Jump to content


Problem Malware for the forum


  • Please log in to reply
25 replies to this topic

#1 ginetto

ginetto

    Master Tracker

  • Administrators
  • PipPipPipPipPipPipPipPipPipPipPipPip
  • 10,717 posts
  • Gender:Male
  • Location:Lombardia ITALIA

Posted 19 December 2012 - 07:40 AM

Is 2 days now that when I enter and every time I click anything in the repository forum, a Malware alert pops us and ask me to discard the page or proceed at my own risk.
I never had this problem before ; it started yesterday and today it doubled, meaning that as soon I click on proceed at my own risk, another alert shows up and ask me the same thing.
Pretty annoying having to clik 4 times for every change of page .
I attack a couple of the pop ups I get in Chrome; it says the site with problem which is not gplr but obviously some frigging kid was able to inject.

Attached Files

  • Attached File  1.jpg   82.41K   11 downloads
  • Attached File  2.jpg   87.44K   10 downloads

Done these tracks and working on others.


#2 maddog

maddog

    Honored Member

  • Member
  • PipPipPipPipPipPipPipPipPipPipPipPip
  • 2,012 posts
  • Gender:Male

Posted 19 December 2012 - 08:05 AM

I've read how Bill and Keith are fighting a running battle, with various nasties.  I'm using Firefox as my browser, with no problems . . . . yet.
It's a hard life, but someone has to live it!

#3 Dario Andretti

Dario Andretti

    Honored Member

  • Member
  • PipPipPipPipPipPipPipPipPipPipPip
  • 272 posts

Posted 19 December 2012 - 08:18 AM

I just got this massage

Reported Attack Page!
  
  
  
  
    
    
  
  This web page at gplr.srmz.net has been reported as an attack page and has been blocked based on your security preferences.
    

    
    
  
  Attack pages try to install programs that steal private information, use your computer to attack others, or damage your system.Some attack pages intentionally distribute harmful software, but many are compromised without the knowledge or permission of their owners.


#4 Pablo_Fernandez

Pablo_Fernandez

    Honored Member

  • Member
  • PipPipPipPipPipPipPipPipPipPip
  • 181 posts
  • Gender:Male
  • Location:Buenos Aires Argentina

Posted 19 December 2012 - 09:11 AM

Same problem here using Chrome. Same problem as the previous at Sp.geezers
Weird....
Grand Prix Legends 4 EVER

#5 sky

sky

    ultra highres junkie

  • Member
  • PipPipPipPipPipPipPipPipPipPipPipPip
  • 3,233 posts
  • Gender:Male
  • Location:Krautlandia

Posted 19 December 2012 - 10:24 AM

yea same.
however i noted that on the start page - i've linked the recent posts thingy as start - there is a window of sorts near the topmost entry. it has been there the last 2 or so days, but didn't show anything, like a popup window trying to show a picture that isn't there. now today it showed some scroll controls in that "window". if you scrolled around it asked to install a plugin. so i clicked search for whatnot update. firefox asked to install java - which i refused. ain't going to get this machine infested with java! then i entered some thread or other and on clicking my favorite link in the toolbar, it popped the red screen of "reported attack site". obviously i clicked "dun care, get me in anyway", so here i am posting.

that java window might be what's causing this. it appears next to the avatar of the poster in the new posts list - in case that helps as a pointer. see screenshot. no such thing at the srmz for me though.

Attached Files


Edited by sky, 19 December 2012 - 10:26 AM.


#6 M Needforspeed

M Needforspeed

    Honored Member

  • Member
  • PipPipPipPipPipPipPipPipPipPipPipPip
  • 1,672 posts
  • Gender:Male
  • Location:Toulouse France

Posted 19 December 2012 - 12:49 PM

using last version of Firefox, and I get the message, too

With Firefox, there is a permanent banner on top that propose to click on a solution.  Keith, Bill, perhaps it point out to a Stop Badware free software that can get help getting rid of this

Attached Files


Edited by M Needforspeed, 19 December 2012 - 12:57 PM.


#7 MECH

MECH

    Double poly killer

  • Administrators
  • PipPipPipPipPipPipPipPipPipPipPipPip
  • 4,447 posts
  • Gender:Male
  • Location:Netherlands, Almelo

Posted 19 December 2012 - 04:18 PM

I noticed the same problem and have sent Bill a message about it.
Hopefully he can solve this problem. I feel sorry for him having to fix these problems again.
Right now i'm still able to see this page on my XP machine but W7 refuses to load :rolleyes:
It's strange though that the repository suffers from this and not the srmz forum.
I would expect this forum to be less easy to get into then the repository (and less interesting for people to hack)

Cheers,

Martin


#8 Richard Cooke

Richard Cooke

    Honored Member

  • Member
  • PipPipPipPipPipPipPipPipPipPipPipPip
  • 6,407 posts
  • Gender:Male
  • Location:Florida

Posted 19 December 2012 - 04:58 PM

View PostMECH, on 19 December 2012 - 04:18 PM, said:

I noticed the same problem and have sent Bill a message about it.
Hopefully he can solve this problem. I feel sorry for him having to fix these problems again.
Right now i'm still able to see this page on my XP machine but W7 refuses to load :rolleyes:
It's strange though that the repository suffers from this and not the srmz forum.
I would expect this forum to be less easy to get into then the repository (and less interesting for people to hack)
The hackers probably think there is information worth stealing here :)

#9 maddog

maddog

    Honored Member

  • Member
  • PipPipPipPipPipPipPipPipPipPipPipPip
  • 2,012 posts
  • Gender:Male

Posted 19 December 2012 - 05:02 PM

View Postmaddog, on 19 December 2012 - 08:05 AM, said:

I've read how Bill and Keith are fighting a running battle, with various nasties.  I'm using Firefox as my browser, with no problems . . . . yet.
As soon as I hit the send button on this earlier message, Firefox blanked out the site, so it's not immuned.  I've now entered via a Firefox override, to demonstrate a reckless nature.
It's a hard life, but someone has to live it!

#10 ginetto

ginetto

    Master Tracker

  • Administrators
  • PipPipPipPipPipPipPipPipPipPipPipPip
  • 10,717 posts
  • Gender:Male
  • Location:Lombardia ITALIA

Posted 20 December 2012 - 04:53 AM

Here is a description for the alert; seems like a try to inject stuff like trojans on computers...

Attached Files

  • Attached File  rep1.jpg   125.38K   13 downloads

Done these tracks and working on others.


#11 francesco

francesco

    Honored Member

  • Member
  • PipPipPipPipPipPipPipPipPipPipPipPip
  • 2,374 posts
  • Gender:Male
  • Location:COMO Lombardy(Italia)

Posted 20 December 2012 - 05:27 AM

Same here,I enter from SRMZ ignoring the warning.

#12 Dario Andretti

Dario Andretti

    Honored Member

  • Member
  • PipPipPipPipPipPipPipPipPipPipPip
  • 272 posts

Posted 20 December 2012 - 08:06 AM

Are we, our computers and our systems in danger because of this problem?

#13 sky

sky

    ultra highres junkie

  • Member
  • PipPipPipPipPipPipPipPipPipPipPipPip
  • 3,233 posts
  • Gender:Male
  • Location:Krautlandia

Posted 20 December 2012 - 11:22 AM

maybe i should switch to the macbook for browsing the repository ;). although there is java on the mac, too. bugger.

#14 MECH

MECH

    Double poly killer

  • Administrators
  • PipPipPipPipPipPipPipPipPipPipPipPip
  • 4,447 posts
  • Gender:Male
  • Location:Netherlands, Almelo

Posted 21 December 2012 - 06:05 AM

View PostDario Andretti, on 20 December 2012 - 08:06 AM, said:

Are we, our computers and our systems in danger because of this problem?

Only if you don't have antivirus/firewal installed.
But there are anti virus programs that only stop execution and let files pass on to your pc (Antivir)
It seems my AVG blocked everything :think: If you use Firefox i advise you to install NoScript as well.
It can be tedious giving several parts of a page acces but atleast the risk is less ;)

So should you find odd .exe files in folders on your pc that weren't there before do not click on those but let your anitvirus check it.
Even if it doesn't find anything and you are shure it shouldn't be there toss it!

Edited by MECH, 21 December 2012 - 06:07 AM.

Cheers,

Martin


#15 maddog

maddog

    Honored Member

  • Member
  • PipPipPipPipPipPipPipPipPipPipPipPip
  • 2,012 posts
  • Gender:Male

Posted 21 December 2012 - 10:36 AM

It's not one to sneeze at . . . .

Attached Files


It's a hard life, but someone has to live it!

#16 stefano

stefano

    Honored Member

  • Member
  • PipPipPipPipPipPipPipPipPipPipPipPip
  • 878 posts
  • Gender:Male
  • Location:Verona (Italy)

Posted 21 December 2012 - 11:13 AM

signaling also with safari

Attached Files



#17 M Needforspeed

M Needforspeed

    Honored Member

  • Member
  • PipPipPipPipPipPipPipPipPipPipPipPip
  • 1,672 posts
  • Gender:Male
  • Location:Toulouse France

Posted 21 December 2012 - 02:46 PM

View Postsky, on 20 December 2012 - 11:22 AM, said:

maybe i should switch to the macbook for browsing the repository ;). although there is java on the mac, too. bugger.
  Roman,,

tried on the Mac Book with Safari, and get the same warning

Edited by M Needforspeed, 21 December 2012 - 03:26 PM.


#18 sky

sky

    ultra highres junkie

  • Member
  • PipPipPipPipPipPipPipPipPipPipPipPip
  • 3,233 posts
  • Gender:Male
  • Location:Krautlandia

Posted 21 December 2012 - 02:47 PM

avg pops this up. i kept the window so it shows the full url. i didn't have any anti virus kit aside the default w7 stuff until earlier tonight...

Attached Files


Edited by sky, 21 December 2012 - 02:49 PM.


#19 Bill

Bill

    Gpl Freak

  • Administrators
  • PipPipPipPipPipPip
  • 65 posts

Posted 22 December 2012 - 02:20 PM

OK sorry guys didn't get the message till yesterday, we are clean now.
I think I have it secured now so we should not have it return anytime soon.
This fix has been working on theh main forum and so far after many attempts to hack it all have failed.
I love logs sometimes :)

IE users.
Please use a different browser in the meantime while we monitor, It will prevent a lot of grief.

#20 sky

sky

    ultra highres junkie

  • Member
  • PipPipPipPipPipPipPipPipPipPipPipPip
  • 3,233 posts
  • Gender:Male
  • Location:Krautlandia

Posted 22 December 2012 - 05:02 PM

thank you bill, good stuff keeping our playgrounds alive and kickin :) :thumbup:

#21 ginetto

ginetto

    Master Tracker

  • Administrators
  • PipPipPipPipPipPipPipPipPipPipPipPip
  • 10,717 posts
  • Gender:Male
  • Location:Lombardia ITALIA

Posted 22 December 2012 - 05:21 PM

Thanks a Lot Bill :)
I still have the alert when I access the forum but I guess is just because it was hacked before :thumbup:

Done these tracks and working on others.


#22 Lee

Lee

    Honored Member

  • Member
  • PipPipPipPipPipPipPipPipPipPipPipPip
  • 8,322 posts
  • Gender:Male

Posted 22 December 2012 - 10:50 PM

Thanks Bill for your quick work in fixing this.  It's great to be back.

#23 MECH

MECH

    Double poly killer

  • Administrators
  • PipPipPipPipPipPipPipPipPipPipPipPip
  • 4,447 posts
  • Gender:Male
  • Location:Netherlands, Almelo

Posted 23 December 2012 - 06:11 AM

Thx Bill :thumbup:

Cheers,

Martin


#24 Border Reiver

Border Reiver

    Honored Member

  • Member
  • PipPipPipPipPipPipPipPipPipPipPipPip
  • 4,652 posts
  • Gender:Male

Posted 23 December 2012 - 07:04 AM

Thanks Bill.

Rob

#25 gliebzeit

gliebzeit

    Targa Fan

  • Member
  • PipPipPipPipPipPipPipPipPipPipPipPip
  • 10,209 posts
  • Gender:Male
  • Location:Florida - USA

Posted 27 December 2012 - 06:04 PM

Yahoo!!!  The Google Chrome malware warning is finally gone!  Thank you, Bill, for all your dedication and perseverance.
Greg

... What's who's name?