Web Tools for WoW Nerds
I’ve gone ahead and taken down the forums completely to eliminate all possibility of malware.
For feedback, please head to the Raidbots Blog and leave a comment on a news post or the bugs page.
Details about Forum Malware. For nerds!
I tried every reasonable option: installed a clean and up-to-date version of the forum software, ran rkhunter and clamav, used several other online malware detection tools, removed third party middleware, compared source code to clean versions, ran full filesystem scans for the malicious sites in both normal text and base64 encoded versions, and more. Nothing showed up anywhere.
I was never able to see what Google was reporting as malware even with the Google Webmaster “Fetch as Google” tools – many forms of web malware only display themselves to the Googlebot in an attempt to artificially raise otherwise unsavory websites. I was completely unable to reproduce conditions where I could even see the malicious links that Google reported.
I still have no idea how my site was compromised. It’s possible that my site was flagged as some sort of false positive but Google continued to flag the forums site every time I marked the site as clean.
I’m still very curious about what was actually going on so I can avoid situations like this in the future. If anyone has an ideas, I’d love to hear it.