Sometime Friday 21 September, the adserver here at the Bitchery was hacked and malware code was appended to the ads and the spaces that house them, causing a heaping pile of trouble, which most of you saw as a malware/danger warning from your browser.
Thank you to everyone who emailed or tweeted or messaged me to alert me that something was wrong. I really appreciate that you did.
After a lot of hunting, scanning, dumping of databases and cursing, the Captain at Hosting Matters, the fine folks at Securi, and I cleaned out the malicious code, and as of this morning, Google reported no malware present on the site and we're clean and fresh!
It's terribly embarrassing and I was so upset about it, not only that the security of the server was compromised (and way too easily – that chaperone was not worth the effort) but that malware was running amok and possibly using my site to hurt other people.
First: I am so sorry that this happened. I'm taking steps to make sure it doesn't happen again, but I am so sorry that the site was down and that our security was compromised. It's like we've been revirginized again – and I've got, like, eight new chastity belts protecting the site's back end. I can understand why SBTB was targeted from a readership perspective, but honestly, I wish hackers would do something more interesting with their time. What a mess.
Second, if you haven't scanned your computer for malware or trojans in awhile, here are some tools to help you do that.
Here are some step by step instructions to remove malware in Windows safe mode, and here are some options for malware and spyware removal tools:
- Ad aware
- Malwarebytes Anti-Malware * The free version has to be run manually by the user. The paid version runs automatically and continuously once installed.
- Spybot – Search & Destroy
- SuperAntiSpyware Free
Alas, there are not as many to scan for malware and viruses. That could be either a blessing or a curse.
- MacScan has a free 30-day trial and a paid version which costs $39.99.
- ClamXav2 (who named that? Holy smokes) is a free virus scanner for OSX.
If you're running a website, back it up regularly. Depending on what CMS you're using, there are options for WordPress, Drupal, or ExpressionEngine, and they're relatively easy to set up and start using. Backups are your friends.
Plus, there's a kickass service called Securi that scans your site (or sites) and helps get rid of malware, defend against attacks, and if there is one, helps you clean it up. A one-year subscription for one site is $90, and since I've signed up with them I've been monster impressed with their services. So if you're considering increased protection for your site, have a look at their services. Thank you to Kirk Biglione for giving me the heads up about this service.
I'm so sorry this happened, and I'm working to make sure it doesn't happen again. I missed you guys like whoa, and I'm so happy the site has been given vouchers again and is ready to dance. Gangnam style!