BallReviews
Site Support => Bug Reports => Topic started by: charlest on May 26, 2012, 07:20:45 PM
-
AT 8:15 PM Eastern time, I did a refresh on my unread posts and got a warning from AVG that this was detected: "Exploit JavaScript Obfuscation type (156) was intercepted". I did not see if this was a virus; it just said it was a threat.
A couple of internet searches showed it can caused by an advertisement.
-
I got a warning last night, but I could not narrow it down to which site. It was in my temporary internet files, but I was on here (not logged in though) at the time. I had been doing some browsing at other sites prior to that so I could not be certain which site had caused the warning. I just gave my virus checker the okay to remove it.
I remember it was something to do with Java though.
-
FlashBlock is your friend. You can visit the most reputable sites in the world but if their 3rd party ad providers have been compromised (and they often are the target of hackers) no site is safe.
-
FlashBlock is your friend. You can visit the most reputable sites in the world but if their 3rd party ad providers have been compromised (and they often are the target of hackers) no site is safe.
I have NoScript enabled and FlashBlock enabled on Firefox, my browser.
-
FlashBlock is your friend. You can visit the most reputable sites in the world but if their 3rd party ad providers have been compromised (and they often are the target of hackers) no site is safe.
Doing some quick research on that Flashblock, found that it is for Mozilla type browsers. There is a way to do it for IE, check here:
http://lifehacker.com/5533694/use-internet-explorers-built+in-flash-block-feature (http://lifehacker.com/5533694/use-internet-explorers-built+in-flash-block-feature)
-
MI2AZ, that did work, but is there any way to stop the pop up asking if you want to run flash every time you load (just about) every page every site?
-
Yesterday my Avast AV stopped me from coming to BR. I got a HTML-Script-Inf<gzip>. I see it's fixed now. I had this happen on a golf related site for fitters and they fixed it by going to a dedicated IP.
-
MI2AZ, that did work, but is there any way to stop the pop up asking if you want to run flash every time you load (just about) every page every site?
Strider, I just found that yesterday and tried it myself. I agree the popup message is annoying but I haven't found a way to keep it from appearing yet. Only other option is to switch to Firefox or Chrome and use the other programs mentioned above by Charlest.
-
I haven't looked at in a few generations, but I never cared for Firefox. I like Chrome, but really hate that there's no recently visited url drop down arrow in the main box. There's about 8 sites I look at constantly and it's clunky to do in Chrome. I added the "speed dial" plug in which is nice, but it's not the same.
-
I use Firefox and have no issues at all.
Plus Firefox is so much faster then the big E.
And I don't care to much for Google Chrome
-
I have been getting lately as well.
I always wondered...
Regards,
Luckylefty
-
I have 3rd party ad blocking and I received no notice of malware or viruses. And I use IE. Ad blocking is a great thing.
I hope everybody has been good and not using a work computer. Tough to explain that one.
-
also a good security package should offer the option to block on your machine. if one doesn't...
FlashBlock is your friend. You can visit the most reputable sites in the world but if their 3rd party ad providers have been compromised (and they often are the target of hackers) no site is safe.
Doing some quick research on that Flashblock, found that it is for Mozilla type browsers. There is a way to do it for IE, check here:
http://lifehacker.com/5533694/use-internet-explorers-built+in-flash-block-feature (http://lifehacker.com/5533694/use-internet-explorers-built+in-flash-block-feature)
-
Is a sight called lifehacker where I want to be going??
Regards,
Luckylefty
-
LL, some hackers do see the light - after being caught! That said I didn't click on the site.
-
I just got a alert from Avast when I came on here. Said it blocked a trojan called HTML:Downloader-CC[Trj]
-
It looks like there is a malicious ad on one of our ad networks. I haven't been able to recreate the issue but I am looking into it.
-
Just came on and it did it again heres the info
"I removed http:// from url"
today-
Infection Details
URL: cetolsq.tk/35232777.html
Infection: HTML:Downloader-CC [Trj]
Last night-
Infection Details
URL: bilioaerw.tk/78102777.html
Infection: HTML:Downloader-CC [Trj]
-
Still haven't been able to trigger it myself. If it pops up for someone again, please let me know what ads are displaying.
-
Still haven't been able to trigger it myself. If it pops up for someone again, please let me know what ads are displaying.
Download free Avast BR_tech. Best AV program out there and it will detect and give you info. http://www.avast.com/free-antivirus-download
BTW...I scanned BR with https://www.virustotal.com/#url and found nothing. Possibly with an AV/Avast it's a false positive? I turned on adblock and NoScript using FireFox 11.0 and it allows me on site.
-
Still haven't been able to trigger it myself. If it pops up for someone again, please let me know what ads are displaying.
Download free Avast BR_tech. Best AV program out there and it will detect and give you info. http://www.avast.com/free-antivirus-download
BTW...I scanned BR with https://www.virustotal.com/#url and found nothing. Possibly with an AV/Avast it's a false positive? I turned on adblock and NoScript using FireFox 11.0 and it allows me on site.
Be cause the ads are on a rotation, unless you come on the site when its present it wont set off the AV.
The url avast shows for it is a ".tk" domain. They are notorious for all the phishing, scamming etc. do to their free domain names.
I would think telling adchoices they have a infected ad would be the thing.
-
I use Avast and just logged into Ballreviews and it bloccked a trojan also.
-
maybe the site should be shut down until this is resolved? a trojan is no small matter. any user not blocking 3rd party is exposed.
-
Just got on and Norton just caught a Virus. Something like palaceshrink.
Please check this out.
-
what ads were flashing (not counting 900 Global at bottom)? this may help troubleshooting it.
-
Ads have been disabled till we sort this out. If anyone is still receiving any errors please let me know ASAP.
-
I didn't notice it until I was on my windows box. Then I saw what everyone else is seeing. Mac users seeing this too? Just wondering.
-
Lefty,
Lifehacker is totally legit. Go with confidence.
Is a sight called lifehacker where I want to be going??
Regards,
Luckylefty
-
Okay I just came back on and got this
Infection Details
URL: palaceshrunk.in/404notfound
Infection: URL:Mal
-
tl;dr version: Site should be coming back as clean for everyone.
What happened?
It appears that an infected server (not ours, a random one on the web) was used to grab our index files through ftp, append some malicious code, and return the files to their position on the server.
How did they get in to FTP? Don't you have passwords or something?
We had an account activated for a freelance web developer in order to help with the transition to the new server. We don't believe the freelancer had anything to do with the hack but the password on the account was simple enough to be brute-forced.
Are you sure it is all gone?
Our file transfer logs showed all files that were accessed and we have gone through all files affected. The code has been cleaned from all of these files. I don't like dealing in absolutes but yea, I'm sure it is all gone.
Why did you originally say it was the ads?
I was unable to recreate the issue and, in the past, I've dealt with similar issues where I was unable to get the right ad to load so some people would see the error while others wouldn't. In this case, the malicious code was designed to not activate for specific browsers. Google Chrome was among the browsers that were ignored so, when I visited the site, I was unable to see the line of code.
What have you done to ensure that this doesn't happen again?
Though this looks like it was just the work of a script and not of an actual user, we have changed all passwords related to the server. We have also disabled the account used to make the changed to the files. Finally, we have activated filtering for FTP so that FTP commands can only be accessed using specified ip addresses.
Was my password at risk?
The logs do not indicate any attempt to access or view any user data. Even if the hack attempt had led to access of the users database, all passwords are hashed and salted. This means that we can't even see what your password is if we want to do so.
Why all this information?
We want to make sure that we have clear communication about these sorts of events with our users.
-
Got hit with spyware within a minute after logging on when using a PC this morning...IT Guy fixed it.. Nothing on iPhone or MAC..
-
Tech, thanks for the detailed response.