Jump to content


Photo

Malware Warnings


  • Please log in to reply
29 replies to this topic

#1 Dave

Dave

    boing

  • Administrators
  • 5,086 posts

Posted 14 September 2014 - 07:48 PM

Dear all,

 

We received notification from Google a few hours ago that some malware had been injected into some of our forum pages, leading to a warning being displayed whenever SFN is listed in Google search results.

 

Both myself and Capn have investigated this issue and have found no evidence of this so far -- it may be the result of an IP.Board vulnerability that we have just patched. Additionally, we have checked servers and done our best to ensure the site is safe.

 

The issue has been bounced back to Google, and hopefully this should be resolved within the next few hours or days. I will post again once we have received an update.


  • 0
Dave
SFN Administrator

Blog and photoblog | Get on IRC! | #sfn statistics

#2 studiot

studiot

    Genius

  • Senior Members
  • 6,175 posts
  • LocationSomerset, England

Posted 14 September 2014 - 10:08 PM

Let me have an allegedly infected page link (by pm if you like) for test.

 

 

My sensors have not tingled about any thread I have looked at except the one I reported recently as spam.

 

Edit nothing detected upon leaving this thread, but immediately upon leaving this thread (85514) the following detected.

infect1.jpg

 


Edited by studiot, 14 September 2014 - 10:16 PM.

  • 0

#3 Cap'n Refsmmat

Cap'n Refsmmat

    Mr. Wizard

  • Administrators
  • 11,756 posts
  • LocationTexas

Posted 14 September 2014 - 10:39 PM

Hmm, interesting. When you say "leaving the thread", which page did you go to?
  • 0

Cap'n Refsmmat
SFN Administrator


#4 studiot

studiot

    Genius

  • Senior Members
  • 6,175 posts
  • LocationSomerset, England

Posted 14 September 2014 - 10:52 PM

I clicked on the "View New topic" option to go to the next thread.

 

That worked OK, but as the list came up so did the warning.

 

I have tried it again a couple of times but see no warning now. I don't think I will get the warning if the site is now blocked though.

 

As I said any help I can give is all yours.


  • 0

#5 Dave

Dave

    boing

  • Administrators
  • 5,086 posts

Posted 15 September 2014 - 12:23 AM

Thanks studiot for the update. After a bit more searching we did identify the problem and have rectified it. Let us know if you see it again. Hopefully this should be sorted in the next few hours from the standpoint of Google and Safari/Firefox warnings. 


  • 1
Dave
SFN Administrator

Blog and photoblog | Get on IRC! | #sfn statistics

#6 Sato

Sato

    detainer

  • Detainer
  • 262 posts
  • LocationNew York

Posted 15 September 2014 - 12:53 AM

It is 8:49 PM EST and I chose to ignore Firefox's warning against visiting this page. This thread was posted ~6 hours ago and so I hope you have definitively removed the threat/malware from the site. Can you verify this?

 

What was the problem?


  • 0

"I have never let my schooling interfere with my education."
Grant Allen

 

The above quotation is almost true for me.


#7 Dave

Dave

    boing

  • Administrators
  • 5,086 posts

Posted 15 September 2014 - 01:07 AM

As far as we can tell, the problem has been fixed. It was a little hard to trace since it only appeared infrequently (roughly every 2 in 70 or so page requests according to Google). I will post a further update later as to the probable cause, but want to discuss the matter with the forum developers first.

 

In the meantime we will keep a very close eye on the situation and await a review from Google.


  • 0
Dave
SFN Administrator

Blog and photoblog | Get on IRC! | #sfn statistics

#8 studiot

studiot

    Genius

  • Senior Members
  • 6,175 posts
  • LocationSomerset, England

Posted 15 September 2014 - 07:26 AM

Having accessed SF in my normal manner this morning I have not seen any more issues.

 

It is most unusual for me to access SF via Google so I cannot comment on this route.

 

Clearly a recommendation for my antivirus.

 

Dave/Capt

Later on this morning I will try out the forum using an unprotected version of Windows (I can do this easily) and report.

 

Cheers


  • 0

#9 sunshaker

sunshaker

    Molecule

  • Senior Members
  • 527 posts

Posted 15 September 2014 - 10:25 AM

I am using google chrome, Still getting warnings, cannot enter any topic without warning,

It is 11.20am uk.

Tried to post with my tor browser but needed secure key.

 

Details I am still getting. Should I change any google settings?

Safe Browsing Diagnostic page for scienceforums.net/topic

What is the current listing status for scienceforums.net/topic?

Site is listed as suspicious - visiting this web site may harm your computer.

Part of this site was listed for suspicious activity 3 time(s) over the past 90 days.

What happened when Google visited this site?

Of the 76 pages we tested on the site over the past 90 days, 3 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2014-09-14, and the last time suspicious content was found on this site was on 2014-09-14.

Malicious software includes 3 exploit(s). Successful infection resulted in an average of 13 new process(es) on the target machine.

Malicious software is hosted on 1 domain(s), including yquerry.in.ua/.

1 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, includingmaskinnik.com/.

This site was hosted on 1 network(s) including AS42831 (UKSERVERS-AS).

Has this site acted as an intermediary resulting in further distribution of malware?

Over the past 90 days, scienceforums.net/topic did not appear to function as an intermediary for the infection of any sites.

Has this site hosted malware?

No, this site has not hosted malicious software over the past 90 days.

How did this happen?

In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.

Next steps:

Updated 8 hours ago
 
 

© Google - Google Home

 


  • 0

The major disadvantage of falsifiability is that it is very strict in its definitions and does not take into account that many sciences are observational and descriptive.


#10 studiot

studiot

    Genius

  • Senior Members
  • 6,175 posts
  • LocationSomerset, England

Posted 15 September 2014 - 11:36 AM

I see Google also identified maskinnik dot Kom. domain.


  • 0

#11 ydoaPs

ydoaPs

    The Oncoming Storm

  • Moderators
  • 10,497 posts
  • LocationLocal Group

Posted 15 September 2014 - 12:52 PM

Dear all,

 

We received notification from Google a few hours ago that some malware had been injected into some of our forum pages, leading to a warning being displayed whenever SFN is listed in Google search results.

 

Both myself and Capn have investigated this issue and have found no evidence of this so far -- it may be the result of an IP.Board vulnerability that we have just patched. Additionally, we have checked servers and done our best to ensure the site is safe.

 

The issue has been bounced back to Google, and hopefully this should be resolved within the next few hours or days. I will post again once we have received an update.

 

I commented on a report yesterday or so that going to the thread from a certain report gave me a malware warning on my phone.


  • 0
"Our integrity sells for so little, but it is all we really have. It is the very last inch of us. But within that inch we are free."-Valerie(V for Vendetta)

"For small creatures such as we the vastness is bearable only through love and whiskey."-Carl Sagan[revised]
 
"The universe is under no obligation to us not to be absurd."

#12 Cap'n Refsmmat

Cap'n Refsmmat

    Mr. Wizard

  • Administrators
  • 11,756 posts
  • LocationTexas

Posted 16 September 2014 - 12:51 AM

Google now confirms that we're clean, so you should no longer get any warnings. Many thanks to Dave for helping track down the cause. We were able to eradicate the malicious code fairly easily. We just need to be sure it doesn't return.
  • 0

Cap'n Refsmmat
SFN Administrator


#13 MonDie

MonDie

    Formerly "Mondays Assignment: Die"

  • Senior Members
  • 1,609 posts

Posted 6 October 2014 - 01:13 PM

I got the warning when I tried to visit this page without logging in on September 14.

http://www.sciencefo...mental-designs/

 

I'm awfully paranoid since yesterday I was responding to my autism-nonconformity thread on another forum it would be against the rules to advertise when my pointer began to move up and down the length of the screen erratically until I cleared my history and closed my browser.  I should probably report it to them.


Edited by Phi for All, 6 October 2014 - 01:33 PM.
removed irrelevant offsite link

  • 0

#14 TJ McCaustland

TJ McCaustland

    Atom

  • Senior Members
  • 200 posts
  • LocationIn orbit around Alpha Centauri

Posted 14 October 2014 - 04:09 PM

Hrmmmm...... Good thing I have a chromebook, It can't download stuff so I can view any page with no risk LOL


  • 0

You thought your life was bad, just look into the mirror and think just how well off you are compared to an electron......


#15 MonDie

MonDie

    Formerly "Mondays Assignment: Die"

  • Senior Members
  • 1,609 posts

Posted 6 May 2015 - 11:17 PM

Hrmmmm...... Good thing I have a chromebook, It can't download stuff so I can view any page with no risk LOL

 

Hmm.  I'd say anything with a connection and writable media is vulnerable.  They'll find a way, and the self-assured ones will be the first to get hit.


That stuff stored in the cloud still has to execute on the computer.  Plus you technically can't view a webpage without "downloading" it.


  • 0

#16 TJ McCaustland

TJ McCaustland

    Atom

  • Senior Members
  • 200 posts
  • LocationIn orbit around Alpha Centauri

Posted 30 June 2015 - 06:15 PM

 

Hmm.  I'd say anything with a connection and writable media is vulnerable.  They'll find a way, and the self-assured ones will be the first to get hit.


That stuff stored in the cloud still has to execute on the computer.  Plus you technically can't view a webpage without "downloading" it.

Dangit, You're right.


  • 0

You thought your life was bad, just look into the mirror and think just how well off you are compared to an electron......


#17 fiveworlds

fiveworlds

    Organism

  • Senior Members
  • 1,470 posts
  • LocationSomewhere on the internet

Posted 30 June 2015 - 06:23 PM

Plus you technically can't view a webpage without "downloading" it.

 

And the content of the webpage such as videos,images and music


  • 0

#18 TJ McCaustland

TJ McCaustland

    Atom

  • Senior Members
  • 200 posts
  • LocationIn orbit around Alpha Centauri

Posted 30 June 2015 - 06:25 PM

And the content of the webpage such as videos,images and music

Hey man, Haven't seen you around for ages, and yeah the way computers work is very frustrating. (To keep it on subject :D )


Edited by TJ McCaustland, 30 June 2015 - 06:26 PM.

  • 0

You thought your life was bad, just look into the mirror and think just how well off you are compared to an electron......


#19 MonDie

MonDie

    Formerly "Mondays Assignment: Die"

  • Senior Members
  • 1,609 posts

Posted 2 July 2015 - 03:41 PM

Tell me about it. I was getting really mean recommendations while listening to music on YouTube, with it culminating when I got a Chic-Fil-A ad every time I visited the YouTube home page on, I believe it was April 1st. It finally occurred to me that somebody operating a YouTube server's firewall could have been doing this, and that they may have done it to any number of IP addresses reaching out to that server. ... Or it could have been a peculiar fluke. Who knows. I've uncovered little in the way of evidence of intrusion, although I intend to write code for a keylogger to use with a special flashdrive I still have lying around. Who knows.
  • 0

#20 sunshaker

sunshaker

    Molecule

  • Senior Members
  • 527 posts

Posted 3 July 2015 - 07:49 PM

this last week my anti virus as gone mad on this site, I just clicked on http://www.sciencefo...-hacking-works/

 

and my anti virus went of infection JS:LOIC-B[Trj] 

googled this infection from what I can make out it is used by Hackers, strange that this is the topic it went off on.

 

http://www.satinfo.e...og/tag/js-loic/

http://www.satinfo.e...es-ddos/page/2/

 

now my software will not even open a page to above thread on hacking.

 

it may be nothing but I thought I would share.


  • 0

The major disadvantage of falsifiability is that it is very strict in its definitions and does not take into account that many sciences are observational and descriptive.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users