U3DA Phishing and Malware warning in Firefox

[seppgirty]

chrome is still showing this as a maleware site. i had to switch to IE to view.

[FHembree]

I get same warning.

[Finis]

Read all previous in this thread.

As of this post the site is still infected. The malware code is still in the front page (main site page, not the forum). Safety of the rest is unknown.

Prodigy, or someone, seems to be doing something since the front page was down earlier.

Today is the last day to restore the backup. I'll not request that unless Prodigy says to do so. The backup probably isn't pre-infection anyway.

[Steinie]

https://blog.sucuri.net/2016/07/joomla- ... lware.html" onclick="window.open(this.href);return false;

[Finis]

Anyone hear from Prodigy? Looks like he's doing something. The front page doesn't have the bad line in it now.

Joomla has not been updated. The Sucuri scanner shows a different message: blacklisted and "probably comprimised". Click the "force rescan" link or you'll see cached stuff. The google blacklist warning still shows in Firefox.

Although the host makes weekly backups and only keeps one there is allegedly a tool to make our own. If that can be automated great. We could make monthlies.

[Draise]

He has been working on it, from small side chats on facebook, fixing the frontpage - but he hasn't been able to get rid of the blacklisting from google yet.

So.. the threat technically is gone - now it's just.. yeah.

[Steinie]

He has to submit our site to google and they will rescan our site.

[stan]

That's great it's gone but what has been done to make sure it doesn't come back? We are still using old code? Does anyone know if anyone was affected by the malware?

[Finis]

I hope no one got malware. Especially the ransom ware that Norton blocked from my machine.

I guess Prodigy will give a status update when he is done. I think the site is safe in the immediate sense. Reasons: Bad code gone from the front page, Sucurri scanner finds no infestation, only google is black listing us*, and no members have recently reported attacks when visiting the site.

Armor:
- Older backups. Investigate do-it-yourself backup options. Hopefully we can make one each month keep and a couple of them.
- All our software, Joomla, plug-ins/extensions, phpBB, should to be updated to the latest versions and kept up to date.
- Please change your passwords to long unintelligible gibberish. Moderators, can this be forced (after login a user must change password to proceed)? Can a strong passwords be enforced?
- More ideas for site armor?

*google has a racket going there. Site owner/admin/whatever has to get an account with them and have it verified to request a re-scan to get off of their list even when the threat is gone. Google is evil. Since no other scanner, like Norton Safe Web (link), lists us as dangerous I think U3DA is safe for now.

[Draise]

I still get the blacklisting in Firefox on Android and on Win 10