sparty is down 10 pts to Nebraska in the early going, so. . .
I’m using Firefox right now, and also not seeing any warning (running Trend Micro.)
Was the site itself hacked, or was it in the banner ad rotation?
Whatever the code was meant to do, it failed pretty miserably on my system. Ran a full scan right after I saw the warning the first time and it came up with nothing.
So basically it’s just an inconvenience.
Got the warning from Google, then bypassed it.
I was able to bypass the warnings on Firefox (took a few tries though).
It was that crap that was inserted in the footer. This happened before. But I caught it before the site got placed “on the list”.
THose of you who use Twitter, or follow me there, please re-tweet my latest Tweet that tells people to ignore security warnings.
Too bad, too. PW was enjoying a kind of resurgence, now that I’ve been able to sell it on Twitter and bypass the linky linky gatekeepers somewhat.
For now I went into options/security in Firefox and unchecked the “block all reported attack sites” option.
Same thing happened to the country in an administration hack. Didn’t catch it in time.
If you trust the site, and you don’t frequent a lot of potentially skeevy sites, you can do this: go to options/security on Firefox and tell it not block reported attack sites for the time being.
I just hit ignore or whatever it said and I’m not having any problems.
I saw no problems coming here on Firefox. No warnings, nothing. Everything’s fine for me.
With the espn football talking heads all insistent that the Eagles must win tomorrow night, I’m feeling better than ever the Pokes are gonna beat ’em like a drum.
Kinda like I do with the cw on Mitt Romney. The man is toast.
TSK9 —
Can you go to your security settings and see if you have your browser set to check for attack sites? It’s under preferences and then security.
I guess you can take this as meaning someone’s finding your writings to be a threat. A rather dubious blessing, unfortunately.
(Finally got in, but had to exit and leave to get the warnings to stop.)
Jeff, since I can’t access your email at the moment Im posting this here for redact once you’ve read it.
– There are only so many ways a hacker can access your site source code or ftp files. Check with your host. Hackers either have to gain access to your admin log-in or utilize server-side cgi apps. Those are the only two direct ways to access your account and make changes (bad code over-writes) that could trigger security protect scripts.
– They can get indirect access through RSS/Newline/AD Banner feeds.
– Best guess is it was a server wide attack, not a single site attack, but your provider will know if that’s tha case.
In other, vaguely related news, this is what democracy looks like:
Or, “See the world how we see it or we will hurt you.”
Thanks BBH.
My host hasn’t yet responded to any of my emails. He’s in Australia, so likely he’s sleeping.
That could be the motto of the entire left.
No warnings on Droid’s Opera.
Check the Pub, Jeff. It’s eaten up with spammers, and is a subdomain.of pw. Could be that’s the entry port.
“Since they will not stop belittling the occupiers, we will simply shut them down.”
“We’ve got handcuffs, and we know how to use them. You have 24 hours to respond.”
Vanderbilt is beating No. 10 Arkansas 28-17. This is a BFD.
Disregard that previous comment; the Football Gods were just having a chuckle.
One of those Husker kids is named Epaminondas.
Hell, she could as easily say it against the public sector unions, as an electricity utility company standing apart from government.
cleared cache & cookies, restarted the browser, no warning this time.
Apple MacBook Pro. No problems in Firefox. No problems in Safari.
maybe related. i couldn’t log in using the log in function at the bottom of post. it gives a 404 error. i had to use the log in on the side bar.
newrouter, I had the same problem, but no warnings about the site.
What newrouter and David Block reported: me too.
No malware warnings! The site’s clean again. Stupid hackers.
Login problems too, as noted above.
OT.. I lit up the range with my new hand-toy, a Kel-Tec PMR-30. Sweet; 30 rounds of .22 WMR in under 10 seconds. A veritable ‘fountain of hot lead’.
Yea, Thanks for the heads up on using the log-in on the sidebar. I had considered that, but figured “why would that work”? and hadn’t tried.
i had to use the log in on the side bar
Likewise.
Aha! That works. Pity that I forgot what I was going to say.
Serr8d —
I was looking at that pistol, and also the RFB. Reviews?
The most amazing thing about the PMR-30 (besides the magazine capacity) is it’s light weight, being a polymer-framed pistol. I put only a couple mags through it today; one issue I noted is the difficulty in getting the last 2-3 rounds loaded in the magazines. I may not have the ‘hang’ of it yet, because I actually dented the brass cases of several already-loaded rounds, having to compress the magazine spring with additional rounds. Kel-Tec should’ve added a thinger to help compress the magazine spring, other than simply relying on pressure from additional rounds against already-loaded rounds. But 25 rounds (half a box) are easy enough to load.
Offhand accuracy is good enough to plug small game, out to whatever range your eyes will allow with ‘iron’ sights. The sights are easy to pick up, bright red – green optic cables concentrate any available light. I haven’t installed a laser on the built-in rail system yet; probably won’t, as this tool is intended as a target – small game device, not as a self-defense weapon (although with 30 rounds per mag, with two loaded mags, one could certainly use it as such if the .40+’s were out of reach or out of ammo).
Cheap to shoot (50 CCI Maxi-Mags can be had at Wal-Mart for $15), easy to carry, an attention-getter at the range. Kel-Tec can’t keep up with demand (I had to wait 6 weeks after ordering mine for it to come in). For the price, around $400 MSRP, I’m happy.
The RFB is another trick pony entirely. A .308, bullpup-class, roughly three times the cost to own and to shoot as the PMR-30. My .308 has a target bbl and is on a traditional ‘black rifle’ frame, with a ‘target’ scope, as befitting the round’s capabilities. Seems a shame to dump those out of a bullpup, really.
@BBH #16:
Don’t forget SQL injection.
Jeff, you’ve probably already seen this, but in case you haven’t…these are probably all good steps to take to avoid a future hack:
http://codex.wordpress.org/FAQ_My_site_was_hacked