TGO David

I took out the safety valves a long time ago.

That's a philosophical question. The answer is yes, no... do you want to? The bottom line is that when they initially started reporting it, we were not compromised but one of our advertisers was. As the week wore on, we ended up in the same boat. So were they right? Sort of. For someone with no tech savvy, trusting it is erring on the side of safety. For someone with more experience than that, no.

ESET - Antivirus Software with Spyware and Malware Protection I'd recommend downloading a free copy of ESET NOD32 and using it to scan your computer. Or do a search on Google for Malwarebytes and use that. Both of these work remarkably well.

I think I know how our server caught the clap now.

Being that it was Java related, it probably was. Sorry about that.

Nah, didn't mean to come off like that. Just saying it sounds like you and I are on equal footing with our understanding of how this crap happens. I've got Openx locked down so tight it squeaks now... which is going to make it really difficult on me over time just doing admin tasks, but I simply don't trust it any other way at this point. I'm looking at some other alternatives now.

BTW, you'll find this humorous. I found it elsewhere on a blog where the guy was talking about similar issues... http://www.generationmediagroup.com/blog/openx-malware-fix-suspected-attack-site/ I know the guy's pain.

Look, I know you figure you're looking at something pretty awesome every time you brush your teeth and stare into the mirror... but some of us actually do this stuff for a living.

I never pegged you for a Zima drinker before now.

In the ballpark but it's not exactly how this happened. This isn't exactly my first rodeo either, it just the first time lately that the bull got me instead of the other way around. It's SOP for me to use lockdown docs like that anytime I install an app. We weren't quite 0-Day with this one, but it happened within the first six days of the exploit going wild.

No, you were wrong. Sorry.

That attack warning is irrelevant. What I need is someone with an antivirus package that was alerting. Please read what I wrote before.

Negative. Our host was very quick to patch the hole you're talking about. Our problem was related to this: link

You might want to check it again. Those problems have been fixed... I think.

Believe me... I'd like to get a fix on it as well so I can stop sinking so much time into fighting Google, the Russians and whomever else is trying to screw with us.

@Daniel - Yeah, that's really not what I'm looking for right now. What you're seeing is simply old info that Google still has on record for the site. That hasn't changed yet. What I need is a report from someone with antivirus software that was triggering alerts on us earlier today (prior to 12:00 noon) to compare what they are getting now. Bottom line is this: I found that someone had in fact compromised the banner ad system that we are using here and was injecting links into the banners. I've scrubbed that out of there, closed the security hole and made some other adjustments. In fact, I may be ditching our banner ad software as a result of this as it seems it's a huge steaming pile of sh#t based off of what I'm seeing here. Their security is lacking sorely. I think I've got the problem fixed... but I really won't know until I hear from some folks who were getting errors earlier. Honestly, it really sucks and I'm about at the end of my rope with it.

It f-ing sucks when things go wrong with TGO and I'm not able to work on it. I've spent every lunch hour this week trying to fix this damn Google error, and that's getting kind of old too. But I'm just complaining.

How about now?

Well, sonofabitch...

Not good. I'll check into this. Sent from my iPhone using Tapatalk

I hope that you're enjoying Hank with the appropriate beverage. I had a small splash of Bruichladdich Rum Cask single malt scotch earlier and it helped immensely. Too bad I have to work tomorrow or it would have been followed by a larger splash.

It seems like for the past week the only thing I've seen of my pet monster here has been the boiler room. So...

Jesus, guys... TGO was never compromised nor did it have any malware on it. Google's engines simply found old versions of our local banner ad script that could have been used to compromise the server itself... not your computers. Closing this thread. Wayyyyy too much assumption and conjecture going on in here and I'm a little too pissed about the entire ordeal right now to not start yelling at people. This is why they keep me locked away at work. I hate explaining, I just fix things.

@Murgatroy - that's an asinine and completely idiotic statement. However since you must be more enlightened on technical matters concerning my server than I am, why don't you jump in and tell us how to fix it. I'm waiting. I mean, I really DO know what needed to be done, but why don't you fill me in. That or keep stupid remarks like that to yourself.

I've made some changes to our own banner ads (local vendors) and the way that they are served up to stop this nonsense from happening. For what it's worth, our ads are what they claimed were malicious code most recently. Pretty idiotic of them, but I'll play along since I have absolutely no recourse not to. In honor of this, I'm sporting a new avatar. Enjoy.