Jump to content


Photo

Malware Warnings


  • Please log in to reply
30 replies to this topic

#21 DanTrentfield

DanTrentfield

    Baryon

  • Senior Members
  • 122 posts
  • LocationCydonia, Mars

Posted 11 January 2017 - 03:13 PM

Ah. Well then. I just got redirected from the post Magentic Pole Reversal imminent in Speculations to a malicious website, I was not able to grab the URL of said website regrettably but I recommend that the moderators/webmaster of SFN check this out. Here is the URL to the post which I was redirected from. http://www.sciencefo...ersal-imminent/ I do not know if that result can be replicated, but this an anomaly because though I have seen a few rare ads on SFN my mouse was nowhere one. I checked my extensions and even the javascript console but have found nothing. Please investigate this matter, because I believe that either:

A: The page contains an embedded malicious redirect, 

B: Someone is attempting to redirect traffic going to that page specifically or possibly SFN as a whole to a malicious website

C: There is a breach of the firewall or security system of the SFN servers which is allowing these malicious redirects to control a limited amount of traffic (Unlikely but a distinct possibility.)


  • 0

#22 Dave

Dave

    boing

  • Administrators
  • 5,086 posts

Posted 11 January 2017 - 06:32 PM

Hi Dan, thanks for getting in touch - we had spotted this a few weeks ago, but the template cache did not get rebuilt so it has been lingering on a few pages. I have now rebuilt the caches and removed the offending code. It seems that there is some unknown attack vector, we believe inside IP.Board 3, that is allowing this to reoccur, since there are no other server infarctions and no out-of-place or different files from the original IPB installation. We're scheduling an update to IPS4 which should hopefully permanently eliminate this issue, but the update affects quite a bit of the site, so we have to do a little planning first.


  • 3
Dave
SFN Administrator

Blog and photoblog | Get on IRC! | #sfn statistics

#23 DanTrentfield

DanTrentfield

    Baryon

  • Senior Members
  • 122 posts
  • LocationCydonia, Mars

Posted 12 January 2017 - 04:48 AM

Hi Dan, thanks for getting in touch - we had spotted this a few weeks ago, but the template cache did not get rebuilt so it has been lingering on a few pages. I have now rebuilt the caches and removed the offending code. It seems that there is some unknown attack vector, we believe inside IP.Board 3, that is allowing this to reoccur, since there are no other server infarctions and no out-of-place or different files from the original IPB installation. We're scheduling an update to IPS4 which should hopefully permanently eliminate this issue, but the update affects quite a bit of the site, so we have to do a little planning first.

Thank you. I had told Swansont and he notified Capn' Refsmm but if you've already fixed it then I believe I owe them an apology and you a thank you.


  • 0

#24 StringJunky

StringJunky

    Genius

  • Senior Members
  • 6,263 posts
  • LocationUK

Posted 12 January 2017 - 05:32 AM

I had an attack when admin dealt with it last but I knew what was happening and shut the browser down through Task Manager. If that hadn't worked I'd have done the nuclear option and held the power button down to do a hard shutdown. It was acting under the guise of a warning from MS Essentials which is no more.


Edited by StringJunky, 12 January 2017 - 05:34 AM.

  • 0

 Education, like life, is a journey not a destination


#25 DanTrentfield

DanTrentfield

    Baryon

  • Senior Members
  • 122 posts
  • LocationCydonia, Mars

Posted 12 January 2017 - 03:45 PM

I had an attack when admin dealt with it last but I knew what was happening and shut the browser down through Task Manager. If that hadn't worked I'd have done the nuclear option and held the power button down to do a hard shutdown. It was acting under the guise of a warning from MS Essentials which is no more.

Mine was a .biz website..... with all sorts of gritty ads all over the place  :wacko:

It was advertising well among that my computer had a bunch of viruses (Which it did not, thanks to AVG) some very..... interesting photos. I'm just hoping that whatever happens I don't get put on the NSA child predator watchlist because of that stupid redirect..... I hate the promiscuous minds of many of the internet's denizens.... cause frankly really..... that's just disgusting..... 


  • 0

#26 Mordred

Mordred

    Resident Expert

  • Resident Experts
  • 4,451 posts

Posted 13 January 2017 - 02:01 AM

did sonething happen to the mobile version I can't find the mobile switch on bottom left ? edit never mind found the problem

Edited by Mordred, 13 January 2017 - 02:45 AM.

  • 0
http://www.einsteins.../LightCone.html
http://cosmology101.wikidot.com/main
http://cosmocalc.wikidot.com/start
If you wish to change the rules, you must first understand the rules.

#27 MonDie

MonDie

    Formerly "Mondays Assignment: Die"

  • Senior Members
  • 1,692 posts

Posted 14 January 2017 - 06:45 PM

Incidentally, I was just viewing this thread within the last 30 minutes.  Afterwater, I entered the URL for scienceforums.net, and I saw the scienceforums front page before being redirected to this:

 

 

It literally happened 40 seconds ago.

 

edit:  I am on public wifi, so it might not even be your site.

 

edit: I was not logged in.


Edited by MonDie, 14 January 2017 - 07:04 PM.

  • 0

Occam's razor says that a simpler explanation is preferable to a complicated one, but I have not seen a formulation that says the simple explanation is usually correct.


#28 DanTrentfield

DanTrentfield

    Baryon

  • Senior Members
  • 122 posts
  • LocationCydonia, Mars

Posted 20 January 2017 - 01:15 AM

Incidentally, I was just viewing this thread within the last 30 minutes.  Afterwater, I entered the URL for scienceforums.net, and I saw the scienceforums front page before being redirected to this:

 

 

It literally happened 40 seconds ago.

 

edit:  I am on public wifi, so it might not even be your site.

 

edit: I was not logged in.

Anyone up for going and asking Dave nicely to IPS4 a little early? And or finding out where these redirects are coming from via IP tracing? 


  • 0

#29 Dave

Dave

    boing

  • Administrators
  • 5,086 posts

Posted 21 January 2017 - 09:23 PM

We'll schedule the IPS4 upgrade before the end of the month - our test install ran pretty well, so we can go ahead once we get a free block of time. In terms of the problem above, I am not convinced it's us that caused the redirect. The offending code is not currently present, as far as we can tell, so I would be more inclined to think it was the public wifi.


  • 0
Dave
SFN Administrator

Blog and photoblog | Get on IRC! | #sfn statistics

#30 MonDie

MonDie

    Formerly "Mondays Assignment: Die"

  • Senior Members
  • 1,692 posts

Posted 23 January 2017 - 05:39 PM

I don't think this site is dangerous, but anyone with concerns should know about Ubuntu Live.  Ubuntu and other Debian/Linux-based operating systems will run off a flashdrive, preferably USB 3.0 for speed.  It should be quite easy since putting it onto the flashdrive is actually the first step to installing it.  When booted from the flashdrive the operating system is read-only (unless you make it "persistent"), so no security threats should persist on the system unless they infect the flashdrive's firmware (highly unlikely).  In fact you don't even need a working harddrive, and the only reason to use an adblocker would be to compensate for low bandwidth on a slow connection.  If you can get Lubuntu on a falshdrive, it is designed to run on old computers with out-of-date hardware and limited RAM, which could make your primary system even more untouchable.

 

P.S. Installing programs is a little more complicated in Live since you need to edit the sources file.


Edited by MonDie, 23 January 2017 - 05:47 PM.

  • 0

Occam's razor says that a simpler explanation is preferable to a complicated one, but I have not seen a formulation that says the simple explanation is usually correct.


#31 DanTrentfield

DanTrentfield

    Baryon

  • Senior Members
  • 122 posts
  • LocationCydonia, Mars

Posted 26 January 2017 - 07:18 PM

We'll schedule the IPS4 upgrade before the end of the month - our test install ran pretty well, so we can go ahead once we get a free block of time. In terms of the problem above, I am not convinced it's us that caused the redirect. The offending code is not currently present, as far as we can tell, so I would be more inclined to think it was the public wifi.

Thanks Dave  :-)


  • 0




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users