Quote:Original post by alun
I lost about $600 worth of time as a result of this.

I'm curious, do you have a detailed breakdown of how this has cost you $600? I'm sure we could all use the laugh after all this trouble and if you're going to make the claim you should at least back it up.

I'm sure you believe that somehow this whole affair is tragic and has somehow ruined your life ($600 is a lot of money!) and that you are in some way crusading for the good of the users of the site, but in reality you sound nuts.

I just used the 4107 Antivirus Suite. No problem here.

Quote:Original post by alun
Is that because you've *still* not patched your machine, or is that because you've infected machines belonging to your users and you'd rather those users were not provided with information about the damage you have done?

Clearly you didn't think about it for long enough. What does the payload (the virus that infected users machines) have to do with the delivery mechanism?

Quote:Original post by alun
It takes about 3 hours. (I have a project that requires a high level of paranoia, so I do this every 2 weeks or whenever I suspect my machine has been exposed to malware)

Why not just buy yourself a second machine and not hook it up to the internet?

Quote:Original post by KissMyGrits
From what I can tell this script is collecting hits using GD.net's traffic. The script sends hits to http://www.51.la/?646210 which is probably some kind of ad company that is paying whoever forced this script up here for pageviews. It's actually pretty genius, this guy is ripping off the ad company for tons of pageviews with his rather unobtrusive iframe.

Uh, where are you seeing this, exactly? As far as I'm concerned we've removed the script in question.

Quote:Original post by alun
It takes about 3 hours. (I have a project that requires a high level of paranoia, so I do this every 2 weeks or whenever I suspect my machine has been exposed to malware)

@Alun:

Much as it pains me to say this: Your computer's security is nobody's concern but your own. It's your computer, not ours. We cannot guarantee that we will never, ever be hacked. Nobody can. Even banks get hacked on a depressingly regular basis. Security lapses aren't exactly rare in the commercial world, so why volunteer-run websites should be held to a higher standard escapes me.

The police do their best to keep crime levels down, but they cannot guarantee that your house will never be broken into. Do you expect them to close and lock your windows and doors for you? No. So why do you blame us for your inability to secure your own computer?

For someone who claims to get paid $100 / hour, I'm astonished that you are even using a computer connected to the internet for your paranoia-inducing day-job. At the very least, try surfing the web using a virtualised install of Windows. (Or Linux if space is a problem and you don't mind Firefox or Opera.) When I need to create a Windows build of my game, I run XP in a Parallels VM on my Mac.

This was a factor in deciding to leave the site up: not everyone uses IE. Not everyone who browses GDNet even uses Windows. And it's quite possible to lock-down Windows and prevent compromised websites from causing you difficulties. That's why they invented all those anti-virus and anti-spyware apps. And, of course, alternative browsers. (Incidentally, anyone viewing this post in IE6 really does deserve everything they get. It's getting on for six years old.)


*

@everyone:

Everything you see on this website will be swept away by a completely redesigned and rebuilt system courtesy of Superpig and co. Until this new software is ready, we're stuck with the codebase we have at the moment, which is far from fit for purpose. We know it sucks. That's why we're working to replace it.

The more time Superpig has to spend firefighting problems with the existing code, the longer it'll take for the new codebase to be built. It's not an easy balancing act, especially as everyone working behind the scenes has a day-job and other commitments which have to take priority. This site is run by _volunteers_, not employees.

Superpig is based in the UK, while the server is based in the US, so communications can lag if something goes wrong. There is no built-in support in the GDNet codebase for staff and mods: everything is done either through PMs, IRC, IM tools or forums. Unfortunately, real-time chat systems are fine if you're all awake at the same time, but that's not the case when the staff are spread all over the planet. Email is cool and all, but it's not time-sensitive, so emergencies can slip under the radar occasionally.

Cut us some slack, please. We're trying our best.