I’ve been getting intermittent reports of malware during the day but I wasn’t able to verify it until this evening. I’m working on scanning and fixing the site.
I turned off the ads just in case but that doesn’t look like the issue.
Thanks to everyone who reported it.
A Ghost To Most
So is this the payback for removing Newsmax?
lojasmo
Scan the server for Ted & Helen and delete it.
Sister Rail Gun of Warm Humanitarianism
Some advice from someone who has been through this. If you have a full backup of the html part of the site, take the site offline, delete the whole mess, and upload a fresh copy. It will save you ever so much time.
Yatsuno
Checking on my work computer, which is hyper sensitive to anything remotely malicious. Nothing so far but site looks totally ungestuppt.
NickT
@lojasmo:
It’s never a bad day to terminate T & H with extreme prejudice.
CarolDuhart2
you probably also need some cleaning of the database as well. There’s about 12 years of posts as well. Even though you have closed comments there may have been a backdoor that allowed someone to introduce a virus.
Dee Loralei
firefox will not let me read comments. Im on a different browser now. But damn.
CarolDuhart2
Check your file manager for unusual files as well.
Sometimes malware gets in through long-unclosed openings or files.
BillinGlendaleCA
Blew away the cache on Chrome, shut it down and restarted. Looks like the CSS went away and if I click on the comments get the malware warning.
BillinGlendaleCA
@Yatsuno: Yahtzee, are you using IE at work? IE doesn’t seem to have a problem.
ETA: Comment editing seems to work on IE as well.
justdale
Didn’t get a hit from antiviri (but browsing in a VM just in case).
Chrome wasn’t too happy, here’s the link to the diagnostic page in case it helps.
dance around in your bones
Just accessed the site on IE and it looks fine, but I very much dislike IE. Firefox 22.0 is all messed up, the main page and comments look decidedly weird.
Call the whaaaaaaaaambulance! Hope it gets fixed soon :)
BillinGlendaleCA
@dance around in your bones: I’m the opposite; I like IE, but use Chrome since it has TrollBGone. That way I don’t have to read the comments or responses to certain commenters, thought Chrome F’s up Martin’s nym.
Update: Now the main page is getting the malware warning.
Yatsuno
@BillinGlendaleCA: The work browser is IE. But it looks bare-bones.
dance around in your bones
You know about cleek’s pie filter, right? It works in various browsers.
I know that choice of browser is a very personal thing (and often work-related) but I just love how you can customize Firefox with add-ons. Of course, today it’s going all sideways, but what the heck. Shit happens.
BillinGlendaleCA
@dance around in your bones: I’m using IE10&11(Windows 8 & Windows 8.1), I’ve not been able to get Greasemonkey to work with IE. So I can’t use Cleek’s pie filter, since it needs Greasemonkey.
Higgs Boson's Mate
Considering that many browsers will give you a positive if any of your content contains a link to a site that may host malware, good luck. A link that may have been perfectly innocuous at the time may now be toxic.
Sister Rail Gun of Warm Humanitarianism
I’m not seeing anything in the HTML that raises red flags, so I’m almost certain it was in an ad.
We were bitten by a security hole in a Drupal module that allowed an attacker to put a file somewhere on the server that injected an encrypted javascript into index.php. I spent far too much time looking for the virus before just nuking the site and restoring from a backup.
Eventually, everyone will get the warning. This isn’t something that your anti-virus is detecting. This is your browser checking in with Google and finding balloon-juice.com on the bad domains list. It’s possible to disable that check in the desktop versions of Firefox.
Sister Rail Gun of Warm Humanitarianism
Can’t edit again, dammit.
IIRC, the Google Webmaster tools will tell you which pages set off the malware detectors. It at least makes it easier to track down if it’s a link to a compromised site.
piratedan
wonder if this is related to MoveOn being targeted by some unknown hacking entity as well….tbh, I wouldn’t put much of anything past our cordial opponents on the Right these days.
Cassidy
Chrome won’t let me in. IE at work with a very tight network was no problem.
MikeInSewickely
Yup, got the nasty gram from Firefox.
I cleared the web cache, closed Firefox, reopened, and tried to get in and am getting the same message.
dance around in your bones
Suddenly, everything is working! Thanks, whoever/whatever was responsible for that :)
Sigh….all is well, safely rest, Dog is nigh.
PurpleGirl
I passed by a few times this afternoon and had no problems. Came back to read John’s post about the shelter trip and new possible cats. Saw the crazy site layout and then got a malware alert from Firefox/Avast(?)/whoever. Went to a couple of other sites and when I came back, the site looked right and there was no alert.
Thanks for fixing it.
amk
Thanks for cleaning up, mm. I got a FF 48 point ‘alert’ about an hour ago. Quit the page and now it seems ok.
J.Ty
So… what was the problem? I’m launching a new WP site soon…
spudvol
Just now got the warning that this is an attack site. Been here off and on all day, no problems until now.
Edit- Warning leads to this-
https://www.stopbadware.org/firefox?hl=en-US&url=http%253A%252F%252Fmbd.scout.com%252Fmb.aspx%253Fs%253D7%2526f%253D1372
Highway Rob
Saw the warning for the first time about ten minutes ago. I got to the site fine, but received the warning when I tried to post a comment. The warning has continued ever since.
tybee
@lojasmo:
LOL
RobertDSC-PowerMac G5 Dual
The malware warning shows up in Safari 4.1.3, does not show up in TenFourFox 17.0.7, and does not show up in Camino 2.1. Mac OS 10.4.11.
MoeLarryAndJesus
I just got a malware warning about the site 5 minutes ago.
Yatsuno
@Cassidy: Okay, now this is getting REALLY weird. I was able to get onto BJ earlier, then I tried about half an hour ago and work blocked it. Just tried again and it works. That is one bizarre gremlin out there.
amk
mm, I ran super spy anti-ware just now. It identified 5 adwares – 4 of them from petadoptiontracker.org and 1 from petfinder.com. FYI.
amk
@lojasmo: +1.
jak
Got an error warning and blocked by firefox a few minutes ago. Switched to safari. No messages. No blocking.
RobertDSC-PowerMac G5 Dual
TenFourFox gave me the message when I tried to read this thread. I could get on the main page OK, but clicking to the thread tripped the warning.
I can read and view, (and hopefully) post in Camino 2.1. Strange.
RobertDSC-PowerMac G5 Dual
All 3 of the browsers I mentioned now give a warning page. I got the warning when I posted post #36.
I’m writing in Opera 10.63. If this goes down, I still have my phone. Bleh.
trollhattan
Also, tooing from prior thread….
At, well, now o’clock FF and Chrome no likie BJ site and interrupt with “attack page” warnings, while IE “Sees nothing, NOTHING!”
Win7 FWIW
Ron
Chrome on Win8 is still blocking. I have to tell them “I am not afraid!” to get in.
Parrotlover77
Not sure if this is related, but images in posts are getting a broken link for me. Android browser, mobile version of site.