techmike Posted October 30, 2009 Report Share Posted October 30, 2009 Between yesterday and tonight, someone reported this as an attack website. I had to change my security preferences in order to get here tonight. Anyone else had this issue? :confused: TM Quote Link to comment Share on other sites More sharing options...
imschur Posted October 30, 2009 Report Share Posted October 30, 2009 Dude Ive been battling this all night. Its reporting a few lines of code as malicious. Its worse then it appears. This has trickled back to almost all my sites and forums. Ive been seperating the forums from their respective sites. I have actually found nothing wrong on any actual pages which means I have to muck around in the server. Im sure this is SMF related once again as it only affected sites with these forums. This is the 3rd time this year this has happened. I knew this was coming. At my guitar site there have been alot of bogus registrations. I google each and ever new user before approving but I must have let someone bad get in. Im going to re evaluate all this and maybe host it on its own, maybe combine them all. I dunno. Im open to thoughts suggestions. Post them here or email me imschur@gmail.com Quote Link to comment Share on other sites More sharing options...
imschur Posted October 31, 2009 Report Share Posted October 31, 2009 Well Ive been at this all last night and today. Not much help to be found on the net. I have compared the code side by side with non infected sites. Its identical. I have sadly blown away two forums that I created recently and those sites are freed up. Im really struggling with the problem on this one and at my guitar site. Im feeling really beaten down. I will never again host a forum as a sub directory of a site. Crap like this takes them both down. Quote Link to comment Share on other sites More sharing options...
techmike Posted October 31, 2009 Author Report Share Posted October 31, 2009 Now this is weird. Using Firefox with identical security settings, my laptop declares tac22 an attack website. My desktop doesn't........ :confused:Clicking on a link, My laptop goes to the following:http://safebrowsing.clients.google.com/safebrowsing/diagnostic?client=Firefox&hl=en-US&site=http://tactical22.net/forum/index.phpTM Quote Link to comment Share on other sites More sharing options...
techmike Posted October 31, 2009 Author Report Share Posted October 31, 2009 And, IE on my laptop gets here just fine - some glitch with Firefox safe browsing????TM Quote Link to comment Share on other sites More sharing options...
imschur Posted October 31, 2009 Report Share Posted October 31, 2009 well my google webmaster tools account declares both this site and gearpedia.net as attack sites. Google searches will prevent users from coming here. I have a HUGE issue with them not having an "enter at your own risk" setting. The sites I cleared up are still blocking access based on search results Google has also emailed me. If only there system would tell me what the problem is and where it begins. Im real aggrevated if you cant tell. Thanks for trying stuff Quote Link to comment Share on other sites More sharing options...
Madhouse Posted October 31, 2009 Report Share Posted October 31, 2009 I had never seen this before, pretty wild. When I go through IE and just hit my favorite, it comes right here, but not if I try to get here through Google or Yahoo.Firefox does indeed report it like an attack site, I've never seen that before.That's pretty crappy. Quote Link to comment Share on other sites More sharing options...
imschur Posted October 31, 2009 Report Share Posted October 31, 2009 I have found a few website scanners.One has been running here since yesterday. So far it hasnt found anything. My host still hasnt responded to my inquiries. Maybe they are lite on support during the weekend. Being a SMF charter member I can get support from them. They took a look yesterday and replied with some generic answers that i had already tried. I do not believe there is any malicious code on the site. There is probably a javascript thats being intercepted and being redirected to a bad site which results in that other site getting a bunch of incoming links to some sports or viagra site. Quote Link to comment Share on other sites More sharing options...
imschur Posted October 31, 2009 Report Share Posted October 31, 2009 Someone needs to make a $50 website security scanner. The more i dig into this Im amazed at how much of this is going on and theres not much help for the little guy. The products I have been finding are thousands of dollars or hundreds per month. You would think a company with a lot of money who controls searches would offer something for free. The fact that they identify a problem, shut you down but dont tell you what it is or how to fix it is completely ridiculous Quote Link to comment Share on other sites More sharing options...
imschur Posted November 1, 2009 Report Share Posted November 1, 2009 I finally found the problem and Im working on it. Heres the kicker. Google has a database of exploits. The hackers use this very same database for their attacks via a custom google search...niceHeres a taste of ithttp://johnny.ihackstuff.com/ghdb/?function=summary&cat=19 Quote Link to comment Share on other sites More sharing options...
Madhouse Posted November 1, 2009 Report Share Posted November 1, 2009 Earlier today when I got on the site, Adobe Reader tried to launch, then Microsoft Essentials kicked in and said this site was trying to mine my computer and actually quarantined an Exploit item: Exploit: Win32/Pdfjsc.CG :confused: Quote Link to comment Share on other sites More sharing options...
imschur Posted November 1, 2009 Report Share Posted November 1, 2009 yup thats one of the signs Quote Link to comment Share on other sites More sharing options...
imschur Posted November 1, 2009 Report Share Posted November 1, 2009 I updated to the latest release candidate as it replaced most files Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.