Atari I/O Malware "Security Warning" Issue

[peteym5 211]

Is there a way of backing up the data files that contain the posts, members, and forum data? Go into the server, delete and re-install everything? The forum will probably be down for awhile. But it should clear the virus. If it is within the account folder itself. Some of this Redirect Virus can be planted on the server and infect more than just one website.

[RockyRaccoon 19]

It seems to be fixed at least forums side, I no longer get the red warning on the forum... still do on the main website.

[CrossBow 277]

I don't get it on the main page, but once I click on a topic I still get the red warning page on Chrome. Also...don't feel bad, it appears another of my haunts Vogons.org has been hit and I'm not able to access that site at all because my Malwarebytes software in my PC will flat out not let me due to a trojan detection on their end. When I try and bypass this, I just get an error page that the site isn't responding properly or something to that effect. So..yeah...not just atari.io

 

[nosweargamer 6,541]

Using Chrome, I didn't get the warning going into the forums, but I did when I tried to go to the Alleway HSS topic.

[kamakazi20012 2,973]

Well, I wasn't getting it on the link I have saved directly to the forums but once I paid a visit to the main site it went back to being "dangerous."  I don't see anyone dangerous on here.  

Once the main page loaded up it went to a blank screen and asked me to please update my Adobe Flash...again.  Some where in the main page's code is a bot that activates randomly.  It's most likely some sort of link not related to anything Atari I/O.  I'm going to see if I can't crack this thing in the butt.  I'm going to purposely trigger that link and view the code.  Maybe somewhere in there is the secret to where this thing is coming from.

[nosweargamer 6,541]

53 minutes ago, kamakazi20012 said:

Well, I wasn't getting it on the link I have saved directly to the forums but once I paid a visit to the main site it went back to being "dangerous."  I don't see anyone dangerous on here.  

Once the main page loaded up it went to a blank screen and asked me to please update my Adobe Flash...again.  Some where in the main page's code is a bot that activates randomly.  It's most likely some sort of link not related to anything Atari I/O.  I'm going to see if I can't crack this thing in the butt.  I'm going to purposely trigger that link and view the code.  Maybe somewhere in there is the secret to where this thing is coming from.

FYI - I am still getting the warning for every thread in the High Score Squadron section.

[Scott Stilphen 427]

Atari IO gave me Pac-Man fever.  Just sayin.

[kamakazi20012 2,973]

Well, after viewing the code, I found a server-side error that failed to load.  I'm not sure if it is related or not because it doesn't appear to be a part of anything else the site uses.  And when I clicked on the link that failed it did return with a "not found" error.  When researching what that link did I was surprised to find that it is a direct link to Adobe for using web fonts which are added to the site when a browser "loads" this website.  

From what I learned in college, we never used Adobe for web fonts because it was unreliable.  We were told to use what Google offers instead.  Not sure if what I found is relevant or not but I thought it might help beat a path back to the cause of this issue.  

On a plus note, I didn't get the dangerous alert when I came back to the forums directly.  It's only happening on the main portion.  Might I suggest remaking the index.html page?  That might delete the malware.  If you change that you might fool the malware.  But I would seriously consider moving away from WordPress for a main page.  Instead I would create one using HTML 5 and CSS 3 without WordPress being involved at all.  There are some free hosting sites, some with ads, some without.  If that is an option then let me know and I will report back with what I know.  I used a few free ones before and had good results with a few of them.

There's also the option of replacing the main portion with a backup that is dated before all of this stuff happened if that has been done.

 

[kamakazi20012 2,973]

I'm doing everything I can to help and I may have stumbled on to something.

Somewhere in Atari I/O's main index some links are being repeated...once as a standard, non-secure link and once again as a secure link (https).  No matter what, though, the typekit link keeps coming back with a 404 error.  If you can't use it I would remove those links.  I would also convert those http links to https links.  You should only have to put an "s" at the end of the "http" portion.  That should help some.  Atari I/O is also trying to get fonts from a "gstatic.com".  When I went to research that link guess what I discovered?

Quote

The Gstatic Virus is a dangerous application that works in a way very similar to an Adware program. ... The virus creates a large number of advertisements whenever you start your internet browser or load a page/tab/link while browsing. The goal of these Ads is, of course, to generate revenue for whoever created the virus.

Find out where in your WordPress code (check HTML and PHP codes) that link sits and remove it from the site!  It's bad news.  That could very well be where your problem is.

I did more research on it and discovered that "gstatic.com" is often seen mistakenly as a virus when all it's doing is using resources directly from Google.  But if it is not being used I'd take it off.  I'd definitely take off those links to "typekit" as they are not working.

Edited November 20, 2019 by kamakazi20012
corrections

[CrossBow 277]

Just accessing this topic in the forums will cause google to throw the malware indication screen now. So simply with your guys posting stuff about this it causing a problem now LOL!!

Most other parts of the forums are fine and yes the main page does still trigger only now I can't get past it because DNS.org comes up flagging it as blocked now. So even if I tell google to go ahead and access the unsafe site, DNS.org jumps in and says 'Oh Hell no!!!' and yeah...

 

[nosweargamer 6,541]

Not sure why, but it's gotten worse for me. Now I am seeing the warning everywhere on the forum when using Chrome on my desktop.

Edited December 4, 2019 by nosweargamer

[StormSurge 2,375]

Same here. It was looking good for a few weeks but not the past few days.

[CrossBow 277]

I still only get the Chrome warning when I first type in Forums.atari.io and browse. Once in, it doesn't come back up so that at least has cleared up because just trying to access this thread was triggering it for a while.

 

[TrekMD 1,339]

I still get the warning on Chrome.  I don't get any kind of warning with Firefox. 

[Arenafoot 2,319]

On 10/20/2019 at 9:02 AM, Justin said:

 

Hi everyone,

Your browser may be giving you a malware "security warning" when you visit Atari I/O. I'm aware of this issue and working to resolve it. The forums have been updated with their latest security update this morning and should currently be a safe place to visit despite the security warning.

The malware issue is affecting the "main" side of the website (http://www.atari.io) which runs on Wordpress. The forums side of the website (https://forums.atari.io) has always been hosted on a different server and runs on different software, which is more secure.

However, because Google has detected the malware issue in the Wordpress part of our website, they have issued a warning for the entirety of Atari I/O until the issue has been completely resolved. Once I've been able to identify and remove the malicious content from the Wordpress side of the site, I will need to request a security review from Google and provide them with documentation showing the changes made to the site.  This may take a little time.

If there's "a doctor in the house" and you have experience removing malware from Wordpress sites and would like to volunteer your assistance in helping me resolve this issue please send me a PM.

I will be working on this and will keep you updated as I reach important milestones.

 

Best Wishes to All!

 

 

any update Justin? I'm getting it everytime with Chrome...

[Justin 6,343]

The Forums were just upgraded to the latest version and inspected for Malware. It came back with a clean bill of health:

 

The Malware is definitely contained within the main section of the website which houses the Blog and is built on Wordpress. When I built that part of the site in 2014 I thought Wordpress was a pretty versatile and reliable way of going about this. I would like to avoid having to rebuild that portion of the site entirely. I love the clean design. It may need to be rebuilt on a platform other than Wordpress though. In the meantime I'm going to continue working with Kamakakazi20012 to resolve this issue once and for all.

A special THANK YOU to all of you here who have offered your input, tolerated "warnings", and trudged on regardless. You're all our classic gaming family and I'm glad you're here.

I always think of Atari I/O as being "an experience". Does that sound silly? I want Atari I/O to be like what you would feel going into an arcade, Chuck E. Cheese, or your favorite pizza parlor with arcade games. Or a theme park. I was having lunch in EPCOT building some of this site when it was new thinking about this being "an experience". This whole Malware thing interrupts that experience like nothing else, and what's worse is it undermines trust in our site. The Malware issue is the must frustrating thing I've experienced since the site went live. I will get it resolved soon. The site isn't going anywhere. Happy Holidays everyone!

 Justin 

[Justin 6,343]

On the upside, we're now officially "THE MOST DANGEROUS ATARI SITE ON THE INTERNET" 

[nosweargamer 6,541]

Good news: for the first time in awhile, I was able to get the forums on my desktop without the warning.

However trying to go to this thread triggered it, so I had to come to this thread on my phone.

[TrekMD 1,339]

Funny.  I was able to get to the site without the warning using Chrome....that's until I hit the link to this thread!  LOL

[CrossBow 277]

I still only get the warning when I access the forums the first time. Once I click to go for it without a condom, it is fine from there on including this thread. I haven't tried to access the main site in sometime so maybe I should give that a try and see if anything is different on my end?

 

[kamakazi20012 2,973]

I've been brave using Edge as my browser to visit this site.  I did get a tab open up about malware on MY computer that would not go away no matter what I did...so I pulled the plug on my computer.  That solved that issue.  That happened a couple of days ago.  

On 12/23/2019 at 10:31 AM, Justin said:

On the upside, we're now officially "THE MOST DANGEROUS ATARI SITE ON THE INTERNET" 

In more ways than one 😄

[kamakazi20012 2,973]

On 12/23/2019 at 10:28 AM, Justin said:

The Malware is definitely contained within the main section of the website which houses the Blog and is built on Wordpress. When I built that part of the site in 2014 I thought Wordpress was a pretty versatile and reliable way of going about this.

WordPress is not safe at all from hackers.  It's popular because people use it to make their blog sites and it's free to use.  There's even a downloadable version of WordPress one can use on a local PC.  Even the local ones can get hacked sometimes.  I know...I tried...and what I had got attacked on a personal server within a few days of setting it all up.  I was forced to start everything fresh on that server again.  I never reinstalled WordPress.

On 12/23/2019 at 10:28 AM, Justin said:

I would like to avoid having to rebuild that portion of the site entirely. I love the clean design. It may need to be rebuilt on a platform other than Wordpress though.

To completely avoid those attacks you might have to consider moving away from WordPress entirely.  I like the design as well but that CSS can be copied and reused in a custom-made webpage.  The main portion of the site is only a few pages long and you would be able to incorporate that database you always wanted.  That's only a couple of pages more.  So, your looking at about five pages in total because some can be reused over and over for other areas.  I would recommend rebuilding it without using WordPress.  HTML5 and CSS3 can do a LOT of cool things these days.  More than when I was in college having to learn them.  

What I can't do is build a blog like what you are using in a reasonable about of time.  For a single person that can take months to complete.  I don't mind doing any of it but I'm only one person and doing just the main portion of the site can take a couple of months of designing, building, and testing before the finished product.  Just say the word and I'm on it!  All I would need from you is a copy of the style you used for its code.  It would have to be slightly modified to work with HTML code instead of looking for WordPress stuff.

When/if you are ready I can make some mock-ups for you and others to view.  It would be nice to put my college studies to good use.  I've not been able to use them since I graduated in '13.  You'd be amazed how many have turned me down when I tell them where I went to college at.  That college is now shut down the last I heard...or the online portion is anyway.

The main page can be redone to almost how you have it now using jquery.  Everything I would use is free, no buying necessary.  if your Atari.io host name is associated with WordPress at all you would need to find another host.  There are some free ones out there but there are also ways to use a home computer as a server for the site as well, most features being free, and NO-IP can set you up to allow incoming traffic to a single, dedicated computer, for about $35 a year.  At least that's what I paid in 2013.  I never renewed it.

There are options out there.  I'm one of them.

[nosweargamer 6,541]

Bummer, I am now getting the warning again on my desktop using chrome for the forums in general 

Edited January 2 by nosweargamer

[RickR 11,352]

I'm also still getting the warning.  What's worse is that it sometimes takes several clicks on "show details" and then "continue anyways" to get it to finally load.

I'm sad to say this seems to be killing the site (which is extremely sad).  Not a lot of activity, no new members.  What can I do to help?  It may be time to bypass the wordpress site and have the the main url redirect to the forums. 

 

[TrekMD 1,339]

And the problem is only with Chrome.  I use Firefox most of the time (except when I'm my Chromebook) and I don't get any warning with Firefox.  There has to be a way to deal with the issue.