A False Malware Warning. <sigh>
I woke up this morning to a bunch of emails from readers letting me know that Google Chrome was throwing up a huge malware warning to folks visiting my site. After having had a bad experience a number of years ago, I keep very close tabs on my site's security and felt very confident I hadn't been hacked, but I had just added one banner from a new ad network to my site over the weekend and so that was the immediate culprit I suspected.
Sure enough, I found this email in my Inbox just a few emails later from the new ad network (as you can see there's a little personal note to me on top):
Sending this over as your site was effected via the ads.
Towards Alex we literally turned on ads yesterday so no hard feelings if you want to turn them off. This isn't what I meant when I said errors might occur. Otherwise i'll just pay you out of pocket what you normally make until the warning clears.
Heya folks, fun morning so far. Woke up to the entire server being compromised, though that part took a few minutes to fix the sites are going to be showing malware warnings for a bit.
I am currently going over the user logs and getting more details on it but we were directly attacked with the only purpose of making all user sites throw up malware warnings. All the sites are clear and google tools can no longer detect malware, though the codes put in place were to make google think the site itself was the malware. We tried removing the ad units 100% but it's still generating on the sites so it has to be waited out.
I do apologize for this, openX isn't the greatest ad system in the world and we took notable cost in patching it up. Though a recent update broke that and I was never notified of it until saturday when we had a light bot attack. The difference between the 2 is one is automated and stupid and the one we experienced today was done by a person knowing what they were doing.
If we can get a proper IP and time log I'm going to call the police, this is a act of sabotage against a commercial business.
For the period the warnings are up i'll cover any loss in revenue myself, and for Questionable Content I'll do the same even though it was just a ad node we put on ya.
The server has been repaired and we have disabled the automatic update so our fixes won't get broken again. We were in the middle of switching to a new platform in the coming months though I will switch over faster after this as it's much more secure. If you have any questions or concerns feel free to email me them. Though I am 100% confident that this is not an actual malware attack or a virus but something more evil. So the users shouldn't be effected past the actual malware warnings themselves.
Ceo Hivework Comics
So, that's the information I got. As you can see, it's apparently an act of corporate sabotage against the Hiveworks Ad Network with no real malware injected. And sure enough, if you go to the Questionable Content webcomic, you get the same warning in Chrome. So, it doesn't seem like any of my readers were at risk, but there is a big, scary-looking warning if you visit my webcomics site using Chrome.
Even though Hiveworks said they fixed the problem, I have removed their ad from my site. And I've put in a request with Google Webmaster Tools to re-review my site so they can see that there is no malware there and thus remove the big, scary warning. But those familiar with Google's response time with such things have let me know it could take days for them to get around to re-reviewing my site and removing the warning. (They tend to shoot first and ask questions days later.) Hopefully, not. But might very well be the case.
Obviously, this being the last week of the campaign when things can really start to get cooking for a Kickstarter, this couldn't have happened at a worse time.
Here are the bottom-line bullet points:
- There is no malware on my sites. There never was.
- There is a scary warning in Chrome that says there is malware. It is wrong.
- It's not just me. A huge number of webcomics sites are now showing these false warnings, including hugely popular ones like Questionable Content.
- It will likely take Google a number of days to remove that warning.
So, that's the situation. Even with Chrome, you can still get to my site by clicking on the "Advanced" button instead of "Go Back". But of course, I'll understand if folks who don't know me don't want to do that. I'll just cross my fingers that this gets taken care of faster than usual by Google and they remove that warning soon.
I'll let you know if there are any more updates. Thanks, everyone.