malicious web attack - Jeep Wrangler Forum
Jeep Wrangler Forum

Go Back   Jeep Wrangler Forum > Community Forums > WF Site Help & Support

Join Wrangler Forum Today


Reply
 
Thread Tools

Please support our sponsors and let them know you heard about them on WranglerForum.com
Old 11-03-2013, 10:48 PM   #1
Jeeper
 
Join Date: Sep 2013
Posts: 48
Images: 6
malicious web attack

Does anyone else get a malicious web attack from "BITWETYR.IN.UA" Everytime they come to Wrangler Forum .com. My Norton blocks it but it kinda concerns me

odamo is offline   Quote Quick Reply
Old 11-03-2013, 10:56 PM   #2
Jeeper
 
Lowerumble's Avatar
 
Join Date: Jun 2012
Posts: 2,000
my kapersky always blocks something too.

__________________
2013 Unlimited Rubicon - 2.5 Metalcloak - Ripp Supercharger - And Alot of Armor
Lowerumble is offline   Quote Quick Reply
Old 11-03-2013, 11:04 PM   #3
Jeeper
 
Radioman's Avatar
 
Join Date: Dec 2011
Location: Roseville, CA
Posts: 111
No problems here...
Radioman is offline   Quote Quick Reply
Old 11-03-2013, 11:23 PM   #4
The Infamous One

WF Supporting Member
 
donmeca2020's Avatar
 
Join Date: Nov 2012
Location: Hollywood, florida
Posts: 2,575
i tend to get it while im at work and im logging on via one of their computers.. hmm interesting.
__________________
2014 Copperhead Pearl Wrangler Unlimited Sport

" Revenge is never about the greater good. It’s a visceral need that has to be satisfied or the strong lose focus. "
donmeca2020 is offline   Quote Quick Reply
Old 11-04-2013, 12:26 AM   #5
Jeeper
 
David M's Avatar
 
Join Date: Jan 2011
Location: The Ozark Mountains
Posts: 748
Quote:
Originally Posted by odamo View Post
Does anyone else get a malicious web attack from "BITWETYR.IN.UA" Everytime they come to Wrangler Forum .com. My Norton blocks it but it kinda concerns me
My Norton 360 Intrusion Prevention security history shows that it blocked four intrusion attempts between September 22-26, one on October 15th, and one yesterday while on WF. Each attack has the same IP address, which is apparently registered in Luxembourg.
__________________
David M is offline   Quote Quick Reply
Old 11-04-2013, 12:51 AM   #6
Jeeper
 
Join Date: Sep 2013
Posts: 48
Images: 6
it must be jeep Haters......sunsabiches
odamo is offline   Quote Quick Reply
Old 11-04-2013, 03:45 AM   #7
gsn
Jeeper
 
Join Date: Jul 2012
Posts: 571
Must be ads or trackers that some AVs catch as "malicious". There is really no other reason if its every time only on wranglerforum.
gsn is offline   Quote Quick Reply
Old 11-04-2013, 03:49 AM   #8
Jeeper

WF Supporting Member
 
jp2611's Avatar
 
Join Date: Aug 2010
Location: Fort Wayne IN
Posts: 5,704
Please let one of the Mods or Admins know...I didn't see where they posted or are aware of this issue.

I had some issues earlier, (like a couple months back) and after I told them about it they stopped....I have Norton as well but no records of attacks lately
jp2611 is offline   Quote Quick Reply
Old 11-04-2013, 04:15 AM   #9
MallCrawler

WF Supporting Member
::WF Moderator::
 
kjeeper10's Avatar
 
Join Date: Feb 2011
Location: Connecticut
Posts: 33,751
Moved to help and support
__________________
2007 Rubicon/Rock Krawler TR 2.5 coils/rear TB/Rancho 9000 31/32XL shocks/Teraflex monster TB/Synergy highsteer,tie rod, ball joints/Hankook MT 315-75-16 on Level 8 ZX's/MC front SB links/Rancho geo brackets & shocks/Fox ATS stabilizer/Adams front DS/Artec front armor w/ Currie upper bushings=Frankinjeep from hell.

Lifting your JK? Read this!!



Click HERE to become a WranglerForum Supporting Member!
kjeeper10 is offline   Quote Quick Reply
Old 11-04-2013, 04:19 AM   #10
Jeeper

WF Supporting Member
 
jp2611's Avatar
 
Join Date: Aug 2010
Location: Fort Wayne IN
Posts: 5,704
Thank you
jp2611 is offline   Quote Quick Reply
Old 11-04-2013, 09:16 AM   #11
Jeeper
 
Join Date: Sep 2013
Posts: 48
Images: 6
Quote:
Originally Posted by jp2611 View Post
Thank you

Your Welcome.
odamo is offline   Quote Quick Reply
Old 11-04-2013, 10:40 AM   #12
Administrator

WF Supporting Member
::WF Administrator::
 
Join Date: Apr 2008
Location: Toronto, Canada
Posts: 531
Images: 1
Send a message via MSN to HelenaAG
Quote:
Originally Posted by David M View Post
My Norton 360 Intrusion Prevention security history shows that it blocked four intrusion attempts between September 22-26, one on October 15th, and one yesterday while on WF. Each attack has the same IP address, which is apparently registered in Luxembourg.
Could you post the IP address here? I haven't heard any report of an Malware issue on the forum from our end. If anyone is getting a warning please post the URL that your Anti Virus is reporting the issue on so I can get the techs to look into the issue.

Thanks

- dm, community support
HelenaAG is offline   Quote Quick Reply
Old 11-04-2013, 12:34 PM   #13
Jeeper
 
Upsfeederdude's Avatar
 
Join Date: May 2011
Location: South Carolina
Posts: 101
My norton blocks something as well. It doesn't happen every time, but when it does the site starts getting glitchy and freezing up.
Upsfeederdude is offline   Quote Quick Reply
Old 11-04-2013, 06:02 PM   #14
Jeeper
 
David M's Avatar
 
Join Date: Jan 2011
Location: The Ozark Mountains
Posts: 748
Quote:
Originally Posted by HelenaAG View Post
Could you post the IP address here? I haven't heard any report of an Malware issue on the forum from our end. If anyone is getting a warning please post the URL that your Anti Virus is reporting the issue on so I can get the techs to look into the issue.

Thanks

- dm, community support
The IP address of the, thankfully blocked, but attacking computer was:

94.242.216.6, 80

My Norton 360 calls it a "Web Attack: Malicious Exploit Kit Website".

I hope this helps.
__________________
David M is offline   Quote Quick Reply
Old 11-04-2013, 06:30 PM   #15
Jeeper
 
gunmn74's Avatar
 
Join Date: Aug 2013
Location: Newton Kansas 25 miles North of Wichita
Posts: 559
You have the Norton Virus. Norton is horrible.
__________________
2010 JK added 17" rims and 32 inch At tires, hitch, Ace rock sliders, Barricade bumper,
light guards, grab handles, floor mats, Grabars, Rock Ridge hood latches and fuel door.
gunmn74 is offline   Quote Quick Reply
Old 11-04-2013, 06:51 PM   #16
Jeeper
 
David M's Avatar
 
Join Date: Jan 2011
Location: The Ozark Mountains
Posts: 748
Quote:
Originally Posted by gunmn74 View Post
You have the Norton Virus. Norton is horrible.
Ha, "Virus". I've used Norton 360 for seven years, and it's worked flawlessly thus far,....knock on wood!

What antivirus do you use?
__________________
David M is offline   Quote Quick Reply
Old 11-05-2013, 04:18 AM   #17
Jeeper
 
gunmn74's Avatar
 
Join Date: Aug 2013
Location: Newton Kansas 25 miles North of Wichita
Posts: 559
Quote:
Originally Posted by David M View Post
Ha, "Virus". I've used Norton 360 for seven years, and it's worked flawlessly thus far,....knock on wood!

What antivirus do you use?
Whatever is free well rated that does not slow my computer and take me a month to get it all off my computer even after an uninstall. Now I am using avast. MacAfee and Norton have cost me weeks of my life.
__________________
2010 JK added 17" rims and 32 inch At tires, hitch, Ace rock sliders, Barricade bumper,
light guards, grab handles, floor mats, Grabars, Rock Ridge hood latches and fuel door.
gunmn74 is offline   Quote Quick Reply
Old 11-05-2013, 01:03 PM   #18
Administrator

WF Supporting Member
::WF Administrator::
 
Join Date: Apr 2008
Location: Toronto, Canada
Posts: 531
Images: 1
Send a message via MSN to HelenaAG
Quote:
Originally Posted by David M View Post
The IP address of the, thankfully blocked, but attacking computer was:

94.242.216.6, 80

My Norton 360 calls it a "Web Attack: Malicious Exploit Kit Website".

I hope this helps.

We need a URL to find it on the forum and get it blocked. I would run a scan of your computer as well just to ensure you have not picked up anything.

- dm, community support
HelenaAG is offline   Quote Quick Reply
Old 11-05-2013, 02:08 PM   #19
Jeeper
 
Join Date: Sep 2013
Posts: 48
Images: 6
ATTACKER URL: rydiokas.in.ua/35xy0iaq/?2
odamo is offline   Quote Quick Reply
Old 11-05-2013, 02:09 PM   #20
Jeeper
 
Mtonz's Avatar
 
Join Date: Apr 2013
Posts: 22
Yeah I get all kinds of weird things happen when I log in here
Mtonz is offline   Quote Quick Reply
Old 11-05-2013, 11:48 PM   #21
Jeeper
 
David M's Avatar
 
Join Date: Jan 2011
Location: The Ozark Mountains
Posts: 748
Quote:
Originally Posted by HelenaAG View Post
We need a URL to find it on the forum and get it blocked. I would run a scan of your computer as well just to ensure you have not picked up anything.

- dm, community support

Attacker URL's:

bitwetyr.in.ua/g0t9cwn/?1

manches.in.ua/v6o05yz/?2

imagersgogleders.us/zxj3iyd/?2

imagerstypeonerstuns.us/zxj3iyd/?1

demcherstypes.us/zxj3iyd/?2


Attacking computer:

94.242.216.61, 80
__________________
David M is offline   Quote Quick Reply
Old 11-07-2013, 09:26 AM   #22
Jeeper
 
David M's Avatar
 
Join Date: Jan 2011
Location: The Ozark Mountains
Posts: 748
I just had another attack at 9:05:22 am CST. I was reading a post on the "JK Jeep Wrangler Forum", and the split-second that I clicked the browser back button to go back to the JK main page my Norton blocked the intrusion attempt. It was the same IP address as above, but the new URL was:

raidysno.in.ua/w8kimyx/?2
__________________
David M is offline   Quote Quick Reply
Old 11-07-2013, 10:58 AM   #23
Administrator

WF Supporting Member
::WF Administrator::
 
Join Date: Apr 2008
Location: Toronto, Canada
Posts: 531
Images: 1
Send a message via MSN to HelenaAG
Thank you for the info guys. What browser are you guys using by any chance? We are investigating this issue for you and trying to replicate the issue. Also, if possible, can you post a screen shot when you get the warning as well? Thank you for your help guys, just more details the better.

Sorry for any inconvenience.

Regards,
CG - Community Support
HelenaAG is offline   Quote Quick Reply
Old 11-07-2013, 06:10 PM   #24
Jeeper
 
David M's Avatar
 
Join Date: Jan 2011
Location: The Ozark Mountains
Posts: 748
Quote:
Originally Posted by HelenaAG View Post
Thank you for the info guys. What browser are you guys using by any chance? We are investigating this issue for you and trying to replicate the issue. Also, if possible, can you post a screen shot when you get the warning as well? Thank you for your help guys, just more details the better.

Sorry for any inconvenience.

Regards,
CG - Community Support
I'm using Internet Explorer 9. I've tried most of the others, and still like IE the best. I'll try to grab a screen shot if it happens again.
__________________
David M is offline   Quote Quick Reply
Old 11-07-2013, 06:20 PM   #25
Jeeper
 
Lowerumble's Avatar
 
Join Date: Jun 2012
Posts: 2,000
Quote:
Originally Posted by David M View Post
I'm using Internet Explorer 9. I've tried most of the others, and still like IE the best. I'll try to grab a screen shot if it happens again.
Same. I have still been logged in since it happened(I don't usually shut down my computer) and it only happens when I first come to the site each time. I will see what info I get next time...
__________________
2013 Unlimited Rubicon - 2.5 Metalcloak - Ripp Supercharger - And Alot of Armor
Lowerumble is offline   Quote Quick Reply
Old 11-07-2013, 07:27 PM   #26
Jeeper
 
173ABN VN's Avatar
 
Join Date: Jan 2013
Location: rural N.E. Kansas
Posts: 162
last couple weeks have had the same issue.I think it's happened 4 times,I usually check this site everyday....russ
173ABN VN is offline   Quote Quick Reply
Old 11-10-2013, 07:42 PM   #27
Jeeper
 
ScarletVarlet's Avatar
 
Join Date: Oct 2013
Location: Middle of the West Coast, when home. Middle of the desert, stuck in sand, when not home.
Posts: 211
Images: 1
Using Microsoft Security Essentials and never had anything pop up.

Which means I'm probably infected like a $2 escort.
ScarletVarlet is offline   Quote Quick Reply
Old 11-11-2013, 09:14 AM   #28
Jeeper
 
gunmn74's Avatar
 
Join Date: Aug 2013
Location: Newton Kansas 25 miles North of Wichita
Posts: 559
Quote:
Originally Posted by scarletvarlet View Post
using microsoft security essentials and never had anything pop up.

Which means i'm probably infected like a $2 escort.
funny!
__________________
2010 JK added 17" rims and 32 inch At tires, hitch, Ace rock sliders, Barricade bumper,
light guards, grab handles, floor mats, Grabars, Rock Ridge hood latches and fuel door.
gunmn74 is offline   Quote Quick Reply
Old 11-12-2013, 06:06 AM   #29
Jeeper
 
soberbyker's Avatar
 
Join Date: Feb 2013
Location: Southeastern,PA
Posts: 227
Quote:
Originally Posted by David M View Post
Attacker URL's:

bitwetyr.in.ua/g0t9cwn/?1

manches.in.ua/v6o05yz/?2

imagersgogleders.us/zxj3iyd/?2

imagerstypeonerstuns.us/zxj3iyd/?1

demcherstypes.us/zxj3iyd/?2


Attacking computer:

94.242.216.61, 80
Locate IP 94.242.216.61 - WHOIS IP address 94.242.216.61



The link above the screenshot has more info.

I have a question for those getting the warning, which forum page were you attempting to access? On a forum I moderate we had a similar problem where only people with Norton were getting the message. The culprit turned out to be a photo file that Norton deemed the origin domain of photo as bad.
__________________


“Life is not a journey to the grave with intentions of arriving safely in a pretty well-preserved body, but rather to skid in broadside, thoroughly used up, totally worn out and loudly proclaiming ... WOW! What a ride!”
soberbyker is offline   Quote Quick Reply
Old 11-12-2013, 06:18 AM   #30
Jeeper
 
soberbyker's Avatar
 
Join Date: Feb 2013
Location: Southeastern,PA
Posts: 227
Quote:
Originally Posted by David M View Post
Attacker URL's:

bitwetyr.in.ua/g0t9cwn/?1

manches.in.ua/v6o05yz/?2

imagersgogleders.us/zxj3iyd/?2

imagerstypeonerstuns.us/zxj3iyd/?1


demcherstypes.us/zxj3iyd/?2


Attacking computer:

94.242.216.61, 80
Using chrome, the two I highlighted brought a warning, seen below, the other three were a 404 not found message. Looking at the two "hits" the word "image" is in the addy, I'd say there is an image loaded on the forum somewhere that tracks back to an addy in Nortons "bad" file. Find the thread(s) where the image is, delete it, and all should be fine.


__________________


“Life is not a journey to the grave with intentions of arriving safely in a pretty well-preserved body, but rather to skid in broadside, thoroughly used up, totally worn out and loudly proclaiming ... WOW! What a ride!”
soberbyker is offline   Quote Quick Reply
Reply

Quick Reply
Message:
Options

Register Now

In order to be able to post messages on the Jeep Wrangler Forum forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.
User Name:
If you do not want to register, fill this field only and the name will be used as user name for your post.
Password
Please enter a password for your user account. Note that passwords are case-sensitive.
Password:
Confirm Password:
Email Address
Please enter a valid email address for yourself.
Email Address:

Log-in

Human Verification

In order to verify that you are a human and not a spam bot, please enter the answer into the following box below based on the instructions contained in the graphic.



Thread Tools

Posting Rules
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



» Rates
Get low rates on auto insurance in Canada!

» Network Links
»Jeep Parts
» Featured Product

All times are GMT -5. The time now is 03:14 AM.



Jeep®, Wrangler, Liberty, Wagoneer, Cherokee, and Grand Cherokee are copyrighted and trademarked to Chrysler Motors LLC.
Wranglerforum.com is not in any way associated with the Chrysler Motors LLC