malicious web attack - Page 2 - Jeep Wrangler Forum
Jeep Wrangler Forum

Go Back   Jeep Wrangler Forum > Community Forums > WF Site Help & Support

Join Wrangler Forum Today


Reply
 
Thread Tools

Please support our sponsors and let them know you heard about them on WranglerForum.com
Old 11-12-2013, 11:44 AM   #31
Jeeper
 
Join Date: Sep 2013
Posts: 60
Images: 6
I'm not getting that attack any more. Thank you.

odamo is offline   Quote Quick Reply
Old 11-13-2013, 07:51 AM   #32
Jeeper
 
David M's Avatar
 
Join Date: Jan 2011
Location: The Ozark Mountains
Posts: 767
Quote:
Originally Posted by soberbyker View Post
Locate IP 94.242.216.61 - WHOIS IP address 94.242.216.61



The link above the screenshot has more info.

I have a question for those getting the warning, which forum page were you attempting to access? On a forum I moderate we had a similar problem where only people with Norton were getting the message. The culprit turned out to be a photo file that Norton deemed the origin domain of photo as bad.
Quote:
Originally Posted by soberbyker View Post
Using chrome, the two I highlighted brought a warning, seen below, the other three were a 404 not found message. Looking at the two "hits" the word "image" is in the addy, I'd say there is an image loaded on the forum somewhere that tracks back to an addy in Nortons "bad" file. Find the thread(s) where the image is, delete it, and all should be fine.

Hey soberbyker, this is a puzzle. I mentioned in post #5 that the IP is apparently registered in Luxembourg, of all places, and to answer your question, the only WF forum threads that I frequent are all in the JK section.

After searching for the problem IP address on Google, a few forums pop-up that have had intrusion attempts mentioned by their members from the same Luxembourg IP. They are the "thedieselstop.com", "polarisatvforums.com" and our WF. All of which have the same common denominator of having an advertisement from "Discount Tire". But, I'm certainly not saying that Discount Tire is the culprit. Wrangler Forum and the diesel forum also have the same ads from "Car iD". Another forum that has had the same IP problem is "2coolfishing.com", but I didn't dig too deeply into it.

Like you say though, and you probably know better than me, but this could be an image or something that only Norton picks up on. But then again, member Lowerumble said that his Kapersky is blocking things too. What does all of this mean?....heck if I know, probably nothing.

__________________
David M is offline   Quote Quick Reply
Old 11-13-2013, 08:03 AM   #33
Jeeper
 
David M's Avatar
 
Join Date: Jan 2011
Location: The Ozark Mountains
Posts: 767
Quote:
Originally Posted by odamo View Post
I'm not getting that attack any more. Thank you.
I haven't had any malicious attacks lately either. Hopefully the Wangler Forum IT guys tracked it down, and ran over it with their JK's.
__________________
David M is offline   Quote Quick Reply
Old 11-13-2013, 09:11 AM   #34
gsn
Jeeper
 
Join Date: Jul 2012
Posts: 571
Quote:
Originally Posted by David M View Post
Hey soberbyker, this is a puzzle. I mentioned in post #5 that the IP is apparently registered in Luxembourg, of all places, and to answer your question, the only WF forum threads that I frequent are all in the JK section.

After searching for the problem IP address on Google, a few forums pop-up that have had intrusion attempts mentioned by their members from the same Luxembourg IP. They are the "thedieselstop.com", "polarisatvforums.com" and our WF. All of which have the same common denominator of having an advertisement from "Discount Tire". But, I'm certainly not saying that Discount Tire is the culprit. Wrangler Forum and the diesel forum also have the same ads from "Car iD". Another forum that has had the same IP problem is "2coolfishing.com", but I didn't dig too deeply into it.

Like you say though, and you probably know better than me, but this could be an image or something that only Norton picks up on. But then again, member Lowerumble said that his Kapersky is blocking things too. What does all of this mean?....heck if I know, probably nothing.
If you are using either chrome of firefox, install ghostery and adblock (both are addons). Enable all lists on both and uncheck "enable non-instrusive ads" in adblock. Restart browser, then visit wranglerforum again and check if the "intrusion" attempt comes up again. If it doesn't, its a tracker or an ad, if it does, then the WF server is compromised or is a false positive by the antivirus.

I however, do not get any "intrusion" alert with nod32.

edit: ah well too late, kind of read your previous post first and replied to it :b
gsn is offline   Quote Quick Reply
Old 11-13-2013, 10:30 AM   #35
Administrator

WF Supporting Member
::WF Administrator::
 
Join Date: Apr 2008
Location: Toronto, Canada
Posts: 619
Images: 1
Send a message via MSN to HelenaAG
Let us know if this issue is still occurring.

Regards,

MD
HelenaAG is offline   Quote Quick Reply
Old 11-17-2013, 12:43 AM   #36
Jeeper
 
Join Date: Sep 2013
Posts: 60
Images: 6
Quote:
Originally Posted by HelenaAG View Post
Let us know if this issue is still occurring.

Regards,

MD
Its still occurring, just happened again tonight.
odamo is offline   Quote Quick Reply
Old 11-18-2013, 02:12 PM   #37
Jeeper
 
machz's Avatar
 
Join Date: Aug 2013
Location: Concord NH
Posts: 510
Images: 2
Still happens to me also

DO NOT CLICK THIS LINK !!!!!

jmsnbzhk.js?2013a60bce581896 Blocked: http://mamsletterme.com/jmsnbzhk.js?2013a60bce581896 (analysis using the database of malicious URLs) 11/18/2013 3:10:09 PM Google

mamsletterme points to a server in Panama
__________________
2014 Rubicon X 2D ANVIL
TF coil level lift, Rancho 9000xl, Fuel Anza, 285/70/17 duratracs, Maximus3 hoop, black box logistic 12" led, bedtred
machz is offline   Quote Quick Reply
Old 11-20-2013, 10:00 AM   #38
Administrator

WF Supporting Member
::WF Administrator::
 
Join Date: Apr 2008
Location: Toronto, Canada
Posts: 619
Images: 1
Send a message via MSN to HelenaAG
Can you guys provided the Thread URL to which you received the warnings. What most likely it would be are images that were posted on a thread which are hosted elsewhere that might have been compromised. This has happened before in which we had to remove those images from the site as it was triggering anti virus warnings.

We ran a report within our database to see if we can find any infection and the report came back negative, site is clear.

You can check yourself by using Sucuri SiteCheck - Free Website Malware Scanner and insert Jeep Wrangler Forum - Jeep Wrangler Owners Community to scan the site.

Regards,

MD
HelenaAG is offline   Quote Quick Reply
Old 11-26-2013, 04:19 AM   #39
Jeeper
 
Lusus_Naturae's Avatar
 
Join Date: Oct 2012
Location: OKC, missing WI
Posts: 2,099
Got this message - Danger: Malware Ahead!
Google Chrome has blocked access to this page on Jeep Wrangler Forum - Jeep Wrangler Owners Community.
Content from donsdepot.donrossgroup.net, a known malware distributor, has been inserted into this web page. Visiting this page now is very likely to infect your computer with malware.
Malware is malicious software that causes things like identity theft, financial loss, and permanent file deletion.

from this page - Count to 1 million using only numbers in pictures
and this page Count to 1 million using only numbers in pictures
__________________
2013 JKU Sport, billet, auto, 3.73, LSD, 315/75/16 Duratracs on MB 72, 10A springs, Bushwacker flatties

Sold - 2005 TJ, red, auto, 3.73, 33" Duratracs, 4" lift
Ice storm casualty in 2007 - 2003 TJ, green, auto, 3.73, 33" Duratracs, 4" lift
Lusus_Naturae is offline   Quote Quick Reply
Old 11-26-2013, 08:41 AM   #40
Jeeper
 
soberbyker's Avatar
 
Join Date: Feb 2013
Location: Southeastern,PA
Posts: 240
Quote:
Originally Posted by Lusus_Naturae View Post
Got this message - Danger: Malware Ahead!
Google Chrome has blocked access to this page on Jeep Wrangler Forum - Jeep Wrangler Owners Community.
Content from donsdepot.donrossgroup.net, a known malware distributor, has been inserted into this web page. Visiting this page now is very likely to infect your computer with malware.
Malware is malicious software that causes things like identity theft, financial loss, and permanent file deletion.

from this page - Count to 1 million using only numbers in pictures
and this page Count to 1 million using only numbers in pictures
FWIW

The offending photo is in post #6594, had one from the same site on a forum I am a moderator on activate the same message from Chrome, in both cases the photo is of a train.
__________________


“Life is not a journey to the grave with intentions of arriving safely in a pretty well-preserved body, but rather to skid in broadside, thoroughly used up, totally worn out and loudly proclaiming ... WOW! What a ride!”
soberbyker is offline   Quote Quick Reply
Old 11-26-2013, 03:16 PM   #41
Jeeper
 
Lusus_Naturae's Avatar
 
Join Date: Oct 2012
Location: OKC, missing WI
Posts: 2,099
No surprise here, this is a common 'game' in many forums, and train photos are very often used because they are easy to find and have easily posted numbers.
__________________
2013 JKU Sport, billet, auto, 3.73, LSD, 315/75/16 Duratracs on MB 72, 10A springs, Bushwacker flatties

Sold - 2005 TJ, red, auto, 3.73, 33" Duratracs, 4" lift
Ice storm casualty in 2007 - 2003 TJ, green, auto, 3.73, 33" Duratracs, 4" lift
Lusus_Naturae is offline   Quote Quick Reply
Old 11-29-2013, 12:04 PM   #42
Administrator

WF Supporting Member
::WF Administrator::
 
Join Date: Apr 2008
Location: Toronto, Canada
Posts: 619
Images: 1
Send a message via MSN to HelenaAG
Is this still occurring on that thread? seems like a moderator have made the necessary edits to remove the malicious image file posted.

Regards,

MD
HelenaAG is offline   Quote Quick Reply
Old 12-02-2013, 03:24 AM   #43
Jeeper
 
Lusus_Naturae's Avatar
 
Join Date: Oct 2012
Location: OKC, missing WI
Posts: 2,099
All seems ok now, thanks!

__________________
2013 JKU Sport, billet, auto, 3.73, LSD, 315/75/16 Duratracs on MB 72, 10A springs, Bushwacker flatties

Sold - 2005 TJ, red, auto, 3.73, 33" Duratracs, 4" lift
Ice storm casualty in 2007 - 2003 TJ, green, auto, 3.73, 33" Duratracs, 4" lift
Lusus_Naturae is offline   Quote Quick Reply
Reply

Quick Reply
Message:
Options

Register Now

In order to be able to post messages on the Jeep Wrangler Forum forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.
User Name:
If you do not want to register, fill this field only and the name will be used as user name for your post.
Password
Please enter a password for your user account. Note that passwords are case-sensitive.
Password:
Confirm Password:
Email Address
Please enter a valid email address for yourself.
Email Address:

Log-in

Human Verification

In order to verify that you are a human and not a spam bot, please enter the answer into the following box below based on the instructions contained in the graphic.



Thread Tools

Posting Rules
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off




» Featured Product

All times are GMT -5. The time now is 02:20 AM.



Jeep®, Wrangler, Liberty, Wagoneer, Cherokee, and Grand Cherokee are copyrighted and trademarked to Chrysler Motors LLC.
Wranglerforum.com is not in any way associated with the Chrysler Motors LLC