The Pub tagged as an attack site.... Ive been getting the odd "attack blocked" warning viewing threads on STR. Also a few "certificate expired" notes. A few minutes ago, Norton Security just blocked the entire "The Pub" forum as a reported attack site. Waddup with that? I remember someone asking about a similar issue. Any thoughts appreciated. How to avoid? Work around? Is there an evil mirror site? Sorry to post here, can't get into The Pub disabling my security. There must be some mistake here. Thought the mods should know. Here's a screen capture.
Have consulting work to catch up on tonight but I'm making time tomorrow night to update our vBulletin and check things out on the server. Keep posting any info you have about the issues including screenshots and other relevant details. If you're on Windows or just want to be super safe I'd recommend disabling javascript when browsing STR until we know for sure that it's clean.
I see you're back on line George, with some time to spare...Sadly -- the Time Killing Thread is still dogging us with malware warnings.Thanks for your work on this!- shud
Things went relatively smoothly. Locked down access a bit more, changed passwords, updated the forum software, scanned the server for rootkits, and put in a ticket to the host to update other software (mail server, ssh, etc). The likely culprit was hidden in a few forum templates. A line of code was essentially embedding a tiny hidden image from a server in Germany (for those who are interested: http://whois.gwebtools.com/hqhrt.com). Took those out. The warning messages won't go away until next time Google scans the pages - assuming I found all the infections. Note: I sent in a request to Google for them to scan the site. Hopefully within the next day or so we'll know the final verdict.
Hey now, are you one of those Mac haters I've heard so much about?I have had no problems on my iMac or iPad. I have, however, gotten some big ol' red flags on my work PC and my shitty Droid phone.
Thanks George. I like to new feature of "Auto-Saved" when posting. So many times I lost text because the computer dropped offline.
Yeah, I should have written in a thank you as well, George. Cool new stuff. Editor is real nice now -- lots of readily available options in there right at your fingertips now. Woot! So... thanks! - shud
Just got this on a classified page today @ 10:50 Kaspesky detected 10/12/2011 10:50:45 AM Suspicious malicious URL AD240F5F32519E05 http: //www. oxysatt. cjb. net/mja59s7n/?2 High BTW DO NOT CLICK ON THE URL
I believe it's a binary code bug, having to do with 11-11-11. This is the beginning of the end as we know it. Good luck to us and more importantly, good luck to the others!