- Public testing of new website release31 May 2009
- The new website release is now in public testing phase! Please read the forum post carefully if you are interested in testing. You can post suggestions and bug reports in that same topic. Thank you!
I will use the test period to document the changes and will write again before the site goes live, to cover these changes in detail. I have a lot more to talk about, what this "refactored" version was all about, how will future releases work, etc which I will do over the course of the test period. Stay tuned!
- Drive-By Download and Adobe Software Exploits21 May 2009
- I am now almost certain that the website was victim of a malware/trojan exploit (cf. recent news) because I had an old version of Adobe Reader installed, and not because of lack of Windows Updates or carelessness with downloads and such.
The irony is, I'm not even using Adobe Reader, I'm using FoxitReader ever since versions 8 and 9 of Adobe Reader became so slow and bloated. But having not heard before of all the vulnerability problems with Adobe software, I still had the old version 7 lying around.
Read on for useful links and tips for Windows users...
Having an up-to-date anti-virus can protect you, but won't solve the root of the problem. Windows users who haven't updated their Adobe plugins (Reader/Flash) since May 13, do it ASAP!
PS: last time I checked Adobe Reader 9 was still incapable of remembering the last visited page of recently opened PDF documents (think of a "bookmark"). When you download a lot of documentation in PDF format, it's very handy to go to the File menu, and pick one of your recently opened documents, and continue reading from where you last were. That feature alone is worth downloading FoxitReader (it is also a standard feature on MacOS's PDF viewer).
- For Greasemonkey scripts users17 May 2009
- The website recovery yesterday has affected a couple scripts from our extremely prolific author woelpad! (apologies, as I had to restore the site from a copy that had small differences in the code).
Please check the Woelpad's scripts topic for the updated scripts (as of writing woelpad has updated "Alter Sequence", and "Substitute Keywords"). Also see RevTK Lite.
- About the long downtime Fri & Sat16 May 2009
- On Thursday May 14, approx 5pm US time, the website fell victim to a very recent malware exploit dubbed "Grumblar.cn" (also identified as "Js:Redirector" by the aVast antivirus software).
Reviewing the Kanji was in good company with much bigger sites like Variety.com and Tennis.com among the victims... though that is little consolation.
So how did it happen ?
Read on for the gory story, and some instructions for Windows users who would have visited the site yesterday, and who may have been exposed to the malware.
First let me clear up a couple things:
- I'm using a fairly secure FTP password made of a lot of uppercas/lowercase letters mixed with random special characters, not something easily guessed.
- My computer is "clean", and I rarely ever use P2P programs or download "cracks" these days.
As I was doing an update yesterday by FTP, the trojan detected my password and sent it to the hacker's site. Just an hour later, their script logged in with my credentials and injected their code into 500+ files in a matter of SECONDS!
My best guess is that this trojan found its way into my computer because I had Windows Updates on "manual", and didn't use resident virus protection (I usually scan files, but don't run the cpu-hogging local protection). Since this exploit is very recent, many infected websites are not yet blacklisted, and Google Chrome wouldn't show the security warning. On top of that, I found out that both aVast and Malware Bytes could not detect the trojan unless the virus database was just a COUPLE days old!
Which brings me to this important observation: if you use an anti-virus leave the automatic updates on, otherwise they are simply useless. Next, if you're a sucker for optimization like me, then I would recommend with aVast to keep at minimum the "Web Shield" and "Network Shield".
These are the steps I took to clean up the site and make sure it doesn't happen again:
- First I removed the trojan with the help of this article.
- After removing the Trojan I was able to update the virus database of aVast Home Edition and Malware Bytes. I ran a complete scan and nothing else was found. Again I want to point out the fact that a complete scan with a virus database dated 10 May did not detect anything!
- After verifying that the trojan was gone (it blocked regedit and cmd.exe among other things), I updated the FTP password.
- Switched Windows Updates to automatic instead of manual.
- Enabled some resident protection in aVast: "Network shield" and "Web shield". aVast displays a warning if you access a page with this malware.
FOR WINDOWS USERS:
The easiest way to check that your computer is clean is to go to the Start menu, choose "Run..." then type in "cmd" or "regedit" and press Enter. If you don't see the command shell window, or the regedit window, and the desktop seems to redraw itself, then you may have the trojan. Hopefully nobody will have been infected between the time the site was hit and when I was able to take it down. If you think you caught the trojan on a Windows OS, please post in this topic and I'll do my best to help.
I'm really sorry and sincerely hope nobody's computer was infected through this site. I've taken steps that I believe will make this very unlikely to happen in the future.
With that said, there's only so much you can do when you use Windows! This experience was a good reminder that not using IE is in fact NOT a guarantee for virus/malware protection.
Many thanks to member Burritolingus who first reported the problem.
- Scalable Vector Goodness4 May 2009
- Development of the website is ongoing, and the refactoring of the existing website pages/features is almost complete.
As a result of this I have just added an option to switch the bar chart view between "simple" and "full" mode wherein "full" view you can see the 8 card boxes of this site's Leitner-based reviewing system.
I am now aiming to publish the refactored site around 22 May.
To be able to meet this deadline I decided to move the Study area features for the very next release, and instead I am working on adding options to be able to manage flashcards freely, by adding any single card or range or cards, specified by RTK/"Heisig" frame number, OR by kanji. I am DETERMINED to make the review part of the site better!!
So the following Study area changes should be implemented in the very NEXT release after the upcoming May release (in other words, it would be the first update of the refactored site):
- Tagging your stories as "explicit" so that users can choose whether they want adult/visually explicit stories or not.
- Tagging the language of your stories, and allowing users to switch between languages in the shared stories area.
- A "Helpfulness"rating similar to that on Amazon. Basically the main difference is that you can vote DOWN something without necessarily "reporting" it. At the same time I am considering a few preset reporting options to let users flag stories that are not properly tagged.
Those Story area changes are not set in stone yet and comments and suggestions are welcome (please use this topic) !
News for May 2009
News by Month
- Oct 2013 (1)
- Sep 2013 (1)
- Jun 2013 (4)
- May 2013 (1)
- Mar 2013 (1)
- Jan 2013 (2)
- Oct 2012 (2)
- Aug 2012 (1)
- Jul 2012 (2)
- Jun 2012 (2)
- May 2012 (1)
- Mar 2012 (2)
- May 2011 (1)
- Apr 2011 (4)
- Mar 2011 (3)
- Feb 2011 (2)
- Jan 2011 (2)
- Dec 2010 (8)
- Nov 2010 (8)
- Oct 2010 (3)
- Sep 2010 (3)
- Aug 2010 (1)
- Jul 2010 (2)
- Jun 2010 (5)
- May 2010 (1)
- Apr 2010 (3)
- Mar 2010 (4)
- Feb 2010 (2)
- Jan 2010 (1)
- Dec 2009 (5)
- Nov 2009 (5)
- Oct 2009 (1)
- Aug 2009 (1)
- May 2009 (5)
- Apr 2009 (2)
- Mar 2009 (1)
- Feb 2009 (2)
- Jan 2009 (2)
- Nov 2008 (1)
- Oct 2008 (1)
- Sep 2008 (1)
- May 2008 (2)
- Apr 2008 (1)
- Feb 2008 (6)
- Jan 2008 (5)
- Dec 2007 (6)
- Oct 2007 (1)
- Sep 2007 (2)
- Aug 2007 (3)
- Jun 2007 (1)
- May 2007 (5)
- Apr 2007 (1)
- Mar 2007 (2)
- Feb 2007 (1)
- Jan 2007 (4)
- Dec 2006 (3)
- Aug 2006 (1)
- Jun 2006 (3)
- Apr 2006 (6)
- Mar 2006 (8)
- Feb 2006 (1)
- Jan 2006 (4)
- Nov 2005 (1)
- Oct 2005 (4)
- Sep 2005 (1)
- Aug 2005 (11)