Raidbots Blog

Web Tools for WoW Nerds

Forums Decomissioned

I’ve gone ahead and taken down the forums completely to eliminate all possibility of malware.

For feedback, please head to the Raidbots Blog and leave a comment on a news post or the bugs page.

Details about Forum Malware.  For nerds!

I tried every reasonable option: installed a clean and up-to-date version of the forum software, ran rkhunter and clamav, used several other online malware detection tools, removed third party middleware, compared source code to clean versions, ran full filesystem scans for the malicious sites in both normal text and base64 encoded versions, and more.  Nothing showed up anywhere.

I was never able to see what Google was reporting as malware even with the Google Webmaster “Fetch as Google” tools – many forms of web malware only display themselves to the Googlebot in an attempt to artificially raise otherwise unsavory websites.  I was completely unable to reproduce conditions where I could even see the malicious links that Google reported.

Pretty annoying.

I still have no idea how my site was compromised.  It’s possible that my site was flagged as some sort of false positive but Google continued to flag the forums site every time I marked the site as clean.

I’m still very curious about what was actually going on so I can avoid situations like this in the future.  If anyone has an ideas, I’d love to hear it.


6 responses to “Forums Decomissioned

  1. Audax November 10, 2012 at 5:44 pm

    Sometimes bad ads can make Google think your website is harmful. I know it happened quite a few times to MMoChampion and Wowhead, and it’s pretty hard to counter.

    • seriallos November 10, 2012 at 5:52 pm

      Yeah, that was one of my first thoughts but it wasn’t the case with the forums – there weren’t any ads on that subdomain. I only have the ads on itself, they weren’t on

  2. thevolget November 25, 2012 at 2:41 pm

    I’ve had this happen on a few times to a couple of sites i’ve set up. Nothing was found on the sites to be malicious, but instead it ended up being someone flagging the sites as having malicious content at google’s end. Ended up having to shut the sites down after losing out money on them due to clients not trusting the content and security (thanks to google’s system).

  3. Kayflex February 8, 2013 at 1:30 pm

    This site is one of the most bad ass things I have ever seen, and is extremely helpful as a Raid Leader. Thanks man!

  4. cerberus February 13, 2013 at 9:49 pm

    set up some test forums to keep working it out, use hosting (free up to 15 GB of data a month)

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s