Admins - Blocked Website - Jeep Wrangler Forum
Jeep Wrangler Forum

Go Back   Jeep Wrangler Forum > Community Forums > WF Site Help & Support

Join Wrangler Forum Today


Reply
 
Thread Tools

Please support our sponsors and let them know you heard about them on WranglerForum.com
Old 09-01-2013, 04:53 AM   #1
Jeeper
 
staticattic's Avatar
 
Join Date: Jun 2013
Location: Tampa Bay, Florida
Posts: 106
Admins - Blocked Website

Admins,

Starting yesterday, when I try to go to this site from work, I get this as the reason this site cannot be opened:

Malicious Outbound Data/Botnets;Newsgroups/Forums;Vehicles

This just started yesterday. Initially I thought it was because of the second half of the rule. However, I can still go to every other Jeep related forum and motorcycle related forum. It is only this one that flags the firewall. So now I am wondering if it is the first half of the rule that is tripping security on the firewall. It is probably a local issue. However, I bring it to your attention only because this has happened before. In that case, emails that my mom sent me from her work email were blocked. Had something to do with her company's domain being improperly marked as a potential site for spam and malicious code.

This issue is more than likely a local problem but I figured I would pass the info on to you anyway just in case your site has been improperly categorized or in case someone is doing some backdoor bad guy stuff via your site.

__________________
Jeff
staticattic is offline   Quote Quick Reply
Old 09-01-2013, 05:13 AM   #2
Jeeper
 
JD95YJ's Avatar
 
Join Date: Dec 2012
Location: Stockbridge GA
Posts: 1,042
Images: 11
Same here. I was pretty pissed when trying to log in from work yesterday. Now I actually have to work LOL

__________________
95 4.0 "EL DIABLO"
JD95YJ is offline   Quote Quick Reply
Old 09-01-2013, 05:36 AM   #3
I am JD & It's my Dream

WF Supporting Member
::WF Administrator::
 
JDsDream's Avatar
 
Join Date: Jan 2009
Location: The Peach State
Posts: 26,863
Images: 4
I will send this info to AG. If it happens again please let me know. A screen shot of the warning would also help.
__________________
The kind of woman that when my feet hit the floor each morning the devil says "Oh Crap, She's up!"

To All Of Our Forum Veterans and Active Service Members.
Our Debt To You Is Greater Than We Could Ever Repay.
Thank You

Become a Supporting Member!
JDsDream is offline   Quote Quick Reply
Old 09-02-2013, 05:05 AM   #4
Jeeper
 
staticattic's Avatar
 
Join Date: Jun 2013
Location: Tampa Bay, Florida
Posts: 106
OK, I no longer think the problem is a local problem. I have attached the timestamp for my visit to wranglerforum.com. I also attached the results from Bluecoat filter from this forum, jk-forum.com and msgroup.org for comparison. I can browse both of those sites plus several vehicle related forums all day. It is only wranglerforum.com that has the issue. Either Bluecoat has miscategorized you, someone may be attempting to do bad things using your site as their springboard, or there was recently a change in your scripts causing the issue. The time stamp for the Bluecoat review for you is 30 AUG 2013. If you need me to grab anything else from my end, I'm here. Have a great and safe Labor Day.
Attached Thumbnails
Click image for larger version

Name:	Firewall.jpg
Views:	62
Size:	99.2 KB
ID:	303273   Click image for larger version

Name:	bluecoat.jpg
Views:	54
Size:	49.3 KB
ID:	303281  

Click image for larger version

Name:	jk-forum.jpg
Views:	44
Size:	37.3 KB
ID:	303289   Click image for larger version

Name:	msgroup.jpg
Views:	40
Size:	36.0 KB
ID:	303297  

__________________
Jeff
staticattic is offline   Quote Quick Reply
Old 09-02-2013, 09:22 AM   #5
Jeeper

WF Supporting Member
 
Join Date: Feb 2011
Posts: 521
Images: 2
Jeff
That's pretty serious. Bluecoat describes that category as "
Malicious Outbound Data/Botnets

Sites to which botnets or other malware (as defined in the Malicious Sources category) send data or from which they receive command-and-control instructions. Includes sites that contain serious privacy issues, such as "phone home" sites to which software can connect and send user information. Usually does not include sites that can be categorized as Malicious Sources."


@admins - When was the last time a sec assessment was done on the forum site?
__________________
If you only have a Jeep, every problem appears as a rock. I like rocks.
trennmaschine is offline   Quote Quick Reply
Old 09-03-2013, 09:44 AM   #6
Administrator

WF Supporting Member
::WF Administrator::
 
Join Date: Apr 2008
Location: Toronto, Canada
Posts: 531
Images: 1
Send a message via MSN to HelenaAG
Thank you for the report and the screenshots Jeff. Are you still experiencing this issue?

Regards,
CG - Community Support
HelenaAG is offline   Quote Quick Reply
Old 09-03-2013, 12:42 PM   #7
Jeeper
 
appleman46's Avatar
 
Join Date: Aug 2011
Location: Dayton, OH
Posts: 884
I'm actually blocked at work too, just started a couple days ago. Never had a problem until then.
appleman46 is offline   Quote Quick Reply
Old 09-03-2013, 12:50 PM   #8
Jeeper
 
Join Date: Dec 2012
Posts: 2,631
Those who log/browse at work: Contact your IT dept as they may have set there security to an extreme high level. If this was an issue, almost everyone (including home users) would be screaming death lol.
RevCo666 is offline   Quote Quick Reply
Old 09-03-2013, 12:53 PM   #9
Mmmm. Good Toast.

WF Supporting Member
 
Harleyrider1108's Avatar
 
Join Date: Aug 2011
Location: Over the Hills and Far Away
Posts: 8,876
Blocked here too.
__________________
"It's a fool that looks for logic in the chambers of the human heart" - Ulysses Everett McGill
Harleyrider1108 is offline   Quote Quick Reply
Old 09-03-2013, 02:46 PM   #10
Jeeper
 
staticattic's Avatar
 
Join Date: Jun 2013
Location: Tampa Bay, Florida
Posts: 106
Quote:
Originally Posted by RevCo666 View Post
Those who log/browse at work: Contact your IT dept as they may have set there security to an extreme high level. If this was an issue, almost everyone (including home users) would be screaming death lol.
I agree, but what changed in the last couple of days? If it was just me, I would say it was a local issue, but apparently it is not. And it happened around the same time for those reporting it. Something happened to cause Bluecoat to report this site as using botnets and malicious outbound data.
__________________
Jeff
staticattic is offline   Quote Quick Reply
Old 09-03-2013, 04:27 PM   #11
Mmmm. Good Toast.

WF Supporting Member
 
Harleyrider1108's Avatar
 
Join Date: Aug 2011
Location: Over the Hills and Far Away
Posts: 8,876
Haha... in case my VP is on here..... you'll notice I still had 7 minutes on lunch left.
__________________
"It's a fool that looks for logic in the chambers of the human heart" - Ulysses Everett McGill
Harleyrider1108 is offline   Quote Quick Reply
Old 09-03-2013, 06:20 PM   #12
Jeeper
 
GRUMPHF's Avatar
 
Join Date: Jan 2013
Location: Gulf Coast, MS
Posts: 74
Guess it's just us blue suiters. I got the block too...thought they figured out I'd been spending too much time here each day.
GRUMPHF is offline   Quote Quick Reply
Old 09-03-2013, 07:09 PM   #13
Jeeper
 
Jwolfer's Avatar
 
Join Date: Oct 2012
Posts: 863
It's blocked on the USAF computers now too unfortunately.
__________________
06 Rubi, 33x12.50x15 Duratracs on 15x8 MB 72s, 2" BB, 1.25" JKS BL, 1" JKS MML, ZJ Tie Rod, JCR Front/Rear Bumpers, JCR Sliders, OR-Fab Tire Carrier with Jerry Can Mount.
Jwolfer is offline   Quote Quick Reply
Old 09-03-2013, 08:47 PM   #14
Full Size Jeep Dr.

WF Supporting Member
 
lindel's Avatar
 
Join Date: Nov 2011
Location: The land of Salted Iron
Posts: 1,825
And FAA computers...now you guys don't know WHAT your tax dollars are doing...
__________________
His: 1999 Flame Red TJ, With a few mods...

Hers: 1987 Grand Wagoneer, stock w/Falken Wildpeak ATs
lindel is offline   Quote Quick Reply
Old 09-03-2013, 11:47 PM   #15
That's no moon

WF Supporting Member
::WF Moderator::
 
hbgirl's Avatar
 
Join Date: Feb 2012
Location: Baseball Town
Posts: 5,553
Blocked at work for me too now, and was fine last Friday; received same message as posted above. Something changed over the weekend.

And can we keep this thread to just the issue itself? This really isn't the place to digress into a "be thankful you have a job because there are tons of people who don't" argument. No one was asking for sympathy just because they can't read a Jeep forum; just bringing it to their attention.
__________________
Hair by Jeep
hbgirl is offline   Quote Quick Reply
Old 09-04-2013, 09:26 AM   #16
Full Size Jeep Dr.

WF Supporting Member
 
lindel's Avatar
 
Join Date: Nov 2011
Location: The land of Salted Iron
Posts: 1,825
Quote:
Originally Posted by lindel View Post
And FAA computers...now you guys don't know WHAT your tax dollars are doing...
Here's a screen shot of what I see from work.



Click image for larger version

Name:	ForumRunner_20130904_092505.png
Views:	78
Size:	152.0 KB
ID:	311273
__________________
His: 1999 Flame Red TJ, With a few mods...

Hers: 1987 Grand Wagoneer, stock w/Falken Wildpeak ATs
lindel is offline   Quote Quick Reply
Old 09-04-2013, 09:30 AM   #17
Jeeper
 
Join Date: Aug 2013
Location: Quebec
Posts: 15
It's also blocked at my workplace and I was able to access the forum last week.

I sent a site review to Bluecoat and they replied that their scanner has picked suscipious activities which triggered the addition to the suscipious category.

With this reply, I believe the admins must do a security review of the forum and remove any suscipious threads. It's certainly a rogue ad or script running on the forum.

I had to post this from my iphone WF app.
Xilikon is offline   Quote Quick Reply
Old 09-05-2013, 02:53 PM   #18
Administrator

WF Supporting Member
::WF Administrator::
 
Join Date: Apr 2008
Location: Toronto, Canada
Posts: 531
Images: 1
Send a message via MSN to HelenaAG
Thank you for the reports and the screen shots everyone. I have escalated it to the tech they can look further into it.

Hi Xilikon, by any chance can they provide us with more details of what exactly their scanner picked up or at least what section of the site?

CG - Community Support
HelenaAG is offline   Quote Quick Reply
Old 09-05-2013, 03:34 PM   #19
Jeeper
 
Join Date: Aug 2013
Location: Quebec
Posts: 15
Nope, they didn't specify anything more precise than this. I suggest you call Bluecoat and ask for data to help you pinpoint which activity triggered the alert.
Xilikon is offline   Quote Quick Reply
Old 09-05-2013, 03:36 PM   #20
Jeeper
 
Join Date: Aug 2013
Location: Hazard
Posts: 143
Every time I log in it pops up a virus warning for the site...kinda worried me too but I ignored it and kept pressing on
CAWillie is offline   Quote Quick Reply
Old 09-05-2013, 03:39 PM   #21
Jeeper
 
Join Date: Aug 2013
Location: Quebec
Posts: 15
Speaking of suscipious, I just remembered that while browsing last friday on WF, i got a alert popup from my McAfee antivirus about a temp file being infected when i entered a thread or a page. This coincide with the last classification change date, which is august 30th.
Xilikon is offline   Quote Quick Reply
Old 09-06-2013, 08:53 AM   #22
Jeeper
 
Join Date: Aug 2013
Location: Quebec
Posts: 15
Upon analysis of my logs, my computer triggered a McAfee On Access Scan event on 2013-08-30 at 16:34 EST. The infected file is called 01377894848102.exe and the virus is the ZeroAccess-FBWO!B7910490E3AD trojan. That file was found in the IE temporary folder. In the quarantaine folder, there is a file about 10 Mb in size.

Upon looking about that trojan, it's often triggered by displaying a particular AD which execute a script.
Xilikon is offline   Quote Quick Reply
Old 09-06-2013, 08:57 AM   #23
Jeeper
 
Join Date: Nov 2012
Location: central pa mountains
Posts: 557
I get a pop up stating the website has an Exploit Kit, what ever that is.
ztman is offline   Quote Quick Reply
Old 09-09-2013, 09:07 AM   #24
Jeeper
 
Join Date: Aug 2013
Location: Quebec
Posts: 15
Are there any developmemt about that issue ?
Xilikon is offline   Quote Quick Reply
Old 09-09-2013, 09:15 AM   #25
Administrator

WF Supporting Member
::WF Administrator::
 
Join Date: Apr 2008
Location: Toronto, Canada
Posts: 531
Images: 1
Send a message via MSN to HelenaAG
Hi guys, just to follow up, the tech did a full scan of the site and the domain came up clean...

check Blacklisted: No
check Malware: No
check Malicious javascript: No
check Malicious iFrames: No
check Drive-By Downloads: No
check Anomaly detection: No
check IE-only attacks: No
check Suspicious redirections: No
check Spam: No

They also were able to do a report view on McAfee's McAfee SiteAdvisor Software and came up clean.

We'll still take some time though to investigate the bluecoat review and have a look into it.

Regards,
CG - Community Support
HelenaAG is offline   Quote Quick Reply
Old 09-09-2013, 10:49 AM   #26
Jeeper
 
Join Date: Aug 2013
Location: Quebec
Posts: 15
After reading that, I asked Bluecoat to recheck the site classifications. They checked the flags and all went stale so they removed the Suscipious category. I'm currently typing from work finally after 2 weeks of no access ;-)

I consider that case closed but I suggest you make sure the server which host the forum got all the latest software updates.

I'm a senior IT technician specialized in security questions by trade so I know the ways around those issues.
Xilikon is offline   Quote Quick Reply
Old 09-09-2013, 01:04 PM   #27
That's no moon

WF Supporting Member
::WF Moderator::
 
hbgirl's Avatar
 
Join Date: Feb 2012
Location: Baseball Town
Posts: 5,553
Quote:
Originally Posted by Xilikon View Post
After reading that, I asked Bluecoat to recheck the site classifications. They checked the flags and all went stale so they removed the Suscipious category. I'm currently typing from work finally after 2 weeks of no access ;-)

I consider that case closed but I suggest you make sure the server which host the forum got all the latest software updates.

I'm a senior IT technician specialized in security questions by trade so I know the ways around those issues.
Thanks so much for the follow-up with Bluecoat, Xilikon. I'm able to access from work again as well.
__________________
Hair by Jeep
hbgirl is offline   Quote Quick Reply
Old 09-10-2013, 03:41 PM   #28
Full Size Jeep Dr.

WF Supporting Member
 
lindel's Avatar
 
Join Date: Nov 2011
Location: The land of Salted Iron
Posts: 1,825
I'll be able to give a report from/about work tomorrow, AM.
__________________
His: 1999 Flame Red TJ, With a few mods...

Hers: 1987 Grand Wagoneer, stock w/Falken Wildpeak ATs
lindel is offline   Quote Quick Reply
Old 09-10-2013, 04:39 PM   #29
Mmmm. Good Toast.

WF Supporting Member
 
Harleyrider1108's Avatar
 
Join Date: Aug 2011
Location: Over the Hills and Far Away
Posts: 8,876
I can say that yesterday mine was a no. Today it was fine and worked.
__________________
"It's a fool that looks for logic in the chambers of the human heart" - Ulysses Everett McGill
Harleyrider1108 is offline   Quote Quick Reply
Old 09-11-2013, 08:00 AM   #30
Jeeper
 
JD95YJ's Avatar
 
Join Date: Dec 2012
Location: Stockbridge GA
Posts: 1,042
Images: 11
Finally able to access it today. Thanks!

__________________
95 4.0 "EL DIABLO"
JD95YJ is offline   Quote Quick Reply
Reply

Quick Reply
Message:
Options

Register Now

In order to be able to post messages on the Jeep Wrangler Forum forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.
User Name:
If you do not want to register, fill this field only and the name will be used as user name for your post.
Password
Please enter a password for your user account. Note that passwords are case-sensitive.
Password:
Confirm Password:
Email Address
Please enter a valid email address for yourself.
Email Address:

Log-in

Human Verification

In order to verify that you are a human and not a spam bot, please enter the answer into the following box below based on the instructions contained in the graphic.



Thread Tools

Posting Rules
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



logo carid shop wrangler parts carid fender flares custom wheels store avs deflectors at carid
» Rates
Get low rates on auto insurance in Canada!

» Network Links
»Jeep Parts
» Featured Product

All times are GMT -5. The time now is 04:53 AM.



Jeep®, Wrangler, Liberty, Wagoneer, Cherokee, and Grand Cherokee are copyrighted and trademarked to Chrysler Motors LLC.
Wranglerforum.com is not in any way associated with the Chrysler Motors LLC