PDA

View Full Version : Reported Attack Site?



garvolt2002
06-22-2010, 07:25 AM
Diagnostic page for alchemyforums.com

What is the current listing status for alchemyforums.com?

Site is listed as suspicious - visiting this website may harm your computer.

Part of this site was listed for suspicious activity 1 time(s) over the past 90 days.

What happened when Google visited this site?

Of the 4 pages that we tested on the site over the past 90 days, 4 page(s) resulted in malicious software being downloaded and installed without user consent. The last time that Google visited this site was on 2010-06-21, and the last time that suspicious content was found on this site was on 2010-06-21.

Malicious software is hosted on 1 domain(s), including gcounter.cn/.

This site was hosted on 1 network(s) including AS3595 (GNAXNET).

Has this site acted as an intermediary resulting in further distribution of malware?

Over the past 90 days, alchemyforums.com did not appear to function as an intermediary for the infection of any sites.

Has this site hosted malware?

No, this site has not hosted malicious software over the past 90 days.

How did this happen?

In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.

Seth-Ra
06-22-2010, 07:51 PM
I've been seeing this also, but it doesn't show up on my iPod touch, just when I use my MacBook, or any non-mobile device.


Weird...

[edit] - I just realized this needs to be moved to site related, not spagrics. ;)

Ozymandias
06-23-2010, 04:53 AM
I wanted make whomever is responsible for maintaining this website aware that firefox has designated this site a Reported Attack Site. This means that they have detected malicious software activity within the past 90 days. I am an avid lurker here and would hate to see the site damaged because of this in any way.

--Oz.

True Initiate
06-24-2010, 06:14 AM
Yep it's true.
I got the same message all the time.

garvolt2002
06-24-2010, 07:18 AM
Can the owner of this site please inform us what is going on.

Salazius
06-24-2010, 11:57 AM
yes google say 'this website can harm your computer' :(

Andro
06-24-2010, 12:01 PM
Relayed message from deviadah, received by email:

Hi,

I don't know what has happened. Very weird. Maybe some hacker looser with nothing better to do.

I heard the forums works fine on iPhone.

Problem is since this started and till 5 of july I won't be able to do much since I am traveling. I have tried to post this info but can't...

Please spread this info.

When I get back I will do all I can to sort out this problem.

I guess till then we all have to take a little holiday from the forums :)

It could not have happened at a worse timing for me.

Sorry for the troubles to everyone.

deviadah

True Initiate
06-24-2010, 06:33 PM
I think some hater had reported it to Google.
Hmmm i guess who that may be...

horticult
06-25-2010, 01:23 AM
Its fishy but that impotent bastard is too small fish 2 do that.
/I did not notice any problem so far/
I would suspect other reason.

vega33
06-25-2010, 08:43 PM
I suspect its just your standard spammers/russian mafioso/compromised machines/chinese script kiddies running automated sql injection tools like absinthe, etc. The Chinese address for the attack site kind of gives that away especially with the common, fake name on the whois info, and false rego on behalf of a real business. The nameservers pointing to oilhost who have hosted malware (unknowingly?) in the past also kind of gives it away.

I used to have to deal with script kiddies like that all the time, blocking their IP only does so much, dealing with the source of the problem (an out of date version of vBulletin), or even hand patching, is the best solution.

Aleilius
06-25-2010, 11:33 PM
I suspect its just your standard spammers/russian mafioso/compromised machines/chinese script kiddies running automated sql injection tools like absinthe, etc. The Chinese address for the attack site kind of gives that away especially with the common, fake name on the whois info, and false rego on behalf of a real business. The nameservers pointing to oilhost who have hosted malware (unknowingly?) in the past also kind of gives it away.

I used to have to deal with script kiddies like that all the time, blocking their IP only does so much, dealing with the source of the problem (an out of date version of vBulletin), or even hand patching, is the best solution.
Hi yes, it seems that this issue is due to some kind of script injection. Most likely because a security hole exists in this version of vBulletin.

I could fix it if I had a chance. They're injecting an iFrame.

Andro
06-26-2010, 05:46 PM
Just to clarify things, the above post was received via email from the forum owner/administrator.

It appears that the issue is not likely to be adressed before the 5th of July.

solomon levi
06-30-2010, 05:42 PM
For those with Firefox, if you go to "tools" and then "options" and then
unclick "block reported attack sites", you may then post messages - I just figured out.

Andro
06-30-2010, 07:49 PM
Still, today when I opened the main forum page, something opened my Java Hut and tried to run some Active X stuff.
Of course I declined. This did not happen with other sites.

May have been just a coincidence, though - but nevertheless, it may be worth checking.

:confused:

Albion
07-02-2010, 01:09 AM
Norton 360 tells me that on a number of the occasions
(when I went to the alchemyforum site)
there was a "medium" threat, stating:

"Unauthorized access blocked (open process token)"

but twice the threat level was "high" and read:

"An intrusion attempt by 91.202.147.14 was blocked"

and

"Unconfirmed 52763. download (packed generic.279) detected by virus scanner"

This may have been the time I was on the alchemy forum homepage
and a small, official looking, pop up told me my browser was slow and
that I could upgrade it by clicking on the panel [which, of course, I didn't].

Andro
07-02-2010, 05:53 AM
I was on the alchemy forum homepage and a small, official looking, pop up told me my browser was slow and that I could upgrade it by clicking on the panel [which, of course, I didn't].

The exact same thing happened to me, a prompt saying my browser was "old" and I have to click and upgrade.

I would't even upgrade if it was genuine Microsoft, let alone bogus upgrades :eek: