Antiwar.com Defeats Hack Attack

Loyal Readers:

Wednesday was a hectic day. A major hack attack hit much of Antiwar.com, causing Google and other services to identify us as a “malware threat.”

Thanks to our administrator Michael Ewens and the awesome folks at Sucuri Services, the site is totally cleaned of malware and has been certified safe. Google and others have removed the warnings.

We have strengthened our defenses and are stronger for it.

You may safely visit any part of Antiwar.com. Thank you for bearing with us.

25 thoughts on “Antiwar.com Defeats Hack Attack”

  1. I take this as a sign that Antiwar.com is doing a good job of providing news and information the powers-that-are-collapsing would prefer we don't see, so my donation is on its way.

    Hope the recovery goes smoothly.

    1. seems like it could just as well be some random problem, until they know what the offending program is then i would not jump to conclusion.

      1. Yes, details on the nature of the hack would be a help to antiwar's readers even if it had nothing to do with antiwar's mission statement.

  2. If you use Firefox, which checks what Google has to say about that web page, you get:

    What happened when Google visited this site?

    Of the 98 pages we tested on the site over the past 90 days, 3 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2014-05-13, and the last time suspicious content was found on this site was on 2014-05-13.

    Malicious software is hosted on 1 domain(s), including reversinge.ru/.

    1 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including 92.63.100.0/.

    This site was hosted on 1 network(s) including AS33070 (RMH-14).

    Seems to be standard operating procedure for russia-based malware propellers, probably using some unpatched vulnerability. Possibly even a fully automated pushbutton attack. Not the NSA (you wouldn't likely see those in the first place).

    1. Of course the NSA wouldn't have the technical know-how to use a Russian malware site as a proxy, or to spoof its IP address . . . wrong.

      1. It's not to one's credit to see every little problem as confirmation that "they are after you".

        Quite the contrary.

        Really, anyone in this business has lived at least one attack (if unlucky, a fully successful attack) and might have survived to tell the tale.

        > Of course the NSA wouldn't have the technical know-how to use a Russian malware site as a proxy,

        You don't need "technical know how", you just need a credit card picked up on a carder forum.

  3. Servers and sites get hacked all the time all over the world for no specific reason than obtaining another relay for malware and expansion of the hacker network of controllable machines. If this attack was actually targeted in any political sense remains something to be questioned. It would seem to me that if an organization with the power of the NSA would want to make it impossible to visit the site, you won't be on it right now. Possibly the donation period is a factor but then again, some people might donate more now. Perhaps a good idea to spread the donation details on other media this time around, more than usual, in case the attack prolongs?

  4. Like I posted above, yesterday, this could have been a spider consuming .htm and pdf files. I've often used teleport pro to backup news.antiwar reports. I highly doubt NSA would have anything to do with an 'attack' on a common, well known news website.

    1. Yea we keep doubting and some attacks are indeed common on websites, and yet more and more info keeps coming out that the security state IS indeed that petty. It uses tanks to swat at flys. It doesn't seem rational because it's not. It's malevolent and also petty.

      Who indeed is behind it, I have no clue. But the speculation doesn't seem near as far fetched to me. And if antiwar uses it to drum up pledge drives well that's marketing :)

      1. Jrs, perhaps you're correct. It could have been an attempted attack by an agency. However, I would think if the NSA targeted this website, they would have been able to shut the whole thing down, pronto – as they do have the skill, human resources and "cyber-weapons" to do so, no doubt about that. If it was an attempted attack by the NSA, they did a really sloppy, shitty job as even amatuer hackers could have ddos'd Antiwar without any real trace to persue an investigation. It might be spyware installed remotely by some random hacker trying to intercept personal information from computer systems used to access Antiwar. Best for readers to bleach their cookies and other web cache and use the NoScript XPI when you visit this site.

  5. Can you put the site behind a WAF like CloudFlare or Incapsula? At minimum use CloudFlare's free service. Right now the nameservers are set to RackSpace so I assume you are not using a WAF unless you are using their version of Imperva or mod_security. Either way please do use one.

  6. Antiwar did not defeat Obama Mafia by deleting my comments!!! Shame on you and Obama

  7. Please report on the exact nature of he malware? I want do do an extra check on my computer.

  8. Use of assistive expertise should improve the standard of life of individuals with disabilities and allow them to dwell with confidence. Technology is changing at a fast pace and new units are developed virtually everyday with the help of this know-how. http://www.pluginstalk.com/

Comments are closed.