If you wondered why we were down, we suffered an attack by a bot. The last few days our host and us worked hard to remove the infection. We will spend some more time to update the code to latest versions as we go. Sorry for the inconvenience.

Webmaster note: We were hit by a virus called Gumblar. It was a more sophisticated virus than usual. It used the password stored in the scp client of one of our webmasters to gain access to our server. Once it had access, it added obfuscated and encoded javascript to all index.html, index.php, etc files, in order to spread the infection.

If you have visited the xentax main site or any of the xentax subdomains from the 25th of august to the 28th, it’s probably a good idea to run a virus scanner. If you’re a webmaster who stores ftp or scp passwords in a local client, check your site’s source code for suspicious scripts.

We are still cleaning up this shit, and are taking this opportunity to upgrade our forum and blog software as well. We will be busy with this at least until sunday, because as usual real life gets in the way: a friend of ours is getting married tomorrow.
Sorry for the downtime and the inconvenience it may have caused.

Final edit: The javascript exploits a weakness in adobe acrobat reader and flash, probably only in Windows. So if you run Linux or other Unix clones, you get to be smug and self satisfied that this particular virus doesn’t target you. If you run OSX you can remain clueless about this whole conversation.

This entry was posted on Saturday, August 28th, 2010 at 12:38 am and is filed under General. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.