Virus/Trojan on Forum.

[crabman]

I'm on firefox and throughout the day I have been having issues. I also am getting the malware warning.

 

[DLD]

They are currently having the site rescanned so hopefully things will be straight soon. There are not malware or viruses on the forums. but google is still registering them. I will be on this until it is fixed but feel safe to post without fear of infection.

 

[jordey]

out of curiosity, why does this happen? i heard it was other sites attacking this, dont know if its true or not!

 

[DLD]

out of curiosity, why does this happen? i heard it was other sites attacking this, dont know if its true or not!

I have never gotten a straight answer.

 

[8incyclops]

I can get on [words=http://www.mattersofsize.com/join-now.html]MOS[/words] through my PC but still get the Malware warning my ipod will not let me in.

 

[smerc]

If you check the first link in the original post I made: http://i47.tinypic.com/2jd14sw.jpg . I was pretty sure that was the issue.

I blocked that IP-range from being loaded and never had another popup that day. Not sure how they get in, but I read of a vbulletin XSS issue a while back. Usually if someone were able to get into a server then they would had done more damage than this.


Google will clear itself after everything is cleaned up. A lot of it is a waiting game it seems, http://support.google.com/weBathmateasters/bin/answer.py?hl=en&answer=168328

 

[DLD]

If you check the first link in the original post I made: http://i47.tinypic.com/2jd14sw.jpg . I was pretty sure that was the issue.

I blocked that IP-range from being loaded and never had another popup that day. Not sure how they get in, but I read of a vbulletin XSS issue a while back. Usually if someone were able to get into a server then they would had done more damage than this.


Google will clear itself after everything is cleaned up. A lot of it is a waiting game it seems, http://support.google.com/weBathmateasters/bin/answer.py?hl=en&answer=168328

You are correct. The techs just said that Google is rescanning site and it should be 100% in a few hours.

 

[DLD]

Please report any problems here that you are having and please let me know which browser.

 

[MikeShlort]

Please report any problems here that you are having and please let me know which browser.

I use firefox.
It always says "reported attack page" then I have to click ignore warning to continue to site.
This has happened probably on four separate occasions since I've been here (since sept)

 

[bluetard117]

Who is still having issues and in what browser are you using?

Still got issues over here. I'm on a mac with Chrome running, and this has only recently started for me. Until about a week ago, I hadn't gotten this message in a long time.

 

[Super]

I was having login issues. who is fcking with us now?

 

[kitfisto]

For the past few days It said this site was unsafe to visit. Now it is fine.

Messages like this are not uncommon here.

 

[DLD]

For the past few days It said this site was unsafe to visit. Now it is fine.

Messages like this are not uncommon here.

Back in action. I can't believe it took 3 days this time. Accept my apologies.

 

[tyv]

wow, finally i got in! wouldn't let me in these last few days, both on the pc or phone or pad, all seems fine now

 

[smerc]

I'm not getting anything because I have those ip-ranges blocked as well as strict noscript settings.

Not sure how any of you are not still getting anything. It's still showing multiple sites infecting.

 

[DLD]

Upon clicking new topics on the main page (http://www.mattersofsize.com/forum/forum.php) I am getting: Warning: Cannot modify header information - headers already sent by (output started at [path]/includes/class_bootstrap.html:3) in [path]/includes/functions.php on line 4513

 

[smerc]

That's more than likely just a browser reaction. Basically preventing you from going deeper into an infected site by blocking that site for an extra duration.

Try waiting a bit without clicking anything on [words=http://www.mattersofsize.com/join-now.html]MOS[/words], then try to view newposts.

 

[DLD]

OK, now it is back to normal. How much do you know about this stuff Smerc? As a matter of fact, how much does anyone know? I guess I have a great tech company right now but I would love to have someone to help that is more personal, I think more could be done to protect [words=http://www.mattersofsize.com/join-now.html]MOS[/words].

 

[tyv]

Just a quick heads up, i'm getting the warning again, tells me it's trying to transfer "thisiscake.zxq.net/" (Exploit Blackhole Exploit Kit (type 2314)) Whatever that means. This is from AVG.

It seems, something is hiding on the code, maybe behind a image or something and "tries" to load up as part of the site.

 

[smerc]

I don't know anything about forums.

If you and your weBathmateaster can't get the issue resolved. You would want to post in the vbulletin forum. Hell, you might even gain some new members from there doing it that way.

You might need to provide your server specs, what security you have on the server(firewall/scanners/etc & maybe privledges & settings). Vbulletin version(is it updated?). vB plugins on the site. Whether you have any new FTP users and how many/are their passwords secure. Probably a lot more as well.


If it's anything like wordpress, it should be easy to look through your code and try to pin-point anything out of the blue (encryption/funky looking websites-code). As well as checking for a vulnerability scanner of some sorts.

I would just check for some security websites that have a vbulletin section and the vbulletin forum as well, and post your questions there. Would be best suited for your weBathmateaster to do that.