Top Menu

An annoying malware altert

1 Star2 Stars3 Stars4 Stars5 Stars (6 votes, average: 4.00 out of 5)
Loading...

Hello everyone,

I’ve had occasional reports of Avast warning the visitors of Hentairules that my blog was trying to load an URL containing malware.

I sincerely apologize about the inconvenience -_-
There’s something managing to exploit one of my blog’s legitimate plugins (the polls plugin) in order to have it perform annoying shit (cf this, for details).

The fact this is a very web-widespread attack doesn’t make it easier for me, I SO would like to have it fixed at last – however, I have yet to find WHAT is able to hijack one of my blog’s files. I’ve replaced my theme (you didn’t notice it, I spent a lot of time restoring my customizations on a virgin copy), changed all my passwords, made sure there were no SSH or FTP unwanted access, removed all blog files not uploaded by me and restored a copy (ten minutes of downtime only, I’m getting better at it ^^)… Only to witness that problem popping up again. The last remnant would by my website logs, however, I don’t know what to search exactly, and the damn logs are so huge I can’t even open them on my machine, meaning it’s all up to my web host’s lazy techies, if they can spare the time to search.

The problem doesn’t happen very often fortunately (3 times in 3 months, removed in 2 minutes after I read the first report), so, once again, I apologize, and please bear with it for a while, if it happens again, email me, I’ll have it fixed :)
Fast summary : no panic, don’t leave :twisted:

And let’s also call it an advertisement for Avast, the only AV smart enough to warn you, shoo on other antivirus companies ! ;)


Hello! This post is getting on years, so here's a friendly mention... If all the links are dead, you may try using
THE HENTAIRULES GIGATORRENT
to grab the file you want. You can just pick the stuff you need, it's quick and easy :)

Leave a Reply

19 Comments on "An annoying malware altert"

avatar
newest oldest most voted
chronos
Guest

Dear Oliver,
to hell with the malware(s), i have no intention to leave you, i wiih your site will last forever.
Best regards for your and everyone's pervertness,
Chronos

Dillinger
Guest

Wow, not even Nod32 or Avast warned me. Oh well, I use Linux 95% of the time so I have nothing to worry about.

coomoofarm
Guest

Kaspersky was warning me.

HurpDurp
Guest

Same. It blocked the attack every time by denying access to the URL too.

Jankull
Guest

Same here.

acolyte
Guest

Avira's didn't warn me, so does firefox/IE. so that's fine.
And same what chronos said above. I mean, I don't even have your site bookmarked because of the content in case friends invade my laptop. I remember the link by heart.

anon
Guest

dear Oliver
i have a question about the pop up that always appear on the first click on hentairules i wnonder if that was something you put on or my pc got some nasty thing i dont know about because i use avast and malware byte and there arent any warning

Oliver AKA The Admin
Admin

That one is legit, it's to make bonus beer money :)

(Fair advice : "kriek framboise" FTW, it's even on sale in US stores !)

anon
Guest

thanks Thanks

HR-Fan
Guest

Thanks for the quick notification, Oliver. :)
You really getting better! :D

justagars
Guest

i am using mse as av and each time i come to this blog mse give me an alert of an adware (adware JS/Pornpop.A ), i never took the time to report it cause i clean it right after leaving your website, but this thing lasts for more than 6 months and still here
Will be good if you can do something about it

Thank you

french version : mon antivirus m'alerte d'un adware a chaque fois que je viens sur votre site, cela dure depuis plus de 6 mois et commence a etre lassant. Ca serai bien que vous fassiez quelque chose a propos de ca

merci

zobo
Guest

ESET Smart Security 4 user here. A notification about blocking some bad link pops up every time a load a page on this site. It only started recently.

Bhavesh
Guest

Kaspersky warns me some http://trafficgarland.org

Hiiro
Guest

Used this http://jsbeautifier.org/ to create a more detailed look at the code seems to me like an elaborate way of hiding a string. Just my thoughts on the matter

Barabba
Guest

If I got it right, the script is an obfuscated way to write in the page a script that loads the following address:
http://eyescanty.org/d6sg6zxwykw12

However, that address currently returns an empty content.
Looking in the whois registry, the domain has probably been registered by a chinese scammer.

johnston
Guest

Im glad you are aware of this. I ended up reinstalling windows 7 after getting infected by your site a few days ago. Noticed JRE started from your main page and then I got a message saying windows firewall has been disabled. pretty nasty malware, browser highjacking, coolsearchsystem, nothing could remove it, microsoft security scanner tried to remove it but screwed up something so windows would no longer boot. fun stuff.

Oliver AKA The Admin
Admin

Aaaw, I feel SO sorry for you, Johnston ! I apologize again.

Please, take my advice, install Avast or another of the antiviruses that have been commented to be working against this threat !

anony
Guest

I got a popup for http://www.fleshlight-international.eu today. quite annoying as well

Oliver AKA The Admin
Admin

That one is legit, it paid me 5 pints last month :3

Come on, once per day is tolerable :)