Malicious Script - Be Careful - Page 3 - SailNet Community
Reply
 
LinkBack Thread Tools
post #21 of 27 Old 04-12-2010
Senior Member
 
hellosailor's Avatar
 
Join Date: Apr 2006
Posts: 11,347
Thanks: 5
Thanked 129 Times in 126 Posts
Rep Power: 11
   
tager-
Every time I've checked, CERT and SANS and all the other top-level names say that UNIX systems are attacked on an equal basis with Windows. "However, linux does get less " You may get less of one thing or another, but every time you conect to the internet, there are folks scanning the DSL IP pools, the cable IP pools, and even the dial-up IP address pools, looking for machine to hack into. Wrong OS for that hacker? No problem, they'll sell you IP address to someone who can use it and work with your OS. This is big business, probably on a par with sex slavery and drugs. The script kiddie next door is the least of the problems.

Of course a lot of the problems can be stopped if the neophyte in front of the computer just read up and engaged security options. That means no Adobe Flash Player (a security risk conveniently packaged with entertainment options), no active script technologies, and a whole batch of "NO!" options engaged in most browers. And nuisances like UAE enabled in Vista and Win7 systems.

Or there's the easier solution: Get hacked, run a zombie, and get shut down by your ISP. Some folks are screaming bloody murder about that--but I'd just as soon see those folks simply banned from the internet for a year or two. That might get their attention and stop their "reckless driving" habits.
hellosailor is offline  
Quote Quick Reply Share with Facebook
Sponsored Links
Advertisement
 
post #22 of 27 Old 04-12-2010
Last Man Standing
 
smackdaddy's Avatar
 
Join Date: Aug 2008
Posts: 14,169
Thanks: 137
Thanked 125 Times in 118 Posts
Rep Power: 9
     
Quote:
Originally Posted by johnnyandjebus View Post
Hello all

I am currently running google chrome for my browser, and it came up with the following msg when I tried to visit sailnet. Any reason to be concerned?

Just got the same warning screen in Chrome after hitting "New Posts". Here's the offending site:

rek.twilightparadox.com

Same as the one in the pic above.


To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.


To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

S/V Dawn Treader - 1989 Hunter Legend 40
smackdaddy is online now  
Quote Quick Reply Share with Facebook
post #23 of 27 Old 04-13-2010
Moderator
 
JohnRPollard's Avatar
 
Join Date: Mar 2007
Location: Chesapeake
Posts: 5,680
Thanks: 0
Thanked 3 Times in 3 Posts
Rep Power: 10
     
Quote:
Originally Posted by smackdaddy View Post
Just got the same warning screen in Chrome after hitting "New Posts". Here's the offending site:

rek.twilightparadox.com

Same as the one in the pic above.
I've now had that same warning window pop up several times on Safari.

Folks, I have sent an urgent note to Admin to take a look at this. Hopefully we'll here back soon. Apologies.


To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

Pacific Seacraft Crealock 31 #62

NEVER CALLS CRUISINGDAD BACK....CAN"T TAKE THE ACCENT
JohnRPollard is offline  
Quote Quick Reply Share with Facebook
post #24 of 27 Old 04-13-2010
Banned
 
Join Date: Mar 2010
Posts: 394
Thanks: 0
Thanked 0 Times in 0 Posts
Rep Power: 0
 
Quote:
Originally Posted by JohnRPollard View Post
I've now had that same warning window pop up several times on Safari.

Folks, I have sent an urgent note to Admin to take a look at this. Hopefully we'll here back soon. Apologies.
Just got this message for the first time. It appears to be very intermittent. In refreshing the same page/thread, the warning disappeared. The bad script is not called directly by the page, but appears to be getting pulled in through another script that the page pulls in. I did not get a chance to isolate what script is pulling in the bad one, but my first guess (just a guess) would be some ad unit that runs periodically. Second guess would be the damn visistat code, and they have an infection in a single server within their cluster. Third guess, you have one server in a cluster which is infected in your own environment.
SW329xl is offline  
Quote Quick Reply Share with Facebook
post #25 of 27 Old 04-13-2010
Administrator
 
administrator's Avatar
 
Join Date: Jan 2000
Location: maryland
Posts: 1,887
Thanks: 3
Thanked 18 Times in 10 Posts
Rep Power: 10
 
there are only two servers in our cluster. both are scanned daily for any viruses and are clean. The problem occurs from scumbags posting messages with nasty links.

I will tighten up the registration process over the nest few days to check a database of known spammers before they're allowed to register.

this should correct the situation and at the same time we'll remove the visitat code to see if that helps at all.
administrator is offline  
Quote Quick Reply Share with Facebook
post #26 of 27 Old 04-13-2010
Moderator
 
JohnRPollard's Avatar
 
Join Date: Mar 2007
Location: Chesapeake
Posts: 5,680
Thanks: 0
Thanked 3 Times in 3 Posts
Rep Power: 10
     
Thanks, Admin!!


To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

Pacific Seacraft Crealock 31 #62

NEVER CALLS CRUISINGDAD BACK....CAN"T TAKE THE ACCENT
JohnRPollard is offline  
Quote Quick Reply Share with Facebook
post #27 of 27 Old 04-14-2010
Banned
 
Join Date: Mar 2010
Posts: 394
Thanks: 0
Thanked 0 Times in 0 Posts
Rep Power: 0
 
Quote:
Originally Posted by administrator View Post
there are only two servers in our cluster. both are scanned daily for any viruses and are clean. The problem occurs from scumbags posting messages with nasty links.

I will tighten up the registration process over the nest few days to check a database of known spammers before they're allowed to register.

this should correct the situation and at the same time we'll remove the visitat code to see if that helps at all.
Cool. You might want to look at using Akismet or Mollom to filter postings as well. They are incredibly effective at stopping spam and malware from getting into the system. It looks like there is an existing plug in for Akismet. I know there have been requests for a Mollom plugin (my personal preference), however I don't think one exists yet.

Akismet Anti-Spam - vBulletin.org Forum

When I viewed the same page twice, I would get malware warnings only some of the time. In the past that has pointed to something that rotates naturally such as ads or servers in the cluster, however it could certainly be just the nature of the malware in this case as well.

In any case, thanks for the work cleaning it up and locking the bad guys out. Fighting this stuff is always a pita and rarely recognized.
SW329xl is offline  
Quote Quick Reply Share with Facebook
Reply

Quick Reply
Message:
Options

Register Now



In order to be able to post messages on the SailNet Community forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.
Please note: After entering 3 characters a list of Usernames already in use will appear and the list will disappear once a valid Username is entered.


User Name:
Password
Please enter a password for your user account. Note that passwords are case-sensitive.

Password:


Confirm Password:
Email Address
Please enter a valid email address for yourself.

Email Address:
OR

Log-in









Human Verification

In order to verify that you are a human and not a spam bot, please enter the answer into the following box below based on the instructions contained in the graphic.




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Show Printable Version Show Printable Version
Email this Page Email this Page



Posting Rules  
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On
Trackbacks are On
Pingbacks are On
Refbacks are On

 
For the best viewing experience please update your browser to Google Chrome