Jump to content
Justin

Atari I/O Malware "Security Warning" Issue - UPDATE

Recommended Posts

Is there a way of backing up the data files that contain the posts, members, and forum data? Go into the server, delete and re-install everything? The forum will probably be down for awhile. But it should clear the virus. If it is within the account folder itself. Some of this Redirect Virus can be planted on the server and infect more than just one website.

Share this post


Link to post
Share on other sites

I don't get it on the main page, but once I click on a topic I still get the red warning page on Chrome. Also...don't feel bad, it appears another of my haunts Vogons.org has been hit and I'm not able to access that site at all because my Malwarebytes software in my PC will flat out not let me due to a trojan detection on their end. When I try and bypass this, I just get an error page that the site isn't responding properly or something to that effect. So..yeah...not just atari.io

 

Share this post


Link to post
Share on other sites

Well, I wasn't getting it on the link I have saved directly to the forums but once I paid a visit to the main site it went back to being "dangerous."  I don't see anyone dangerous on here.  

Once the main page loaded up it went to a blank screen and asked me to please update my Adobe Flash...again.  Some where in the main page's code is a bot that activates randomly.  It's most likely some sort of link not related to anything Atari I/O.  I'm going to see if I can't crack this thing in the butt.  I'm going to purposely trigger that link and view the code.  Maybe somewhere in there is the secret to where this thing is coming from.

Share this post


Link to post
Share on other sites
53 minutes ago, kamakazi20012 said:

Well, I wasn't getting it on the link I have saved directly to the forums but once I paid a visit to the main site it went back to being "dangerous."  I don't see anyone dangerous on here.  

Once the main page loaded up it went to a blank screen and asked me to please update my Adobe Flash...again.  Some where in the main page's code is a bot that activates randomly.  It's most likely some sort of link not related to anything Atari I/O.  I'm going to see if I can't crack this thing in the butt.  I'm going to purposely trigger that link and view the code.  Maybe somewhere in there is the secret to where this thing is coming from.

FYI - I am still getting the warning for every thread in the High Score Squadron section.

Share this post


Link to post
Share on other sites

Well, after viewing the code, I found a server-side error that failed to load.  I'm not sure if it is related or not because it doesn't appear to be a part of anything else the site uses.  And when I clicked on the link that failed it did return with a "not found" error.  When researching what that link did I was surprised to find that it is a direct link to Adobe for using web fonts which are added to the site when a browser "loads" this website.  

From what I learned in college, we never used Adobe for web fonts because it was unreliable.  We were told to use what Google offers instead.  Not sure if what I found is relevant or not but I thought it might help beat a path back to the cause of this issue.  

On a plus note, I didn't get the dangerous alert when I came back to the forums directly.  It's only happening on the main portion.  Might I suggest remaking the index.html page?  That might delete the malware.  If you change that you might fool the malware.  But I would seriously consider moving away from WordPress for a main page.  Instead I would create one using HTML 5 and CSS 3 without WordPress being involved at all.  There are some free hosting sites, some with ads, some without.  If that is an option then let me know and I will report back with what I know.  I used a few free ones before and had good results with a few of them.

There's also the option of replacing the main portion with a backup that is dated before all of this stuff happened if that has been done.

 

Share this post


Link to post
Share on other sites

I'm doing everything I can to help and I may have stumbled on to something.

AtariIOScreenshot2.thumb.jpg.f41cdb044a8abd5417d7d8f790233e6b.jpg

Somewhere in Atari I/O's main index some links are being repeated...once as a standard, non-secure link and once again as a secure link (https).  No matter what, though, the typekit link keeps coming back with a 404 error.  If you can't use it I would remove those links.  I would also convert those http links to https links.  You should only have to put an "s" at the end of the "http" portion.  That should help some.  Atari I/O is also trying to get fonts from a "gstatic.com".  When I went to research that link guess what I discovered?

Quote

The Gstatic Virus is a dangerous application that works in a way very similar to an Adware program. ... The virus creates a large number of advertisements whenever you start your internet browser or load a page/tab/link while browsing. The goal of these Ads is, of course, to generate revenue for whoever created the virus.

Find out where in your WordPress code (check HTML and PHP codes) that link sits and remove it from the site!  It's bad news.  That could very well be where your problem is.

I did more research on it and discovered that "gstatic.com" is often seen mistakenly as a virus when all it's doing is using resources directly from Google.  But if it is not being used I'd take it off.  I'd definitely take off those links to "typekit" as they are not working.

Edited by kamakazi20012
corrections

Share this post


Link to post
Share on other sites

Just accessing this topic in the forums will cause google to throw the malware indication screen now. So simply with your guys posting stuff about this it causing a problem now LOL!!

Most other parts of the forums are fine and yes the main page does still trigger only now I can't get past it because DNS.org comes up flagging it as blocked now. So even if I tell google to go ahead and access the unsafe site, DNS.org jumps in and says 'Oh Hell no!!!' and yeah...

 

Share this post


Link to post
Share on other sites
On 10/20/2019 at 9:02 AM, Justin said:

:pow_big:

 

Hi everyone,

Your browser may be giving you a malware "security warning" when you visit Atari I/O. I'm aware of this issue and working to resolve it. The forums have been updated with their latest security update this morning and should currently be a safe place to visit despite the security warning.

The malware issue is affecting the "main" side of the website (http://www.atari.io) which runs on Wordpress. The forums side of the website (https://forums.atari.io) has always been hosted on a different server and runs on different software, which is more secure.

However, because Google has detected the malware issue in the Wordpress part of our website, they have issued a warning for the entirety of Atari I/O until the issue has been completely resolved. Once I've been able to identify and remove the malicious content from the Wordpress side of the site, I will need to request a security review from Google and provide them with documentation showing the changes made to the site.  This may take a little time.

If there's "a doctor in the house" and you have experience removing malware from Wordpress sites and would like to volunteer your assistance in helping me resolve this issue please send me a PM.

I will be working on this and will keep you updated as I reach important milestones.

 

Best Wishes to All!

 

sig.png

 

any update Justin? I'm getting it everytime with Chrome...

Share this post


Link to post
Share on other sites

The Forums were just upgraded to the latest version and inspected for Malware. It came back with a clean bill of health:

2819601F-739A-4F2F-99F0-C0DBBBECD4D9.JPG

 

The Malware is definitely contained within the main section of the website which houses the Blog and is built on Wordpress. When I built that part of the site in 2014 I thought Wordpress was a pretty versatile and reliable way of going about this. I would like to avoid having to rebuild that portion of the site entirely. I love the clean design. It may need to be rebuilt on a platform other than Wordpress though. In the meantime I'm going to continue working with Kamakakazi20012 to resolve this issue once and for all.

A special THANK YOU to all of you here who have offered your input, tolerated "warnings", and trudged on regardless. You're all our classic gaming family and I'm glad you're here.

I always think of Atari I/O as being "an experience". Does that sound silly? I want Atari I/O to be like what you would feel going into an arcade, Chuck E. Cheese, or your favorite pizza parlor with arcade games. Or a theme park. I was having lunch in EPCOT building some of this site when it was new thinking about this being "an experience". This whole Malware thing interrupts that experience like nothing else, and what's worse is it undermines trust in our site. The Malware issue is the must frustrating thing I've experienced since the site went live. I will get it resolved soon. The site isn't going anywhere. Happy Holidays everyone!

:invader: Justin 

Share this post


Link to post
Share on other sites

I still only get the warning when I access the forums the first time. Once I click to go for it without a condom, it is fine from there on including this thread. I haven't tried to access the main site in sometime so maybe I should give that a try and see if anything is different on my end?

 

Share this post


Link to post
Share on other sites

I've been brave using Edge as my browser to visit this site.  I did get a tab open up about malware on MY computer that would not go away no matter what I did...so I pulled the plug on my computer.  That solved that issue.  That happened a couple of days ago.  

On 12/23/2019 at 10:31 AM, Justin said:

On the upside, we're now officially "THE MOST DANGEROUS ATARI SITE ON THE INTERNET" :Nolan_Bushnell:

In more ways than one 😄

Share this post


Link to post
Share on other sites
On 12/23/2019 at 10:28 AM, Justin said:

The Malware is definitely contained within the main section of the website which houses the Blog and is built on Wordpress. When I built that part of the site in 2014 I thought Wordpress was a pretty versatile and reliable way of going about this.

WordPress is not safe at all from hackers.  It's popular because people use it to make their blog sites and it's free to use.  There's even a downloadable version of WordPress one can use on a local PC.  Even the local ones can get hacked sometimes.  I know...I tried...and what I had got attacked on a personal server within a few days of setting it all up.  I was forced to start everything fresh on that server again.  I never reinstalled WordPress.

On 12/23/2019 at 10:28 AM, Justin said:

I would like to avoid having to rebuild that portion of the site entirely. I love the clean design. It may need to be rebuilt on a platform other than Wordpress though.

To completely avoid those attacks you might have to consider moving away from WordPress entirely.  I like the design as well but that CSS can be copied and reused in a custom-made webpage.  The main portion of the site is only a few pages long and you would be able to incorporate that database you always wanted.  That's only a couple of pages more.  So, your looking at about five pages in total because some can be reused over and over for other areas.  I would recommend rebuilding it without using WordPress.  HTML5 and CSS3 can do a LOT of cool things these days.  More than when I was in college having to learn them.  

What I can't do is build a blog like what you are using in a reasonable about of time.  For a single person that can take months to complete.  I don't mind doing any of it but I'm only one person and doing just the main portion of the site can take a couple of months of designing, building, and testing before the finished product.  Just say the word and I'm on it!  All I would need from you is a copy of the style you used for its code.  It would have to be slightly modified to work with HTML code instead of looking for WordPress stuff.

When/if you are ready I can make some mock-ups for you and others to view.  It would be nice to put my college studies to good use.  I've not been able to use them since I graduated in '13.  You'd be amazed how many have turned me down when I tell them where I went to college at.  That college is now shut down the last I heard...or the online portion is anyway.

The main page can be redone to almost how you have it now using jquery.  Everything I would use is free, no buying necessary.  if your Atari.io host name is associated with WordPress at all you would need to find another host.  There are some free ones out there but there are also ways to use a home computer as a server for the site as well, most features being free, and NO-IP can set you up to allow incoming traffic to a single, dedicated computer, for about $35 a year.  At least that's what I paid in 2013.  I never renewed it.

There are options out there.  I'm one of them.

Share this post


Link to post
Share on other sites

I'm also still getting the warning.  What's worse is that it sometimes takes several clicks on "show details" and then "continue anyways" to get it to finally load.

I'm sad to say this seems to be killing the site (which is extremely sad).  Not a lot of activity, no new members.  What can I do to help?  It may be time to bypass the wordpress site and have the the main url redirect to the forums. 

 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...