ddili.org is down due to malware infestation

Aug 09, 2020

Ali Çehreli

Aug 09, 2020

Aug 09, 2020

Aug 09, 2020

Aug 10, 2020

Aug 10, 2020

Aug 10, 2020

Aug 10, 2020

Aug 10, 2020

Aug 10, 2020

Aug 10, 2020

Aug 10, 2020

I've just learned that HostGator has suspended ddili.org because the forum software I use has been compromised. ddili.org hosts the book "Programming in D" and there are many links to it from dlang.org. HostGator sent me the following document about the cleanup which I haven't read yet: https://www.hostgator.com/help/article/how-can-i-prevent-compromise Sorry for the down time and if you think you know how to save ddili.org please say so here. Thank you, Ali

Ali Çehreli wrote: > Sorry for the down time and if you think you know how to save ddili.org please say so here. change the hoster to the sane one, who won't lock down user sites to promote affiliated "special offers", i guess.

On Sunday, 9 August 2020 at 16:25:38 UTC, Ali Çehreli wrote: > I've just learned that HostGator has suspended ddili.org because the forum software I use has been compromised. > > ddili.org hosts the book "Programming in D" and there are many links to it from dlang.org. > > HostGator sent me the following document about the cleanup which I haven't read yet: > > https://www.hostgator.com/help/article/how-can-i-prevent-compromise > > Sorry for the down time and if you think you know how to save ddili.org please say so here. > > Thank you, > Ali If you don't have good backups to fall back to, you could try backing up your database and site, then re-install the same version of the site and any plugins on a clean web root and database. Then restore the database over the top of that and copy any uploads over as well, making sure that they're safe first. Check the users table for any new admin accounts and delete them and reset the administrator password to a strong password. Then once you're sure it's okay, upgrade to the latest version.

On 8/9/20 6:51 PM, rikki cattermole wrote: > Looks like you have gotten lucky. Its archived. > > https://web.archive.org/web/20200118000235/http://ddili.org/ Thank you, all. Luckily, there is no issue with archiving and the content is generated by 'make' and stored on Github anyway. I am trying to convince HostGator that *I know* there is no malware. >:) OFF-TOPIC: Here are two interesting articles on HostGator and their partner in crime SiteLock: https://websitesforgood.com/beware-of-malware-scams-sitelock-hostgator-and-an-angry-web-girl/ https://www.hermesthemes.com/scam-alert-how-hostgator-attempted-to-extort-200-out-of-me-for-sitelock/ I name this "institutionalized ransom." Oh well... The world these days... Ali

On Monday, 10 August 2020 at 03:40:33 UTC, Ali Çehreli wrote: > I name this "institutionalized ransom." Oh well... The world these days... > Get your self a VPS. I've maintained one through Linode for years and their customer support has been phenomenal when I've needed it. There are other good options, like DigitalOcean.

On Mon, Aug 10, 2020 at 04:42:47AM +0000, Mike Parker via Digitalmars-d wrote: > On Monday, 10 August 2020 at 03:40:33 UTC, Ali Çehreli wrote: > > > I name this "institutionalized ransom." Oh well... The world these days... > > > > Get your self a VPS. I've maintained one through Linode for years and their customer support has been phenomenal when I've needed it. There are other good options, like DigitalOcean. +1, get yourself a VPS and configure it to do exactly what you want, nothing more, nothing less. I've been using JohnCompanies.com -- they give discounts for people who contribute to open source projects, and customer support is from experienced Unix admins (no lower-level 1st-tier responders, you get the pros from the get-go). Been pretty satisfied with them for my VPS needs. T -- May you live all the days of your life. -- Jonathan Swift

August 10, 2020

Re: ddili.org is down due to malware infestation

Posted by Vladimir Panteleev
in reply to Ali Çehreli

Permalink

Vladimir Panteleev

Posted in reply to Ali Çehreli

Permalink

On Monday, 10 August 2020 at 03:40:33 UTC, Ali Çehreli wrote:
> Luckily, there is no issue with archiving and the content is generated by 'make' and stored on Github anyway. I am trying to convince HostGator that *I know* there is no malware. >:)

Some computer worms search the web for outdated vulnerable software, such as forums, and spread by infecting the scripts. Then the machine can be used by cybercriminals for nefarious activities, such as sending out spam.

Some particularly insidious worms succeed well in hiding themselves, e.g. using "rootkits", so they may be difficult to detect.

If you would like to keep your current host, I suggest the following:

1. Make a complete backup of all your account data (files, database...)

2. Completely wipe all your account data

3. Rebuild everything from scratch:

- Rebuild from source and re-upload static content (such as the HTML render of your book)

- Reinstall any dynamic software such as the forum, using the current latest version

- Carefully restore applicable parts of the database (most worms hide in files, but there exist vulnerability classes, such as PHP code injection, which would allow them to hide in the database).

4. Present proof that you have done this to your host. This should be sufficient for them to restore the account.

It might help to know (and to disclose to your host) the nature of the malware itself. If you like, I could have a look (I've had to deal with such incursions before), please get in touch.

- Vladimir

On 8/10/20 4:31 AM, Vladimir Panteleev wrote: > 4. Present proof that you have done this to your host. This should be > sufficient for them to restore the account. In this case it turned out to be a false positive and ddili.org is up. But as you say, the forum software that I had picked years ago especially for its simplicity is a by vulnerability at this time. I ask here in case the answer is useful to others as well: Can DLang forum software be used as a proper forum (not backed by a newsgroup)? Ali

Forums