Virus/Trojan on Forum.

Not getting any errors or issues. Things are running fine.
 
Yeah, has happened several times for me.

Keep your virus scanners etc., on, make sure your browser(s) are up to date.

Got a warning today about threats on the site, but iqnored them and came in anyway. So dangerous!
 
Certain browsers alert you while others might. There are options in firefox to block websites that were reported as malicious (it's in tools>options>security) and chrome does the same as well.


If you google "mattersofsize" it should display "This site may harm your computer.".

This is something google does on their own: http://www.google.com/interstitial?url=http://mattersofsize.com/forum/ & http://www.google.com/safebrowsing/diagnostic?site=http://mattersofsize.com/forum/&hl=en


I'm using nod32 SS, but anyone can download comodo firewall for free. Last time I used it it seemed kind of cumbersome. I mainly used it for blocking ip-ranges a few years so I don't know how well it does with attacks. I couldn't tell you how good it is, but it's definitely not shitty. Not sure about false positives.
 
Last edited:
hepcat;496730 said:
Delete what??:( There was no option to perform such an action.
Click to expand...

It was a duplicate post from what I posted above. Seems my comment was posted, but I refreshed and didn't see it. I rewrote the comment and realized it was just lag, so I deleted my other post (the delete) when I seen that the other one got posted. Wish I could had deleted it :blush:



EDIT: Sorry, that was a reference to my forum post. Not that you should delete anything from your PC. If you have an antivirus software it 'should' had got it if it was still an issue at the time of you visiting the forum.
 
Last edited:
They are still fixing this. They are rescanning site now. They said warnings should be gone soon.
 
hepcat;496739 said:
I was wondering if the problem can be coming from the Porno Paradise Forum. Whenever you have free adult entertainment beware!
Click to expand...


I may have to agree. Let me hear what the techs say and I will make some decisions then. I can say that there are not viruses on the forum, they said the warnings should due gone soon.
 
hepcat;496741 said:
Is that why there are so few posts today or were people busy enjoying their Sunday?
Click to expand...

Yes, the database error message has been pooping up all day causing traffic to slow. It will be fixed and good as new soon. This happens from time to time because of bad tables or some other weird issue. They are very good and should have repaired very soon.
 
Is everyone still getting errors? Please let me know.
 
finally getting on here ok. still getting the chrome warning though
 
Keep checking and responding to this thread. They are working on it still, trying to fix. Let me know what you guys see.
 
Who is still having issues and in what browser are you using?
 
everytime i go on the site i get the 'malware detected' page (in google chrome). this has been happening for the past week, and sometimes it wont let me get into the site at all. I very much doubt the site is giving me any viruses, so its strange to keep seeing the messages!
 
They are currently having the site rescanned so hopefully things will be straight soon. There are not malware or viruses on the forums. but google is still registering them. I will be on this until it is fixed but feel safe to post without fear of infection.
 
jordey;496809 said:
out of curiosity, why does this happen? i heard it was other sites attacking this, dont know if its true or not!
Click to expand...

I have never gotten a straight answer.
 
I can get on [words=http://www.mattersofsize.com/join-now.html]MOS[/words] through my PC but still get the Malware warning my ipod will not let me in.
 
If you check the first link in the original post I made: http://i47.tinypic.com/2jd14sw.jpg . I was pretty sure that was the issue.

I blocked that IP-range from being loaded and never had another popup that day. Not sure how they get in, but I read of a vbulletin XSS issue a while back. Usually if someone were able to get into a server then they would had done more damage than this.


Google will clear itself after everything is cleaned up. A lot of it is a waiting game it seems, http://support.google.com/weBathmateasters/bin/answer.py?hl=en&answer=168328
 
smerc;496852 said:
If you check the first link in the original post I made: http://i47.tinypic.com/2jd14sw.jpg . I was pretty sure that was the issue.

I blocked that IP-range from being loaded and never had another popup that day. Not sure how they get in, but I read of a vbulletin XSS issue a while back. Usually if someone were able to get into a server then they would had done more damage than this.


Google will clear itself after everything is cleaned up. A lot of it is a waiting game it seems, http://support.google.com/weBathmateasters/bin/answer.py?hl=en&answer=168328
Click to expand...



You are correct. The techs just said that Google is rescanning site and it should be 100% in a few hours.
 
Please report any problems here that you are having and please let me know which browser.
 
doublelongdaddy;496929 said:
Please report any problems here that you are having and please let me know which browser.
Click to expand...

I use firefox.
It always says "reported attack page" then I have to click ignore warning to continue to site.
This has happened probably on four separate occasions since I've been here (since sept)
 
doublelongdaddy;496803 said:
Who is still having issues and in what browser are you using?
Click to expand...

Still got issues over here. I'm on a mac with Chrome running, and this has only recently started for me. Until about a week ago, I hadn't gotten this message in a long time.
 
kitfisto;496995 said:
For the past few days It said this site was unsafe to visit. Now it is fine.

Messages like this are not uncommon here.
Click to expand...


Back in action. I can't believe it took 3 days this time. Accept my apologies.
 
wow, finally i got in! wouldn't let me in these last few days, both on the pc or phone or pad, all seems fine now :)
 
I'm not getting anything because I have those ip-ranges blocked as well as strict noscript settings.

Not sure how any of you are not still getting anything. It's still showing multiple sites infecting.

286sew7.jpg
 
That's more than likely just a browser reaction. Basically preventing you from going deeper into an infected site by blocking that site for an extra duration.

Try waiting a bit without clicking anything on [words=http://www.mattersofsize.com/join-now.html]MOS[/words], then try to view newposts.
 
OK, now it is back to normal. How much do you know about this stuff Smerc? As a matter of fact, how much does anyone know? I guess I have a great tech company right now but I would love to have someone to help that is more personal, I think more could be done to protect [words=http://www.mattersofsize.com/join-now.html]MOS[/words].
 
Just a quick heads up, i'm getting the warning again, tells me it's trying to transfer "thisiscake.zxq.net/" (Exploit Blackhole Exploit Kit (type 2314)) Whatever that means. This is from AVG.

It seems, something is hiding on the code, maybe behind a image or something and "tries" to load up as part of the site.
 
I don't know anything about forums.

If you and your weBathmateaster can't get the issue resolved. You would want to post in the vbulletin forum. Hell, you might even gain some new members from there doing it that way.

You might need to provide your server specs, what security you have on the server(firewall/scanners/etc & maybe privledges & settings). Vbulletin version(is it updated?). vB plugins on the site. Whether you have any new FTP users and how many/are their passwords secure. Probably a lot more as well.


If it's anything like wordpress, it should be easy to look through your code and try to pin-point anything out of the blue (encryption/funky looking websites-code). As well as checking for a vulnerability scanner of some sorts.

I would just check for some security websites that have a vbulletin section and the vbulletin forum as well, and post your questions there. Would be best suited for your weBathmateaster to do that.
 
tyv;497186 said:
It seems, something is hiding on the code, maybe behind a image or something and "tries" to load up as part of the site.
Click to expand...

Usually that's the case when sites have [words=http://www.phallosan.com/shop/catalog/default.php?z=eNortjIxtVKyL0pNszWxMFcrSSxKTy2JL0hMT7U1UisoykyxtbBQSy4tLsnPjS8uKcrMS7dVsgZcMMpbEbo%2C]ads[/words] loading or are affiliated with a ad display network that loads things from another server. This is merely someone having access through a certain thing on the server(anything from xss/sql injection/plugin fault/ftp issue/etc).


I mean even just looking in the html source shows this(highlighted iframe portion towards the right):

vr6hwg.jpg
 
Yeah. There's another if you hit iframe again. There's also some I bet that are on other sections of the site. There seems to be 3 total.

You would have to look through your .php's DLD and just figure out how they're getting there.
 
Looks like it is back....I am on it right now
 
hepcat;497302 said:
The only problem I'm having is the links on the homepage all lead to a blank white screen.
Click to expand...

Something is not right, they are working on it already.
 
hepcat;497306 said:
The white screens linked from the homepage also happened last time, but at least I can get on the forums without a problem.
Click to expand...

Hep, what link are you speaking of? Can you paste it here?
 
Any word of this from the weBathmateaster? There is still a website loading a trojan in the code and there could be others as well since all I can see is the stuff in html.
 
smerc;497563 said:
Any word of this from the weBathmateaster? There is still a website loading a trojan in the code and there could be others as well since all I can see is the stuff in html.
Click to expand...


They are rescanning but said we showed nothing. What are you showing on your scan?
 
You must log in or register to reply here.
Back
Top