Amiga.org
Amiga computer related discussion => General chat about Amiga topics => Topic started by: Managarm on July 10, 2010, 12:22:50 AM
-
Hi All,
On my Windows XP machine my AV, Avira Anti-Virus 10.0.0.567 has just started complaining when I visit this site. Is this a false positive? (I'm assuming it is.) The infected file details are very vague and I can't find a proper description online of the type of infection.
Any ideas anyone? I've attached a couple of sreenshots.
Thanks,
Robin.
-
Same here with Avira and Win 7.
-
I also receved this warning from Avira.
-
Just chill, it's nothing to be worried about :)
-
My site scanner isn't complaining. (not running Win7 though)
Plaz
-
Just chill, it's nothing to be worried about :)
I'm not so sure. Amiga.org had been infected with the "brutal dildo" thing for an unknown period of time. They just fixed that a day or two ago.
Maybe this is related?
-
I'm not so sure. Amiga.org had been infected with the "brutal dildo" thing for an unknown period of time. They just fixed that a day or two ago.
Maybe this is related?
Quick look through the source code and no "brutal dildo" stuff.
This however is the first line of the html code:
http://stolenvessels.com/images/7rt8/index.php
??
-
Hi All,
On my Windows XP machine my AV, Avira Anti-Virus 10.0.0.567 has just started complaining when I visit this site. Is this a false positive? (I'm assuming it is.) The infected file details are very vague and I can't find a proper description online of the type of infection.
Any ideas anyone? I've attached a couple of sreenshots.
Thanks,
Robin.
If you Browse with Amiga.. No Virus Problem!!.. :afro:
-
Yeah, got it on my Win7 and avira combo, too. I'm guessing it's more than likely just a false positive.
-
Quick look through the source code and no "brutal dildo" stuff.
Haha.. There was something about Iphone mobile porn and ex girlfriends too.
Has no virus warning here then.
-
Hi All,
On my Windows XP machine my AV, Avira Anti-Virus 10.0.0.567 has just started complaining when I visit this site. Is this a false positive? (I'm assuming it is.) The infected file details are very vague and I can't find a proper description online of the type of infection.
Any ideas anyone? I've attached a couple of sreenshots.
Thanks,
Robin.
I am getting the same warning! This is scary! @Karlos Please fix.
-
Yes, there is an unpatched vBulletin exploit that has hit a number of forums so far. There is a thread about it at Moo Bunny:
http://moobunny.dreamhosters.com/cgi/mbmessage.pl/amiga/174104.shtml
If anyone can reach Pyromania or the other mods quickly then please do so. I don't see any of them online at the moment.
-
I just got same warning. Running AVIRA on WinXP.
-
http://www.amiga.org/forums/project.php?issueid=65#note255
-
Until this problem is fixed, feel free to use the old browser proxy:
http://aoproxy.extropia.co.uk
I've added a snippet of code to eliminate the iframe from the page and removed the automatic redirect to the main site for modern browsers. You can see the effect in the page source:
<!-- http://amiga.org/forums/search.php?do=getdaily : retrieved in 0.593s -->
<!--
HeadIFrameEliminator:Bytes in: 17244, out: 17174, took 0.000 s
DegradeXHTMLRewriter:Bytes in: 17174, out: 17105, took 0.001 s
LinkRewriter:Bytes in: 17105, out: 17245, took 0.005 s
MainNavigationRewriter:Bytes in: 17245, out: 17245, took 0.000 s
CommonBlockRewriter:Bytes in: 17245, out: 17300, took 0.000 s
CSSRewriter:Bytes in: 17300, out: 4300, took 0.001 s
JavascriptRewriter:Bytes in: 4300, out: 3989, took 0.000 s
-->
Unfortunately the iframe output breaks the page with respect to header based redirects, so you'll still see the "redirect" page when you click on "new posts" and the like, but I have confirmed the iframe is not present in any content that is passed through the proxy code.
-
Yes, there is an unpatched vBulletin exploit that has hit a number of forums so far. There is a thread about it at Moo Bunny:
http://moobunny.dreamhosters.com/cgi/mbmessage.pl/amiga/174104.shtml
If anyone can reach Pyromania or the other mods quickly then please do so. I don't see any of them online at the moment.
I'm here
-
Hi All,
On my Windows XP machine my AV, Avira Anti-Virus 10.0.0.567 has just started complaining when I visit this site. Is this a false positive? (I'm assuming it is.) The infected file details are very vague and I can't find a proper description online of the type of infection.
Any ideas anyone? I've attached a couple of sreenshots.
Thanks,
Robin.
Hi,
I get the same thing with my Avira, except mine says "Looney site warning, staying on this site can cause massive damage to brain cells especially from MAC users"
Do you want to "Place in virus pen"
"Delete"
"Do nothing"
"Leave as fast as your mouse can click"
smerf
-
For those folk using Windows or in fact any other OS with a modern browser I suggest you disable javascript for this site.
Yes, that includes you MacOS and Linux users. Your browser can still be vulnerable to script based attacks and be made to do weird and wonderful things.
And yes, last night there was another attack.
Fun times.
-
For those folk using Windows or in fact any other OS with a modern browser I suggest you disable javascript for this site.
Yes, that includes you MacOS and Linux users. Your browser can still be vulnerable to script based attacks and be made to do weird and wonderful things.
And yes, last night there was another attack.
Fun times.
IMO, one should use a script blocker by default when viewing any site.
-
Hi All,
On my Windows XP machine my AV, Avira Anti-Virus 10.0.0.567 has just started complaining when I visit this site. Is this a false positive? (I'm assuming it is.) The infected file details are very vague and I can't find a proper description online of the type of infection.
Any ideas anyone? I've attached a couple of sreenshots.
Thanks,
Robin.
I just now accessed the site after Karlos did some cleanup and I get no warning messages using Avira AntiVirus under a Windows Virtual Machine. Could you try your Avira again and make sure it no longer gives you a warning?
@x56h34 & matt020
If you have time could you please check with your Avira as well?
-
I just now accessed the site after Karlos did some cleanup and I get no warning messages using Avira AntiVirus under a Windows Virtual Machine.
Have you actually done the forensics and figured out how the security was breached and the websites modified? Have you actually fixed the vulnerability that was used?
Just removing the modifications done by the attacker will not work.
-
Have you actually done the forensics and figured out how the security was breached and the websites modified? Have you actually fixed the vulnerability that was used?
Just removing the modifications done by the attacker will not work.
Your right of course and we already know this. Measures are being taken to fix the vulnerability that was used.
-
Not getting the warning from Avira anymore. Thanks!
-
Not getting the warning from Avira anymore. Thanks!
Thanx for checking.
:)
-
It's ok for me now as well (Avira, latest definition files, Win 7). Thanks.