A Public Service Announcement

You may have noticed that this site was down on Friday evening. This is because we've been having reports that NTS was infected with the VBS/Psyme trojan. This exploits an Internet Explorer-only vunerability.

I've given the site a complete going-over, including a thorough virus scan, and I can see no infection at all. I'm therefore 99.9% confident that this is simply a case of false positives.

However, I'd like to track down exactly why this is happening. So if you get any virus warnings on NTS, then please email the full details (including which page you got the warning on, the name of your virus scanner, and any information it provides) to webmaster@noisetosignal.org.

Thanks!

About this entry

By John Hoare
Posted on Saturday, September 30 2006 @ 6:10 am
Categorised in Meta
Tagged with downtime
11 comments

Comments

There's definitely SOMETHING going on. I just opened the front page and the window immediately closed.

By performingmonkey
October 01, 2006 @ 5:05 am

reply / #

Right. I believe now the virus problem we had is sorted.

I'll do an announcement about why it happened soon; but if anyone has *any* warnings, please email me at jhoare@gmail.com so I can take the site offline again. But I'm pretty sure we're now OK.

By John Hoare
October 04, 2006 @ 9:56 pm

reply / #

Is the fact that ganymede.tv is currently showing a HTTP500 Internal Server error related to this?

By Somebody
October 04, 2006 @ 10:12 pm

reply / #

Partially. It's very complicated and boring. I'll do a post explaining it when its all sorted.

I'm currently waiting for G&T to propogate to the new servers - I can access the new servers through http (the 500 error), but I can't actually FTP in to correct the problem, as it doesn't look like ftp has propogated yet. Which I didn't think could even *happen*, but there you go.

By John Hoare
October 04, 2006 @ 10:15 pm

reply / #

I didn't know that could happen either :)

How come the hosting company haven't given you an IP address (ftp://000.000.000.000 where 0 = any decimal digit, non-consistant) or a ftp://hostingcompany.xyz address to access it before the ganymede.tv domain propogated?

By Somebody
October 04, 2006 @ 10:51 pm

reply / #

That would clearly be too easy. Although I might go and try and find it out, actually. Good idea.

Here's another hint as to my opinions of the hosting company: the virus wasn't anything to do with us. The files on the server were clean - which is why I couldn't see any problems. The malicious stuff was only included when the pages were *served* - in other words, the attackers had hacked the entire server, not my site. My own security was top-notch and not to blame.

This is poor.

By John Hoare
October 04, 2006 @ 10:57 pm

reply / #

...actually, forgive me. I take back what I said about the propogation - it *has* propogated via FTP. There was a problem with the .htaccess that made it *look* like what I was doing wasn't having any effect, but it turns out it was.

Everything else is correct, though.

By John Hoare
October 04, 2006 @ 11:03 pm

reply / #

Yay!

However MT seems to get stuck if you try to save an (already published?) article.

By Jeffrey Lee
October 05, 2006 @ 12:01 am

reply / #

Yay!

However MT seems to get stuck if you try to save an (already published?) article.

By Jeffrey Lee
October 05, 2006 @ 12:02 am

reply / #

Hmm. I think MT is still a bit shagged. My edited article has now appeared, and the two comments it told me it wouldn't post because I'd been a naughty spamz0r have appeared.