Jump to content

Site tried to download files this morning


Guest m&pc9

Recommended Posts

Posted

I run Chrome and when I tried to log in this morning. It said the site was trying to download multiple files, Accept or deny. I denied it and something downloaded and ask to to save or discard, I discarded. I know you have been having trouble, I hope this helps.

My AVG did not pick anything up.

  • Replies 53
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Guest KimberChick
Posted

When FF first blocked the site, it would give me the names of the files/programs causing the red flags. When I get home tonight I can see if I've still got that issue and give you those file names if the flag pops up again. There were two of them but the names escape me at the moment. I haven't been on the site in anything other than IE since Monday.

I don't know if that's been addressed in one of the other threads on this topic. If so, carry on.

Posted

Running Safari 5.0.1 and getting warnings, too.

"Of the 122 pages we tested on the site over the past 90 days, 32 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2010-09-22, and the last time suspicious content was found on this site was on 2010-09-22."

  • Administrator
Posted

@Daniel - Yeah, that's really not what I'm looking for right now. What you're seeing is simply old info that Google still has on record for the site. That hasn't changed yet. What I need is a report from someone with antivirus software that was triggering alerts on us earlier today (prior to 12:00 noon) to compare what they are getting now.

Bottom line is this:

I found that someone had in fact compromised the banner ad system that we are using here and was injecting links into the banners. I've scrubbed that out of there, closed the security hole and made some other adjustments. In fact, I may be ditching our banner ad software as a result of this as it seems it's a huge steaming pile of sh#t based off of what I'm seeing here. Their security is lacking sorely.

I think I've got the problem fixed... but I really won't know until I hear from some folks who were getting errors earlier.

Honestly, it really sucks and I'm about at the end of my rope with it. :D

Posted
...

I found that someone had in fact compromised the banner ad system that we are using here and was injecting links into the banners....

Any of stuff related to the security holes found in 64 bit Linux servers over the last few days? Several ways to get root access, apparently.

Survivorlistboards just one big site that was totally down for over 24 hours, for example.

- OS

  • Administrator
Posted
Any of stuff related to the security holes found in 64 bit Linux servers over the last few days? Several ways to get root access, apparently.

Survivorlistboards just one big site that was totally down for over 24 hours, for example.

- OS

Negative. Our host was very quick to patch the hole you're talking about. Our problem was related to this: link

Guest ArmyVeteran37214
Posted (edited)
@Daniel - Yeah, that's really not what I'm looking for right now. What you're seeing is simply old info that Google still has on record for the site. That hasn't changed yet. What I need is a report from someone with antivirus software that was triggering alerts on us earlier today (prior to 12:00 noon) to compare what they are getting now.

Bottom line is this:

I found that someone had in fact compromised the banner ad system that we are using here and was injecting links into the banners. I've scrubbed that out of there, closed the security hole and made some other adjustments. In fact, I may be ditching our banner ad software as a result of this as it seems it's a huge steaming pile of sh#t based off of what I'm seeing here. Their security is lacking sorely.

I think I've got the problem fixed... but I really won't know until I hear from some folks who were getting errors earlier.

Honestly, it really sucks and I'm about at the end of my rope with it. :meh:

Damn, I guess I was right to begin with!

I'm gonna blame it on the new ads running on the site!

I'm pretty sure that's not it. But thanks for jumping to conclusions.

For the record, I am not getting any such warnings. I'll do some investigating but I just got back in town from a 24hr excursion from which I am extremely exhausted. This matter may or may not get fixed today.

Thanks.

I may not be a computer genius, but I know a thing or two.

Edited by StreetWK05
Posted
I found that someone had in fact compromised the banner ad system that we are using here and was injecting links into the banners. I've scrubbed that out of there, closed the security hole and made some other adjustments. In fact, I may be ditching our banner ad software as a result of this as it seems it's a huge steaming pile of sh#t based off of what I'm seeing here. Their security is lacking sorely.

I think I've got the problem fixed... but I really won't know until I hear from some folks who were getting errors earlier.

I put my security settings back to normal, and have been surfing TGO for a while now, and I have not received any further warnings from Avast.

I will be honest, though. If the security is that bad with the banner ad software, I am going to continue to block them.

Guest Drewsett
Posted

It would appear to be fixed now. I didn't want to post this considering the way the last thread ended when I "conjectured" as to the problem, but if you use Open X for your ads (which almost everyone does these days) you might find this pertinent.

OpenX Blog » Security Update: How to Secure your OpenX installation

Apparently the software itself was compromised. There is some info there on how to fix it (download new software, ofc). According to the developers there is a possibility that the .php could be compromised, some forums had fake admin accounts inserted, but I'm sure you would have caught that.

If you don't use OpenX, then cool, I've gone to all the trouble of researching the problem for naught. It's been awhile since I've coded a forum (only about 8 years now), but I remember most of the basics. I also, once upon a time, knew a thing or two about exploiting security vulnerabilities for fun...ah the memories of a misspent youth. I miss telnet sometimes.

Posted

chrome has been going strong this evening... I was getting the malicious content stuff from avast using ie and the usual google message using chrome but nothing now.

  • Administrator
Posted
1:45 CT, still attack warning. Firefox, MAC laptop. I won't even go near a winders machine with this going on.

That attack warning is irrelevant. What I need is someone with an antivirus package that was alerting. Please read what I wrote before.

  • Administrator
Posted
Damn, I guess I was right to begin with!

I may not be a computer genius, but I know a thing or two.

No, you were wrong. Sorry.

Posted

TGO David,

Wow, I'm really sorry to hear you're still having this problem.

I use FF and IE and am still getting the blocking/ malware when I go to TGO.

I work in this field and what you're dealing with is not at all unusual. sorry to say.

A certain highly regarded vendor of gear, that uses numbers everyone would recognize, got whacked a year or so ago with some nasty SQL injection code malware.

They got blocked from our network for well over 2 weeks til they got it fixed. (hope its not them again)

After a few days of folks begging us to unblock caused they need to place orders with them,

WE had to track down their webmaster to inform him (and explain it) of what was going on. His reaction was an incredulous "Really??"

we said "fraid so, you ARE pwned!"

I hope whoever is the source of your (and our) misery RESOLVES this mess real damn quick.

Best of Luck!

  • Administrator
Posted
It would appear to be fixed now. I didn't want to post this considering the way the last thread ended when I "conjectured" as to the problem, but if you use Open X for your ads (which almost everyone does these days) you might find this pertinent.

OpenX Blog » Security Update: How to Secure your OpenX installation

Apparently the software itself was compromised. There is some info there on how to fix it (download new software, ofc). According to the developers there is a possibility that the .php could be compromised, some forums had fake admin accounts inserted, but I'm sure you would have caught that.

If you don't use OpenX, then cool, I've gone to all the trouble of researching the problem for naught. It's been awhile since I've coded a forum (only about 8 years now), but I remember most of the basics. I also, once upon a time, knew a thing or two about exploiting security vulnerabilities for fun...ah the memories of a misspent youth. I miss telnet sometimes.

In the ballpark but it's not exactly how this happened. This isn't exactly my first rodeo either, it just the first time lately that the bull got me instead of the other way around. It's SOP for me to use lockdown docs like that anytime I install an app. We weren't quite 0-Day with this one, but it happened within the first six days of the exploit going wild.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

TRADING POST NOTICE

Before engaging in any transaction of goods or services on TGO, all parties involved must know and follow the local, state and Federal laws regarding those transactions.

TGO makes no claims, guarantees or assurances regarding any such transactions.

THE FINE PRINT

Tennessee Gun Owners (TNGunOwners.com) is the premier Community and Discussion Forum for gun owners, firearm enthusiasts, sportsmen and Second Amendment proponents in the state of Tennessee and surrounding region.

TNGunOwners.com (TGO) is a presentation of Enthusiast Productions. The TGO state flag logo and the TGO tri-hole "icon" logo are trademarks of Tennessee Gun Owners. The TGO logos and all content presented on this site may not be reproduced in any form without express written permission. The opinions expressed on TGO are those of their authors and do not necessarily reflect those of the site's owners or staff.

TNGunOwners.com (TGO) is not a lobbying organization and has no affiliation with any lobbying organizations.  Beware of scammers using the Tennessee Gun Owners name, purporting to be Pro-2A lobbying organizations!

×
×
  • Create New...

Important Information

By using this site, you agree to the following.
Terms of Use | Privacy Policy | Guidelines
 
We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.