Jump to content

Unsafe Website Warning


paladin

Recommended Posts

Whoops!!!!!!!!!!!!!!!

Win. 7 SmartScreen is popping up saying this is unsafe website, it pops up every time

I change pages. This just started today when I tried to test my speed. It says it has

been reported to Microsoft as containing threats to your PC and personal or financial

information. First time I have ever had this pop up.

Some one needs to check it out.

Link to comment
Share on other sites

Okay... well I had some insecure permissions and someone did get in and add an iFrame to the sites pages.

This has been corrected as well as the permissions.

For those of you that saw this error could you please check and make sure it's cleared. I hope to god I don't have to talk to Microsoft or something.

I totally forgot to change some permissions. I'll be scanning the sites source for anything else... I may even revert the file structure over to a backup from a few days ago.

Sorry about that guys, thanks for letting us know. This was very important. Like ON FIRE.

-Damon

Link to comment
Share on other sites

Oh... they also hacked into the skin cache for the board... it's recached and the code is gone. I'll keep looking further.

cache permissions are now locked... IPB should really do this automatically IMO. Because after IPB creates the cached skin files it leaves them with permissions of 777, oh well.

Link to comment
Share on other sites

If people want to know what an Iframe attack is.....

Easy way to beat it, is to keep your Operating system updated with patches and to keep your browser updated. And run a Anti-virus program.

'XP service pack 2' has now come to end of life cycle. So 'XP service pack 3' is the current supported cycle, for awhile. And Internet Explorer '6' is no longer supported for patches. Microsoft's site will point you to Internet Exploder 8. Windows 7 is a very stable operating system.

I have hit a few malicious(a lot worse than an Iframe) links embedded in Blogs. But Avast anti-virus puts up a block of the malicious weblink, so I can still see the Blog.

http://www.guardian.co.uk/technology/2008/apr/03/security.google

3 April 2008

What's an IFrame attack and why should I care?

It's now a popular way of trying to load malware onto users' PCs without them going to an evil or compromised website. In fact, they only have to click on a link in a Google search for a popular site, where the exploit has been preloaded. Sites affected include USA Today, Wal-Mart and ZD Net Asia, but it's spreading.

An IFrame (which isn't another Apple product - it stands for "inline frame") is just a way of loading one web page inside another, usually from a different server. That can be useful for building online applications. But malware writers can make the included page just one pixel square - meaning you can't even see it's there - and obfuscate the JavaScript that will run automatically from that included page so that it looks something like %6C%20%66%72%61%6D%65%62%6F - leaving no obvious clue that it's malicious.

When this idea got going, the IFrame code would be inserted by hacking web servers, or adding it to banner advertisements. Over the past six months, however, there has been a huge growth in the use of "poisoned" search results.

Big websites often cache (store) the results of search queries run on their sites - say, the links for a search for "malware IFrame" - and then forward these to search engines such as Google, which can generate search results directly. Malware authors exploit the system by putting in a search query like "malware IFrame" plus all the malicious IFrame's text. If the site doesn't check search terms adequately for obfuscated Javascript, the IFrame data is stored and passed on. When someone then searches for "malware IFrame" and clicks a result, the attack is initiated directly from the search result, because the browser can read the obfuscated Javascript - even if you can't.

Malware distributors like this because they don't need to hack the server, and can use popular searches to benefit from the site's SEO (search engine optimisation) practices and get a high ranking at Google. The attack usually includes half a dozen "drive-by" exploits, and also uses "social engineering" to get users to install something else, such as a video codec that is actually a Trojan. Windows users without the IE security update MS04-040 (from 2004!) are particularly vulnerable. There seem to be lots of them.

How can the attacks be stopped? Sites that cache searches must improve their input checking, and server operators can search for IFrame exploit code. Google is trying to remove malware search results, and automatically detects some exploits and warns that "This site may harm your computer".

Windows users should make sure they have installed all security updates, and preferably upgrade to XP SP2 with IE7 XP SP3 and IE 8, or Vista Windows 7. Running an active anti-malware guard can also help. That should just leave the people dumb enough to think they need to install a new codec to view porn.

MalwareBytes. Anti-Malware. free version. Download, install, update, quick scan. Runs on manual scan/manual updates for free version.

http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?tag=mncol&cdlPid=10896905

Edited by zalternate
Link to comment
Share on other sites

CA3LE: I am sho nuff glad you got it fixed. Thanks.

I may not be the brightest screwball on the block but, I am kinda like Coknuck.

I have been using the same Junk Protection for a lot of years and have never (Knock on wood)

had a bug, virus, insect or web bat on any of my Equip. to this point. (Knock on wood again)

Back to work doing NOTHING.!!!!!!!!!!!!!!!!!!!!!!!!!!!

Link to comment
Share on other sites

Whoops!!!!!!!!!!!!!!!

Win. 7 SmartScreen is popping up saying this is unsafe website, it pops up every time

I change pages. This just started today when I tried to test my speed. It says it has

been reported to Microsoft as containing threats to your PC and personal or financial

information. First time I have ever had this pop up.

Some one needs to check it out.

Hi from Roco UK , we just had the same problem over here on UK forums ,

I have no expriance of win 7, but avast AV was saying the same

.

it seemst be a day of forum attacks both sides of the pond ,

we got it down to "d21.rsdynamic.RU /direct. ect. but not all AV's picked up on it

Grisoft AV and norton didn't. avast AV did.

I think Cables post expains it = http://www.testmy.ne..._1&#entry322724

Link to comment
Share on other sites

  • 5 weeks later...

I have faced this same problem and I had used anti virus for that. I had used Norton Anti Virus 2010. It provides proactive reputation scanning and download insight add utility. Also, provides software maintains a light footprint. It is very effective and easy to use. One great feature is the additional vulnerability protection that Norton provides. Its really very useful for this.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...