Avira Alert For Amiga.org

[Karlos]

Until this problem is fixed, feel free to use the old browser proxy:

http://aoproxy.extropia.co.uk

I've added a snippet of code to eliminate the iframe from the page and removed the automatic redirect to the main site for modern browsers. You can see the effect in the page source:

Code: [Select]


<!-- http://amiga.org/forums/search.php?do=getdaily : retrieved in 0.593s -->
<!--
HeadIFrameEliminator:Bytes in: 17244, out: 17174, took 0.000 s
DegradeXHTMLRewriter:Bytes in: 17174, out: 17105, took 0.001 s
LinkRewriter:Bytes in: 17105, out: 17245, took 0.005 s
MainNavigationRewriter:Bytes in: 17245, out: 17245, took 0.000 s
CommonBlockRewriter:Bytes in: 17245, out: 17300, took 0.000 s
CSSRewriter:Bytes in: 17300, out: 4300, took 0.001 s
JavascriptRewriter:Bytes in: 4300, out: 3989, took 0.000 s
 -->


Unfortunately the iframe output breaks the page with respect to header based redirects, so you'll still see the "redirect" page when you click on "new posts" and the like, but I have confirmed the iframe is not present in any content that is passed through the proxy code.

[Pyromania]

Yes, there is an unpatched vBulletin exploit that has hit a number of forums so far.  There is a thread about it at Moo Bunny:
http://moobunny.dreamhosters.com/cgi/mbmessage.pl/amiga/174104.shtml

If anyone can reach Pyromania or the other mods quickly then please do so. I don't see any of them online at the moment.

I'm here

[smerf]

Hi All,

On my Windows XP machine my AV, Avira Anti-Virus 10.0.0.567 has just started complaining when I visit this site. Is this a false positive? (I'm assuming it is.) The infected file details are very vague and I can't find a proper description online of the type of infection.

Any ideas anyone? I've attached a couple of sreenshots.

Thanks,
Robin.

Hi,

I get the same thing with my Avira, except mine says "Looney site warning, staying on this site can cause massive damage to brain cells especially from MAC users"

Do you want to "Place in virus pen"
                      "Delete"
                      "Do nothing"
                      "Leave as fast as your mouse can click"


smerf

[the_leander]

For those folk using Windows or in fact any other OS with a modern browser I suggest you disable javascript for this site.

Yes, that includes you MacOS and Linux users. Your browser can still be vulnerable to script based attacks and be made to do weird and wonderful things.

And yes, last night there was another attack.

Fun times.

[Karlos]

For those folk using Windows or in fact any other OS with a modern browser I suggest you disable javascript for this site.

Yes, that includes you MacOS and Linux users. Your browser can still be vulnerable to script based attacks and be made to do weird and wonderful things.

And yes, last night there was another attack.

Fun times.

IMO, one should use a script blocker by default when viewing any site.

[Pyromania]

Hi All,

On my Windows XP machine my AV, Avira Anti-Virus 10.0.0.567 has just started complaining when I visit this site. Is this a false positive? (I'm assuming it is.) The infected file details are very vague and I can't find a proper description online of the type of infection.

Any ideas anyone? I've attached a couple of sreenshots.

Thanks,
Robin.

I just now accessed the site after Karlos did some cleanup and I get no warning messages using Avira AntiVirus under a Windows Virtual Machine. Could you try your Avira again and make sure it no longer gives you a warning?

@x56h34 & matt020

If you have time could you please check with your Avira as well?

[Piru]

I just now accessed the site after Karlos did some cleanup and I get no warning messages using Avira AntiVirus under a Windows Virtual Machine.

Have you actually done the forensics and figured out how the security was breached and the websites modified? Have you actually fixed the vulnerability that was used?

Just removing the modifications done by the attacker will not work.

[Pyromania]

Have you actually done the forensics and figured out how the security was breached and the websites modified? Have you actually fixed the vulnerability that was used?

Just removing the modifications done by the attacker will not work.

Your right of course and we already know this. Measures are being taken to fix the vulnerability that was used.

[issarad]

Not getting the warning from Avira anymore.  Thanks!

[Pyromania]

Not getting the warning from Avira anymore.  Thanks!

Thanx for checking.

[x56h34]

It's ok for me now as well (Avira, latest definition files, Win 7). Thanks.