We are sorry, we have been hacked;

The site www.avalab.org was infected in the following time periods:

  • 03-feb-2018 14:29 CEST  until  04-feb-2018 12:09 CEST
  • 06-feb-2018 14:29 CEST until 07-feb-2018 22:57 CEST

Important to know:

  • The Documentation server avastar.online and legacy.avastar.online are operating normally. No infection here.
  • The Download server is operating normally. No infection here.
  • The Blender Addons are clean. There is no way how they can become infected. There is no need to download them again.
  • All User data is clean.

What you should do

  • If you have an anti virus program, then you are not affected at all
  • If you have no anti virus program, then there is a risk that you have become infected by one of the redirected links. In this case please consider to check your entire computer for any infection.

More details

We have taken care to identify and remove the modified parts of our server. The weak points have been detected and sealed. The site is back to normal operation.

Here is a more complete listing of what happened:

    • 03-feb-2018 14:29 CEST this website was forced to redirect our users to external advertising websites. This hapened only occasionally. Users with antivirus detection have been protected.
    • 04-feb-2018 12:09 CEST A Backup from 03-feb-2018 was restored.
    • 04-feb-2018 12:15 CEST All Administrator accounts have been reviewed and cleaned up.
    • 04-feb-2018 12:30 CEST All Editor accounts have been removed.
    • 04-feb-2018 17:25 CEST Disabled user access to all admin areas except userprofile.
    • 06-feb-2018 14:29 CEST This website was infected again
    • 07-feb-2018 22:57 CEST The Backup from 03-feb-2018 was restored

We have found the weak point how the hackers got access to our Website. We fixed that and the site is clean again.

We originally have added a link to another blog post which describes the infection in high detail. But we just got informed that the other blog is now also infected with the exact same virus. This internet is indeed a dark place.

Many thanks to the users who report about this problem and keep us informed about all of this!

regards,
The Machinimatrix people