Update: Ka-Blam, IndyPlanet, ComicsMonkey Hacked
July 27
IndyPlanet and ComicsMonkey are proving to be far more difficult to clean than Ka-Blam was. We’re hoping to have IndyPlanet clean by close of business today. We’re optimistic about that, although in fairness we’ve been hoping to have it back up by close of business every day since Friday. We’re closer now than ever before though. All of the shopping cart related scripts are now clean and we’re focusing on the ancillary areas of the site (most of which are seldom ever accessed by site vistors).
And just by way of clarification … the areas of our domains that were manipulated during the hack were php scripts and html files only. The databases — which contain all of the user information, orders, etc. — are on a separate server and there was never any unauthorized access to them.
July 22
So some time in the early morning hours of Thursday our sites were hacked. We’re not sure how they got in or what they were really trying to accomplish other than cause mischief.
Which they did in abundance.
Thankfully — and luckily for us –they also seem to have been somewhat inept. They left their mark on EVERY php and html file on more than a dozen domains, but they also left a pretty obvious trail behind and it doesn’t appear they did any irreparable harm. Still, Thomas and I have both spent the entire day combing through file after file, line by line, deleting the malicious additions made to our code.
We’re still checking, but it appears that we’ve got Ka-Blam.com clean once again. You may still, however, see a malicious site warning from your browser. My understanding is that those can linger until lifted by the third parties that impose them. We’re looking into that now.
In the meantime, we do believe that Ka-Blam is clean once again but if you should come across an sql error please let us know.
IndyPlanet and ComicsMonkey are both still down. We’ll be working on cleaning those all weekend I’m sure. We apologize for the inconvenience and beg your patience.
![IndyPlanet Ad Swap -- [Messenger]](http://ka-blam.com/printing/front/wp-content/themes/arthemia-premium/scripts/timthumb.php?src=/wp-content/uploads/2010_IP-ad-swap-Messanger.jpg&w=80&h=80&zc=1&q=100)
Thanks for your hard work guys!
Good lord; I can’t imagine the stress you guys must be under from this. We appreciate everything you’ve done to get the sites back up and running, and I hope this is the last you see of those nasty little creepers.
Nice work, guys!
Tony
Sorry to hear about this. This kind of thing always sucks. Glad to hear you’re getting everything taken care of so quickly. One question if I may? Will this delay the printing and sending of pending orders? I hope everyone on this great site is well and this is all fixed quickly.
Thanks again for all the work you guys do!
Thanks all.
To tell the truth, about 4 hours in trying to figure this out, I discovered the heart of the Ka-Blam site, it’s JavaScript code, wasn’t working. I did tear up a little ;( “What’s wrong?”, said Barry. “Oh nothing”, I wept. I soon got it back into shape and WE smiled. That was a DARK moment in my day. Better now. Now on to see what we can do with IndyPlanet and ComicsMonkey. Gotta write some code to fix that.
Good work guys! Glad to see it’s back on track!
-DMC
Man, some people have too much time on their hands. Glad to see you guys fixed things back up.
Well blimey. I’m very relieved to see that another bunch of hackers was stopped before they could leave their mark. I say, the nerve of some people…
Thanks for all the hard work you guys do keeping this site running. You guys are true troopers!
glad to hear its (mostly) solved!
Hopefully not, Ted. Ka-Blam’s back up and running so we should be fine there. IndyPlanet and ComicsMonkey are both still down, but we’re making progress. Until we say so here we’d strongly recommend you stay away from both sites. Whoever hacked us (someone in China we’ve discovered) hid tiny little iframes all over the site code. So whenever any page with one of those hidden iframes is called a third party site is also secretly called and some spyware is downloaded. Nasty, nasty stuff. But we’ll have the sites completely disinfected soon and when we do we’ll post Google’s verification that the sites are clean and spyware free so you can visit them again with confidence.
Leave to someone in China to ruin everything for the rest of us. Glad you guys are on it. Thanks again.
This whole ordeal sucks. There was no reason for this! You’re a comic book printer for goodness sakes. We’re covering this on our website blog. We were waiting for Epitaph: Abiding Lilith #1 to hit IP’s online shelf, so I’ll let everyone know what’s up and that Ka-blam back up. I knew this morning, but have to run out so I couldn’t do anything right then.
-DMC
Ick, that’s horrible – I’m sorry you guys have to deal with this sort of stuff, but I know you can handle it. What you’re doing is far too awesome to be stopped by a mere malicious bump in the road.
Actually, just last month my site’s php pages were hacked with something that sounds very similar to this. Not just me either, at least one other webcomic owner has recently had to deal with this sort of thing. Hopefully we’re not seeing the start of a trend or anything. 8 I
But in the meanwhile, you guys certainly have the understanding and support of your customers while you fend off these attacks – we’re behind you 100% of the way! 8 )
You guys do such good work. May all transgressors get what they deserve.
I’m so sorry to hear about this. I almost got caught up in it myself when I went to check on one of my additions to the IndyPlanet catalogue.
You absolutely didn’t deserve this. No-one deserves this kind of treatment, but especially not Ka-Blam. My sincerest sympathies to this, and I send you positive energy and the best wishes to get everything back up and running as soon as possible.
I certainly hope all our financial data is safe? I’m glad you guys are working on solving this. Wishing you the best of luck & I hope you find the perpetrators & bring them to justice!
Thank goodness I didn’t go to Indy Planet a few moments ago. I saw the Warning and check the google and saw you posted the warning. Anyway thank you all for your efforts. I hope those morons get what they deserve. A nice fat stay in prison!
Oh, man…I’m sorry. This happened to me last year, so I completely sympathize. Happily, it seems that you’ve got it under control.
We don’t have any of your financial data … so that’s not a concern at all.
Ah, I just used the contact form to let you know about the stuff on the other two sites but I’ve just now seen your comment around “# 24 July 2010 at 8:36 pm”. So I guess you already know about it.
Was any part of the Message Center affected? I’ve been waiting since the 22nd for a reply regarding issues with my print job for Otakon – I’ve sent two additional messages since then and have gotten no answers.
Good luck with the rest of the cleanup!
What a drag, guys, sorry. SDCC went great, thanks for your terrific work.
Ouch, I had almost exactly the same thing happen to my comic website a few years ago. I wish you luck in getting it all sorted out!
I too am waiting to hear back on a message and waiting for a proof. I understand how busy things must be for you all. Just wanting to make sure nothing fell through the cracks. Im going to Chicago comic-con this year and am looking forward to bring all four of my issues with me. Thanks again for everything you all do.
You know this is convention season. I know I may be reaching but do you think this was malicious? I mean done on purpose versus being random? I mean why Ka-Blam and why now?
-Nate
I hate to say it, but I’m with David M.C. I can’t help but wonder if a rival publisher or company caused this.
It was certainly malicious … but I don’t think it was intentionally destructive and I don’t think we were targeted for any particular reason. The attack originated in China and given the level of access they achieved they could have done a LOT more damage. What they were trying to do was to install invisible iframes that would download and install spyware whenever someone accessed the script they had altered. Luckily for us, there were a bit ham-handed and left an obvious trail behind. It’s very time consuming to fix what they did, but not overly difficult.
BTW, IndyPlanet is now clean … even though the malware warnings haven’t been lifted yet. We’re trying to get those lifted now and hopefully some time next week they’ll go away.
ComicsMonkey is still a bit of a mess. Steer clear of it still, please.
I highly doubt it, guys.
Hang in there, guys. I know you’re working around the clock to right the ship. Let me know if we can help in any way. I don’t know HOW, but let us know.
- jeremy