Jump to content
Sign in to follow this  
savannahjan

New Information regarding the site - everyone please read

Recommended Posts

This is a repost regarding security at Tek.

 

 

 

I've had a long discussion with SiteLock, an internet security company who partners with our server, Hostgator, to provide a base level of site protection. Basically all this covers is a minimal scan for malware and other malicious software.

 

It has been determined that there is malware on the site, of unknown origin, but could have come from various sources. The most obvious source is, unfortunately, us. Every time we attach an image to the site, it could have something attached or imbedded in it, most likely in images. If a member has adequate virus and malware protection on their personal computer, it is unlikely that the image would escape detection before it is uploaded by the user to Tek. However, that is the likely source. Another possible source are bots, which randomly troll the site. Whatever the origin, we've got something within the site that has caused our site to be flagged.

 

There are some things we can do to get rid of the problem and then protect it from happening again. This will not be free. For SiteLock to upgrade our account services to include deep scans with intrusion removal, the charge is an additional $15 per month, or $150 if paid for a full year.

 

Let me be clear with everyone; our site is NOT deceptive, we don't sell anything and we don't share any info or personal data

 

Currently, we only have enough donated funds to cover our next server payment, due in September. We will have a considerably larger payment due in early December for server plus domain name license plus IPB board software license.

 

I must tell you honestly that I cannot possibly afford to pay for these services myself. Tek depends on the generosity of our members, and we do have a few who give generously every year. It is so deeply appreciated. However, if we are going to keep the site going and also keep it safe, more of our members are going to have to pitch in with at least a small donation.

 

I HATE begging for money, it is embarassing and distressing and makes me really uncomfortable. Upgrading our security is no longer optional.

 

Our first step will be to upgrade the board software, which is now obsolete and no longer supported by Invision. The upgrade will take only a few hours and since we have kept our license current, it will not cost us anything. However, we will lose all of our add-ons, such as the global announcement, our members online today feature and all our custom skins. Hopefully, we can add some of these features back in if they are available for the newer version of the software. It is possible that the complete rewrite of the board will remove any malicious code that has been hijacked in. However, if it is hiding in some attachment, the malware will still be there.

 

Step two will be to petition Google, who is the instigator of all this, to remove the caution from Tek. They may or may not choose to take us off the 'deceptive' list.

 

If we do not proceed to Step three, which is to add additional security to the site, even if we fix the problem temporarily with a software upgrade, it can happen again.

 

Share this post


Link to post
Share on other sites

We have received a generous donation. Thank you sincerely for your support.

 

We are on our way to purchasing a new security package for out site.

Share this post


Link to post
Share on other sites

Wow...

 

I hope it works out Jan.

Thank you so much for keeping this site up and running for us.

 

((HUGS))

Share this post


Link to post
Share on other sites

 

Our first step will be to upgrade the board software, which is now obsolete and no longer supported by Invision. The upgrade will take only a few hours and since we have kept our license current, it will not cost us anything. However, we will lose all of our add-ons, such as the global announcement, our members online today feature and all our custom skins. Hopefully, we can add some of these features back in if they are available for the newer version of the software. It is possible that the complete rewrite of the board will remove any malicious code that has been hijacked in. However, if it is hiding in some attachment, the malware will still be there.

 

Just wondering: is the downloads section affected? If it is affected... that's always been the biggest pain to migrate I think. But if you're losing it anyway, I'd seriously look into migrating to phpBB, which also has lots of add-ons and is free. The license costs for the discussion board etc could be used to cover the SSL certificate if still needed.

May I ask, how many GB of data do you have (including the database and all files)? More or less is fine.

 

It would indeed be best to get the reason why you're on this list.

- https://support.google.com/webmasters/answer/6350487

- https://support.mozilla.org/en-US/kb/how-does-phishing-and-malware-protection-work?as=u&utm_source=inproduct#w_iaove-confirmed-that-my-site-is-safe-how-do-i-get-it-removed-from-the-lists

 

Also reported back to the organization behind it that this isn't a deceptive site.

Edited by jbl89

Share this post


Link to post
Share on other sites

Since we have a license for our Download ap, it should not be affected during the upgrade.

 

I spoke again with Hostgator today and was told that it is definitely some form of malware. I have discussed the upgrade with Invision, and they will get back to me with a scheduled date.

 

Today, I accessed the site using Google Chrome and did not get a warning. This is very curious, since the upgrade, no any security measures, have yet to be implemented.

 

I am asking all members to try to visit Tek using every browser you have and report here if and when you get a warning message.

Share this post


Link to post
Share on other sites

I am still getting the warning using Chrome's mobile browser. I will check all my browsers at work tomorrow and report again.

Share this post


Link to post
Share on other sites

Im on Firefox and I get a warning every time I come here, I send a report that this is not a phishing site every time too.

Share this post


Link to post
Share on other sites

I'm having the same problem with Firefox.

Share this post


Link to post
Share on other sites

I checked browsers at work...still a no go on Firefox and Chrome, still seems to be okay on IE

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×