Announcement

Collapse
No announcement yet.

virus on TJY??

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    virus on TJY??

    When I tried to connect to TJY tonight I was given a warning by my browser that there had been malicious activity and the site had been compromised and that so far scripts and trojans had been distributed by visiting the site. I also noticed that a plugin keeps trying to be installed on the site now as well. Possible naughty activity here
    Idiocy: Never Underestimate the Power of Stupid People in Large Groups

    Blogging: Never before have so many people with so little to say said so much to so few

    I may be drunk, Miss, but in the morning I will be sober and you will still be ugly. Winston Churchill


    #2
    Sounds serious, we had a similar issue on SSP.com a while back and it turned out to be the host itself getting compromised and the trojans propagating that way.

    Comment


      #3
      Can someone get me a screen shot of the warning?

      Comment


        #4
        Virus given in Chromium/Chrome, not Firefox. Seems to be very active as of today and web site is compromised. After a few seconds in Firefox half the time I am redirected to:

        http://vumberclick.com/?q=canon+eos+350+d

        and then on to

        http://seoloc.ru/search/?q=canon%20eos%20350%20d

        Found this:
        http://www.mathhelpforum.com/math-he...-194176-3.html
        http://www.disclose.tv/forum/viewtop...7d281acff4eadf


        "The site was hijacked ... this was the site responsible for the "click next" message and redirections http://vumberclick.com/?q=free+web+directory+listing

        The site has been running only since last November."

        and

        " a limited Hack Attack"

        and
        "someone has used SQL injection to embed malware on this forum. apparently several vbulletin forums have been having this problem lately, most often associated with kokosina.in and boed.info."
        Last edited by BDUAres; 12-31-2011, 08:13 PM.
        Idiocy: Never Underestimate the Power of Stupid People in Large Groups

        Blogging: Never before have so many people with so little to say said so much to so few

        I may be drunk, Miss, but in the morning I will be sober and you will still be ugly. Winston Churchill

        Comment


          #5
          Kaspersky gave me warnings, but stopped the redirects luckily. I'm using firefox.
          Denied: http://kokosina.in/t/go.php?sid=5 (analysis using the database of suspicious URLs) 1/1/2012 9:59:56 AM
          "Kicking a dead horse is easy, pummeling it until there's nothing left but a bloody pulp takes some effort - Barak"

          Comment


            #6
            So, I take it you guys aren't going to fix this?
            "Kicking a dead horse is easy, pummeling it until there's nothing left but a bloody pulp takes some effort - Barak"

            Comment


              #7
              I'd love to fix it, I just don't know how if I'm not seeing the redirects and error messages. I'm in Chrome, but on Mac OS. Let me boot up my VM W7 and report back.

              Comment


                #8
                Posting from Windows 7 VM on Chrome - no errors.

                Comment


                  #9
                  Posting from Windows 7, IE8, no errors.

                  Comment


                    #10
                    Apparently it was server side and went away, I'm not getting them now either.
                    "Kicking a dead horse is easy, pummeling it until there's nothing left but a bloody pulp takes some effort - Barak"

                    Comment


                      #11
                      got one just now

                      Idiocy: Never Underestimate the Power of Stupid People in Large Groups

                      Blogging: Never before have so many people with so little to say said so much to so few

                      I may be drunk, Miss, but in the morning I will be sober and you will still be ugly. Winston Churchill

                      Comment


                        #12
                        Frustrating - I have the "Enable phishing and malware protection" option enabled but am not receiving this message.

                        Have you tried clearing all cookies/cache/everything?

                        Comment


                          #13
                          Originally posted by Mhaddy View Post
                          Frustrating - I have the "Enable phishing and malware protection" option enabled but am not receiving this message.

                          Have you tried clearing all cookies/cache/everything?
                          Indeed. My cookies/cache clear automatically each time I shut down a browser, but those messages come from Google itself when you try to load the website from a start at Google, which is usually my home page on my laptops. It does not come up all the time, and unlike Barak I don't get the message from my antivirus or security software, just from Google. Google did seem to be correct as at least a few times I was indeed redirected when at the main tJy page
                          Idiocy: Never Underestimate the Power of Stupid People in Large Groups

                          Blogging: Never before have so many people with so little to say said so much to so few

                          I may be drunk, Miss, but in the morning I will be sober and you will still be ugly. Winston Churchill

                          Comment


                            #14
                            Looks like the problem was with the host, Dream Host: http://www.dreamhoststatus.com/2012/...ecurity-issue/

                            I am in the process of changing... everything - it will be some time before the password changes take effect and I can login to the site and check some of the symptoms.

                            @BDUAres, Thank you for being so diligent with this, and hopefully I can get to the bottom of it.

                            Comment

                            Working...
                            X