malicious web attack - Jeep Wrangler Forum

Go Back   Jeep Wrangler Forum > Community Forums > WF Site Help & Support

Join Wrangler Forum Today



Reply
 
Thread Tools

Please support our sponsors and let them know you heard about them on WranglerForum.com
Old 11-03-2013, 10:48 PM   #1
Jeeper
 
Join Date: Sep 2013
Posts: 71
odamo is on a distinguished road
malicious web attack

Does anyone else get a malicious web attack from "BITWETYR.IN.UA" Everytime they come to Wrangler Forum .com. My Norton blocks it but it kinda concerns me
odamo is offline   Quote
Old 11-03-2013, 10:56 PM   #2
Jeeper
 
Lowerumble's Avatar
 
Join Date: Jun 2012
Posts: 2,000
Lowerumble is on a distinguished road
my kapersky always blocks something too.

__________________
2013 Unlimited Rubicon - 2.5 Metalcloak - Ripp Supercharger - And Alot of Armor
Lowerumble is offline   Quote
Old 11-03-2013, 11:04 PM   #3
Jeeper
 
Radioman's Avatar
 
Join Date: Dec 2011
Location: Roseville, CA
Posts: 139
Radioman is on a distinguished road
No problems here...
Radioman is offline   Quote
Old 11-03-2013, 11:23 PM   #4
Jeeper
 
donmeca2020's Avatar
 
Join Date: Nov 2012
Location: Hollywood, florida
Posts: 3,057
donmeca2020 is on a distinguished road
i tend to get it while im at work and im logging on via one of their computers.. hmm interesting.
__________________
2014 Copperhead Pearl Wrangler Unlimited Sport

Claiming to be Off-road 24/7 and living the Mountain man life. that's the WF member way
donmeca2020 is offline   Quote
Old 11-04-2013, 12:26 AM   #5
Jeeper
 
David M's Avatar
 
Join Date: Jan 2011
Location: The Ozark Mountains
Posts: 773
David M is on a distinguished road
Quote:
Originally Posted by odamo View Post
Does anyone else get a malicious web attack from "BITWETYR.IN.UA" Everytime they come to Wrangler Forum .com. My Norton blocks it but it kinda concerns me
My Norton 360 Intrusion Prevention security history shows that it blocked four intrusion attempts between September 22-26, one on October 15th, and one yesterday while on WF. Each attack has the same IP address, which is apparently registered in Luxembourg.
__________________
David M is offline   Quote
Old 11-04-2013, 12:51 AM   #6
Jeeper
 
Join Date: Sep 2013
Posts: 71
odamo is on a distinguished road
it must be jeep Haters......sunsabiches
odamo is offline   Quote
Old 11-04-2013, 03:45 AM   #7
gsn
Jeeper
 
Join Date: Jul 2012
Posts: 574
gsn is on a distinguished road
Must be ads or trackers that some AVs catch as "malicious". There is really no other reason if its every time only on wranglerforum.
gsn is offline   Quote
Old 11-04-2013, 03:49 AM   #8
Supporting Member

WF Supporting Member
 
Join Date: Aug 2010
Posts: 7,920
jp2611 is on a distinguished road
Please let one of the Mods or Admins know...I didn't see where they posted or are aware of this issue.

I had some issues earlier, (like a couple months back) and after I told them about it they stopped....I have Norton as well but no records of attacks lately
jp2611 is offline   Quote
Old 11-04-2013, 04:19 AM   #10
Supporting Member

WF Supporting Member
 
Join Date: Aug 2010
Posts: 7,920
jp2611 is on a distinguished road
Thank you
jp2611 is offline   Quote
Old 11-04-2013, 09:16 AM   #11
Jeeper
 
Join Date: Sep 2013
Posts: 71
odamo is on a distinguished road
Quote:
Originally Posted by jp2611 View Post
Thank you

Your Welcome.
odamo is offline   Quote
Old 11-04-2013, 10:40 AM   #12
Administrator

WF Supporting Member
::WF Administrator::
 
HelenaAG's Avatar
 
Join Date: Apr 2008
Location: Toronto, Canada
Posts: 1,593
HelenaAG is on a distinguished road
Send a message via MSN to HelenaAG
Quote:
Originally Posted by David M View Post
My Norton 360 Intrusion Prevention security history shows that it blocked four intrusion attempts between September 22-26, one on October 15th, and one yesterday while on WF. Each attack has the same IP address, which is apparently registered in Luxembourg.
Could you post the IP address here? I haven't heard any report of an Malware issue on the forum from our end. If anyone is getting a warning please post the URL that your Anti Virus is reporting the issue on so I can get the techs to look into the issue.

Thanks

- dm, community support
HelenaAG is offline   Quote
Old 11-04-2013, 12:34 PM   #13
Jeeper
 
Upsfeederdude's Avatar
 
Join Date: May 2011
Location: South Carolina
Posts: 103
Upsfeederdude is on a distinguished road
My norton blocks something as well. It doesn't happen every time, but when it does the site starts getting glitchy and freezing up.
Upsfeederdude is offline   Quote
Old 11-04-2013, 06:02 PM   #14
Jeeper
 
David M's Avatar
 
Join Date: Jan 2011
Location: The Ozark Mountains
Posts: 773
David M is on a distinguished road
Quote:
Originally Posted by HelenaAG View Post
Could you post the IP address here? I haven't heard any report of an Malware issue on the forum from our end. If anyone is getting a warning please post the URL that your Anti Virus is reporting the issue on so I can get the techs to look into the issue.

Thanks

- dm, community support
The IP address of the, thankfully blocked, but attacking computer was:

94.242.216.6, 80

My Norton 360 calls it a "Web Attack: Malicious Exploit Kit Website".

I hope this helps.
__________________
David M is offline   Quote
Old 11-04-2013, 06:30 PM   #15
Jeeper
 
gunmn74's Avatar
 
Join Date: Aug 2013
Location: Newton Kansas 25 miles North of Wichita
Posts: 620
gunmn74 is on a distinguished road
You have the Norton Virus. Norton is horrible.
__________________
2010 JK added 17" rims and 32 inch At tires, hitch, Ace rock sliders, Barricade bumper, light guards, grab handles, floor mats, Grabars,hood latches, fuel door, 2" Rancho sport lift with 9000XL shocks, TerraFlex Monster track bar, Moog drag link, quick disconnects and Rancho stabilizer and flip kit.
gunmn74 is offline   Quote
Old 11-04-2013, 06:51 PM   #16
Jeeper
 
David M's Avatar
 
Join Date: Jan 2011
Location: The Ozark Mountains
Posts: 773
David M is on a distinguished road
Quote:
Originally Posted by gunmn74 View Post
You have the Norton Virus. Norton is horrible.
Ha, "Virus". I've used Norton 360 for seven years, and it's worked flawlessly thus far,....knock on wood!

What antivirus do you use?
__________________
David M is offline   Quote
Old 11-05-2013, 04:18 AM   #17
Jeeper
 
gunmn74's Avatar
 
Join Date: Aug 2013
Location: Newton Kansas 25 miles North of Wichita
Posts: 620
gunmn74 is on a distinguished road
Quote:
Originally Posted by David M View Post
Ha, "Virus". I've used Norton 360 for seven years, and it's worked flawlessly thus far,....knock on wood!

What antivirus do you use?
Whatever is free well rated that does not slow my computer and take me a month to get it all off my computer even after an uninstall. Now I am using avast. MacAfee and Norton have cost me weeks of my life.
__________________
2010 JK added 17" rims and 32 inch At tires, hitch, Ace rock sliders, Barricade bumper, light guards, grab handles, floor mats, Grabars,hood latches, fuel door, 2" Rancho sport lift with 9000XL shocks, TerraFlex Monster track bar, Moog drag link, quick disconnects and Rancho stabilizer and flip kit.
gunmn74 is offline   Quote
Old 11-05-2013, 01:03 PM   #18
Administrator

WF Supporting Member
::WF Administrator::
 
HelenaAG's Avatar
 
Join Date: Apr 2008
Location: Toronto, Canada
Posts: 1,593
HelenaAG is on a distinguished road
Send a message via MSN to HelenaAG
Quote:
Originally Posted by David M View Post
The IP address of the, thankfully blocked, but attacking computer was:

94.242.216.6, 80

My Norton 360 calls it a "Web Attack: Malicious Exploit Kit Website".

I hope this helps.

We need a URL to find it on the forum and get it blocked. I would run a scan of your computer as well just to ensure you have not picked up anything.

- dm, community support
HelenaAG is offline   Quote
Old 11-05-2013, 02:08 PM   #19
Jeeper
 
Join Date: Sep 2013
Posts: 71
odamo is on a distinguished road
ATTACKER URL: rydiokas.in.ua/35xy0iaq/?2
odamo is offline   Quote
Old 11-05-2013, 02:09 PM   #20
Jeeper
 
Mtonz's Avatar
 
Join Date: Apr 2013
Posts: 22
Mtonz is on a distinguished road
Yeah I get all kinds of weird things happen when I log in here
Mtonz is offline   Quote
Old 11-05-2013, 11:48 PM   #21
Jeeper
 
David M's Avatar
 
Join Date: Jan 2011
Location: The Ozark Mountains
Posts: 773
David M is on a distinguished road
Quote:
Originally Posted by HelenaAG View Post
We need a URL to find it on the forum and get it blocked. I would run a scan of your computer as well just to ensure you have not picked up anything.

- dm, community support

Attacker URL's:

bitwetyr.in.ua/g0t9cwn/?1

manches.in.ua/v6o05yz/?2

imagersgogleders.us/zxj3iyd/?2

imagerstypeonerstuns.us/zxj3iyd/?1

demcherstypes.us/zxj3iyd/?2


Attacking computer:

94.242.216.61, 80
__________________
David M is offline   Quote
Old 11-07-2013, 09:26 AM   #22
Jeeper
 
David M's Avatar
 
Join Date: Jan 2011
Location: The Ozark Mountains
Posts: 773
David M is on a distinguished road
I just had another attack at 9:05:22 am CST. I was reading a post on the "JK Jeep Wrangler Forum", and the split-second that I clicked the browser back button to go back to the JK main page my Norton blocked the intrusion attempt. It was the same IP address as above, but the new URL was:

raidysno.in.ua/w8kimyx/?2
__________________
David M is offline   Quote
Old 11-07-2013, 10:58 AM   #23
Administrator

WF Supporting Member
::WF Administrator::
 
HelenaAG's Avatar
 
Join Date: Apr 2008
Location: Toronto, Canada
Posts: 1,593
HelenaAG is on a distinguished road
Send a message via MSN to HelenaAG
Thank you for the info guys. What browser are you guys using by any chance? We are investigating this issue for you and trying to replicate the issue. Also, if possible, can you post a screen shot when you get the warning as well? Thank you for your help guys, just more details the better.

Sorry for any inconvenience.

Regards,
CG - Community Support
HelenaAG is offline   Quote
Old 11-07-2013, 06:10 PM   #24
Jeeper
 
David M's Avatar
 
Join Date: Jan 2011
Location: The Ozark Mountains
Posts: 773
David M is on a distinguished road
Quote:
Originally Posted by HelenaAG View Post
Thank you for the info guys. What browser are you guys using by any chance? We are investigating this issue for you and trying to replicate the issue. Also, if possible, can you post a screen shot when you get the warning as well? Thank you for your help guys, just more details the better.

Sorry for any inconvenience.

Regards,
CG - Community Support
I'm using Internet Explorer 9. I've tried most of the others, and still like IE the best. I'll try to grab a screen shot if it happens again.
__________________
David M is offline   Quote
Old 11-07-2013, 06:20 PM   #25
Jeeper
 
Lowerumble's Avatar
 
Join Date: Jun 2012
Posts: 2,000
Lowerumble is on a distinguished road
Quote:
Originally Posted by David M View Post
I'm using Internet Explorer 9. I've tried most of the others, and still like IE the best. I'll try to grab a screen shot if it happens again.
Same. I have still been logged in since it happened(I don't usually shut down my computer) and it only happens when I first come to the site each time. I will see what info I get next time...
__________________
2013 Unlimited Rubicon - 2.5 Metalcloak - Ripp Supercharger - And Alot of Armor
Lowerumble is offline   Quote
Old 11-07-2013, 07:27 PM   #26
Jeeper
 
173ABN VN's Avatar
 
Join Date: Jan 2013
Location: rural N.E. Kansas
Posts: 314
173ABN VN is on a distinguished road
last couple weeks have had the same issue.I think it's happened 4 times,I usually check this site everyday....russ
173ABN VN is offline   Quote
Old 11-10-2013, 07:42 PM   #27
Supporting Member

WF Supporting Member
 
ScarletVarlet's Avatar
 
Join Date: Oct 2013
Location: Middle of the West Coast, when home. Middle of the desert, stuck in sand, when not home.
Posts: 1,439
ScarletVarlet is on a distinguished road
Using Microsoft Security Essentials and never had anything pop up.

Which means I'm probably infected like a $2 escort.
ScarletVarlet is offline   Quote
Old 11-11-2013, 09:14 AM   #28
Jeeper
 
gunmn74's Avatar
 
Join Date: Aug 2013
Location: Newton Kansas 25 miles North of Wichita
Posts: 620
gunmn74 is on a distinguished road
Quote:
Originally Posted by scarletvarlet View Post
using microsoft security essentials and never had anything pop up.

Which means i'm probably infected like a $2 escort.
funny!
__________________
2010 JK added 17" rims and 32 inch At tires, hitch, Ace rock sliders, Barricade bumper, light guards, grab handles, floor mats, Grabars,hood latches, fuel door, 2" Rancho sport lift with 9000XL shocks, TerraFlex Monster track bar, Moog drag link, quick disconnects and Rancho stabilizer and flip kit.
gunmn74 is offline   Quote
Old 11-12-2013, 06:06 AM   #29
Jeeper
 
soberbyker's Avatar
 
Join Date: Feb 2013
Location: Southeastern,PA
Posts: 349
soberbyker is on a distinguished road
Quote:
Originally Posted by David M View Post
Attacker URL's:

bitwetyr.in.ua/g0t9cwn/?1

manches.in.ua/v6o05yz/?2

imagersgogleders.us/zxj3iyd/?2

imagerstypeonerstuns.us/zxj3iyd/?1

demcherstypes.us/zxj3iyd/?2


Attacking computer:

94.242.216.61, 80
Locate IP 94.242.216.61 - WHOIS IP address 94.242.216.61



The link above the screenshot has more info.

I have a question for those getting the warning, which forum page were you attempting to access? On a forum I moderate we had a similar problem where only people with Norton were getting the message. The culprit turned out to be a photo file that Norton deemed the origin domain of photo as bad.
__________________


“Life is not a journey to the grave with intentions of arriving safely in a pretty well-preserved body, but rather to skid in broadside, thoroughly used up, totally worn out and loudly proclaiming ... WOW! What a ride!”
soberbyker is offline   Quote
Old 11-12-2013, 06:18 AM   #30
Jeeper
 
soberbyker's Avatar
 
Join Date: Feb 2013
Location: Southeastern,PA
Posts: 349
soberbyker is on a distinguished road
Quote:
Originally Posted by David M View Post
Attacker URL's:

bitwetyr.in.ua/g0t9cwn/?1

manches.in.ua/v6o05yz/?2

imagersgogleders.us/zxj3iyd/?2

imagerstypeonerstuns.us/zxj3iyd/?1


demcherstypes.us/zxj3iyd/?2


Attacking computer:

94.242.216.61, 80
Using chrome, the two I highlighted brought a warning, seen below, the other three were a 404 not found message. Looking at the two "hits" the word "image" is in the addy, I'd say there is an image loaded on the forum somewhere that tracks back to an addy in Nortons "bad" file. Find the thread(s) where the image is, delete it, and all should be fine.


__________________


“Life is not a journey to the grave with intentions of arriving safely in a pretty well-preserved body, but rather to skid in broadside, thoroughly used up, totally worn out and loudly proclaiming ... WOW! What a ride!”
soberbyker is offline   Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off




Download our Mobile App

» Featured Product

All times are GMT -5. The time now is 04:44 AM.


User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2016 DragonByte Technologies Ltd.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2016 DragonByte Technologies Ltd.

Jeep®, Wrangler, Liberty, Wagoneer, Cherokee, and Grand Cherokee are copyrighted and trademarked to Chrysler Motors LLC.
Wranglerforum.com is not in any way associated with the Chrysler Motors LLC
« Back

Enter your email address:

Delivered by FeedBurner