12 replies to this topic

[Sid]

Dear Admin/Mods,

Your website: www.testmy.net or any page on it is being reported as being unsafe. We are getting the following message whenever we access your website or any page on it.

"This website has been reported to contain the following threats:

Malicious software threat: This site contains links to viruses or other software programs that can reveal personal information stored or typed on your computer to malicious persons."


This is a cool site and I especially love the accurate results it gives out whenever I test my broadband connection, but I have been getting this message since the past 1 hour. You guys have been doing a swell job, but I wouldn't want any of us worried about this site being unsafe. So, can you please look into this and clear up this?

I have included the screenshot of the message we are getting.

Attached Thumbnails

• 

[zalternate]

As per http://www.testmy.ne...te-warning/  Is their any information on what the threat is?

I PMed CA3LE earlier about it.

Edited by zalternate, 21 July 2010 - 09:43 PM.

[CA3LE]

Thank you so much for reporting this.  You actually brought to our attention a major problem.  Someone hacked the site and had included an iframe into the site structure.

It is very important to us to have users like you to let us know when stuff like this happens.  Websites that are highly visible on the internet like testmy.net are prone to things like this.  It happened that this time it was an easy fix.  There are allot of files moving around on the server right now (with the speedtests being rebuilt) and in the mix some file permissions got messed up.  I had a feeling at the time that command was mistyped, that's why you always double check!  So anyways, that was seriously a couple days ago... hackers are seriously just out there scanning for a weak spot.

Luckily we caught this fast and got it resolved quickly.  I wish I would have noticed hours sooner, but hey.

[Sid]

CA3LE, on 22 July 2010 - 02:42 AM, said:

Thank you so much for reporting this.  You actually brought to our attention a major problem.  Someone hacked the site and had included an iframe into the site structure.

It is very important to us to have users like you to let us know when stuff like this happens.  Websites that are highly visible on the internet like testmy.net are prone to things like this.  It happened that this time it was an easy fix.  There are allot of files moving around on the server right now (with the speedtests being rebuilt) and in the mix some file permissions got messed up.  I had a feeling at the time that command was mistyped, that's why you always double check!  So anyways, that was seriously a couple days ago... hackers are seriously just out there scanning for a weak spot.

Luckily we caught this fast and got it resolved quickly.  I wish I would have noticed hours sooner, but hey.

Lovely! Glad that you guys are taking things seriously and have acted upon it right away. Builds up my trust and confidence. Thanks a lot!

[CA3LE]

Always, my users safety and security are very important to me.  It kinda ties into our privacy policy.  I personally have allot of opinions about internet ethics a practices... and especially when a hacker tries to exploit my users I'm all over it.  There are a ton of measures that I have in place on the server to ensure it's security.  testmy.net has at least 5-10 full on bruteforce hacking attempts a day.  But, I have curtain things set to run on non-standard ports and tons of systems in place to sniff stuff out... testmy.net's server also gives people only a couple of chances to enter admin/root login information correctly... if else { blacklist }  

There is always going to be hackers.  Hell, messing around like that myself is how I learned allot of stuff.  I just hate the destructive hackers.  I'm mostly surprised at how quickly they noticed the security hole.  Whoever did that obviously has some sort of bot scanning the internet.

Well, thanks again!

-Damon

[zalternate]

CA3LE, on 22 July 2010 - 03:29 PM, said:

I'm mostly surprised at how quickly they noticed the security hole.  Whoever did that obviously has some sort of bot scanning the internet.

Well, thanks again!

-Damon

I think they found the hole in 'IP Board' and just did a quick search for any board with it.

[CA3LE]

Well, that's what I would have normally thought..... buuuuuuut they had also exploited the other site of the site... the side that's not tied to IPB.

[zalternate]

CA3LE, on 22 July 2010 - 07:12 PM, said:

Well, that's what I would have normally thought..... buuuuuuut they had also exploited the other site of the site... the side that's not tied to IPB.

Or maybe to do with the cross site login?

Edited by zalternate, 22 July 2010 - 09:28 PM.

[CA3LE]

zalternate, on 22 July 2010 - 07:34 PM, said:

Or maybe to do with the cross site login?

No, because that side of the site is just querying IPB... it's not tied together.  The problem was because the permissions were publicly writable, I've addressed the issue.

[mudmanc4]

Done it myself recently man, it's easy to do when your ina hurry , and decide to use your ftp program to change permission instead of on the host, as some of us know ftp doesnt always change them hahaha but says it does.

Anyhow, I know testmy.net is secure as anything can be , and takes this very serious

on top of that, there's alot ALOT coming out of russia right now

[zalternate]

Quote

Total Site Update IN THE PIPE
A completely new testmy.net is on the horizon. Due to release November 2010. Hey, if you don't like change don't worry because the old tests and tools still be here too.

New buttons on the speed test site to push.   The "test my Internet" button, that is the dual test.



I keep reading bits about all sorts of forums, blog type software(e107 CMS) and such getting attacked.  Whether it's the professionals doing it or someone who took the professionals code and tried to make it do something for themselves.

Edited by zalternate, 23 July 2010 - 09:51 AM.

[michaelc]

I have this same problem - apart from getting rid of the javascript and setting correct permissions - how did ou get rid of microsoft warning?

[CA3LE]

michaelc, on 28 June 2011 - 12:12 PM, said:

I have this same problem - apart from getting rid of the javascript and setting correct permissions - how did you get rid of Microsoft warning?

Which warning are you talking about exactly.