|
|
|
|
|
|
Turns All Year Trip Reports
(1) Viewing these pages constitutes your acceptance of the Terms of Use.
(2) Disclaimer: the accuracy of information here is unknown, use at your own risk.
(3) Trip Report monthly boards: only actual trip report starts a new thread.
(4) Keep it civil and constructive - that is the norm here. |
|
|
|
|
Author
|
Topic: Malware Warnings on TRs (Read 1193 times)
|
Marcus
Administrator
Offline
Posts: 2243
WWW
|
A couple of folks have sent me PMs/emails about some malware warnings they're getting when viewing the site in Google Chrome. I'm not seeing the same thing in FireFox but there have been some global changes to some of the source files and I'm weeding them out now.
The malware seems to be trying to redirect folks to *.rr.nu websites.
Anyone with more experience here is free to chime in with advice. I'm replacing the edited source files with backups, but I'm not clear yet on the extent of the problem.
Sorry for any hassle. Browse cautiously, I guess.
|
|
|
|
|
Logged
|
|
|
|
mc
5Member
Offline
Posts: 27
|
morning-- i'm getting these now on IE7 at work. i know our IT group has been clamping down lately so i thought it was just part of that.
-mc
|
|
|
|
|
Logged
|
|
|
|
Marcus
Administrator
Offline
Posts: 2243
WWW
|
Okay I pulled the forum back out of maintenance mode after doing a ton of cleanup. There may be more to root out -- if anyone is still having problems, please post here or PM/email me.
Thanks.
|
|
|
|
|
Logged
|
|
|
|
Charlie Hagedorn
Member
Online
Posts: 1146
WWW
|
This page still has a script!
|
|
|
|
« Last Edit: 02/21/12, 10:42 AM by Charlie Hagedorn »
|
Logged
|
|
|
|
Marcus
Administrator
Offline
Posts: 2243
WWW
|
Thanks Charlie, tracking it down.
|
|
|
|
|
Logged
|
|
|
|
Amar Andalkar
Member
Offline
Posts: 903
WWW
|
Thanks for dealing with this quickly, Marcus. Keeping a website running smoothly is not easy in the face of malicious intruders.
I first noticed the issue just after midnight, when the TAY website tried to redirect me to a *.rr.nu website -- this was on Safari on Mac OS X. But I immediately closed the window before it had finished loading the site. However, Safari gave me no warning, and the problem did not recur on a second (tentative) visit to TAY a minute later.
Then this morning at 9am, I got the following warning message when surfing from Chrome on Mac OS X, but Safari was still not warning me.
A few minutes later, you had the forum in maintenance mode, and then by 9:45am, Chrome was no longer giving the warning, and still isn't.
And yes, using the Developer tools in Safari, I can still see a php script from tomoti62veform.rr.nu too.
|
|
|
|
|
Logged
|
|
|
|
Charlie Hagedorn
Member
Online
Posts: 1146
WWW
|
Chrome is only getting hits on a small fraction of the URLs. I'm not sure how the Google Safe Browsing servers decide that a site is a source for malware, but they surely have some latency.
Hope this isn't hitting your day job hard, Marcus! Any TAYers with some modern site admin experience may be of considerable help with rooting out the trouble....
|
|
|
|
|
Logged
|
|
|
|
Marcus
Administrator
Offline
Posts: 2243
WWW
|
Good info, thanks -- I'm still trying to root out the pieces. Hopefully I can get it all cleaned out. I'm getting some help from TAY folks via email, thank you very much!
|
|
|
|
|
Logged
|
|
|
|
Marcus
Administrator
Offline
Posts: 2243
WWW
|
Huge help from JF, TAY lurker extraordinaire -- I think we've cleaned out most of the malware for now, but we'll keep an eye on it to see if it resurfaces.
|
|
|
|
|
Logged
|
|
|
|
mc
5Member
Offline
Posts: 27
|
thanks for jumping on that so quick. pretty soon after my initial post it was cleared up on IE7...
|
|
|
|
|
Logged
|
|
|
|
Amar Andalkar
Member
Offline
Posts: 903
WWW
|
It looks like the TAY clock-error problem has also been fixed -- the displayed time on each page had been over 8 minutes fast recently, but is now correct.
Did you do something to fix it while dealing with the malware? Or did it just fix itself?
|
|
|
|
|
Logged
|
|
|
|
Marcus
Administrator
Offline
Posts: 2243
WWW
|
I noticed the clock corrected itself when I replaced one of the first php files that was infected -- I had thought that clock was server-side and I had no way to change it. Still not sure if I do, but something fixed it.  I knew that would make you happy Amar!
TAY's hosting service was hacked and lost a bunch of SSH login/password info a few weeks ago. They were pretty quick to force password resets, but I'm guessing that short window was when somebody got onto the TAY server and put this trojan in. Seems plausible.
|
|
|
|
|
Logged
|
|
|
|
JibberD
Member
Offline
Posts: 537
|
About 30 minutes ago I was redirected to another site while choosing TAY from my favorites.
The site looked like youtube and included a message saying my machine needed to be scanned. Also wouldn't allow me to close the page. Used Task Mgr. to end ie process.
Anyone else seen this?
|
|
|
|
|
Logged
|
-Doug O
|
|
|
CMSkier
Member
Offline
Posts: 214
WWW
|
About 30 minutes ago I was redirected to another site while choosing TAY from my favorites.
Anyone else seen this?
Same issue about the same time. Tried again and it went to admin login screen.
Ken
|
|
|
|
|
Logged
|
Kkz
|
|
|
Marcus
Administrator
Offline
Posts: 2243
WWW
|
Yeah, had a recurrence there while trying to sort out some database problems. I'm hoping we're in the clear now. I'm going to stop touching stuff for a little while.
|
|
|
|
|
Logged
|
|
|
|
flowing alpy
Member
Offline
Posts: 224
|
Same issue about the same time. Tried again and it went to admin login screen.
Ken
same here and was a nsfw site
|
|
|
|
|
Logged
|
|
|
|
Marcus
Administrator
Offline
Posts: 2243
WWW
|
I'm assuming no one's getting this anymore though, right? Please let me know if you are.
|
|
|
|
|
Logged
|
|
|
|
JibberD
Member
Offline
Posts: 537
|
I'm assuming no one's getting this anymore though, right? Please let me know if you are.
Just logged on. No issue to report.
|
|
|
|
|
Logged
|
-Doug O
|
|
|
Griff
Member
Offline
Posts: 178
|
I was re-directed to a quasi porn site either yesterday or the day before. Quickly shut down my machine as it froze. No problems since then, specifically today.
|
|
|
|
|
Logged
|
|
|
|
|
Thank you to our sponsors!
|
Contact turns-all-year.com
Turns All Year Trip Reports ©2001-2010 Turns All Year LLC. All Rights Reserved
The opinions expressed in posts are those of the poster and do not necessarily
reflect the opinions of Trip Reports administrators or Turns All Year LLC
|
Turns All Year Trip Reports | Powered by SMF 1.0.6.
© 2001-2005, Lewis Media. All Rights Reserved.
|
|
