PDA

View Full Version : web attack mass injection



exfish
6th March 2012, 16:08
Hi there,

Recieved the above warning when trying to access the site during the week.

Site seems to be back but without the gallery, please advise.

Exfish

watchman
6th March 2012, 18:20
my lap top is norton protected and was down fri /sat and up till sun tea time but all come back ok when i uploaded some thing on to norton to secure it again:)

Davie Tait
6th March 2012, 20:04
Yeah we had a hacker put a trojan program onto the server , its been removed now and we are in the process of getting back up and running properly again , Google has listed the site as an attack site so we're getting that listing removed ASAP , the site is safe to use but please anyone that used the site over the weekend do a full system scan with your anti-virus to make sure your pc hasn't been infected.

Davie

baseplayer
9th March 2012, 18:51
Hi Davie

My avg is still throwing the site is there anything I can do

Chris

Davie Tait
9th March 2012, 20:02
Can you copy the message your getting and post it here ,we still seem to have problems with AVG , Norton now checks the site out as clear as does google search

Davie

3762dazzer
9th March 2012, 21:45
Avira is fine too, no problems !!

baseplayer
10th March 2012, 08:39
hi davie
this is a copy of what comes up on he screen




Danger: Surf-Shield has detected active threats on this page and has blocked access for your protection.
The page you are trying to access has been identified as a known exploit, phishing, or social engineering web site and therefore has been blocked for your safety. Without protection, such as that in the AVG Security Toolbar and AVG, your computer is at risk of being compromised, corrupted or having your identity stolen. Please follow one of the suggestions below to continue.

URL: www.trawlerphotos.co.uk/
Name: Blackhole Exploit Kit (type 2129)

hope this is helpfull

Chris

Davie Tait
10th March 2012, 14:38
Just what I thought had happened , there's nothing wrong with the site but AVG has sent out an update to everyone blocking the site regardless , I'll send this onto the server guys and get them to contact AVG direct to get this sorted

exfish
11th March 2012, 16:29
Hi there,
That message is back up there again and the gallery is still not available

Exfish

Davie Tait
11th March 2012, 16:33
If you're running AVG its been updated by them to automatically block the site , we're trying to get them to send out an update to sort this but you can add the site to the safe list to get access as far as I know

I use Norton and it wouldn't let me access the site at all from Friday till Monday and doesn't show any problems now , other anti-virus programs check the site out as clean too ( Google has rescanned the site and now show the site as clear )

Davie

exfish
11th March 2012, 16:37
Hi there again,

I'm using Symantec endpoint protection small business edition. (Norton)

Exfish

lilguy43uk
16th March 2012, 07:41
Davie

I'm still getting malware warnings when I access the index page. It seems there is a redirect to hllp://www.cody1163.hopto.0rg. I've intentionally disfigured the url to deny them a link.

Hope this helps

Jim

Davie Tait
16th March 2012, 14:48
Thanks Jim I'll forward this onto the server guys

lilguy43uk
17th March 2012, 08:47
It does change each day Davie the latest is hllp://www.maih4799.servecounterstrike.c0m/go?=2

Davie Tait
17th March 2012, 15:16
I've had random attacks like this but Norton doesn't trace them back to the site , I wonder if the hackers have managed to copy the IP addresses we use and are directing attacks that way , I'll pass this on to the guys in Denmark , we have changed all the server access codes ( or should have by yesterday evening ) including the access codes to the server this site is hosted on so hopefully we shouldn't have a repeat but keep posting anything like this so we can keep on top of things guys

exfish
17th March 2012, 20:45
517

Hi there,
Attached is what I get when trying to open the gallery section. You will note the http address at the top of the picture gives /gallery.

Hope you can work this out, it would be a shame to lose this site.

Exfish.

martin johns
18th March 2012, 09:31
I've been getting the same Exfish, ever since the virus problem began.

Davie Tait
18th March 2012, 14:06
Sites working ok for me , wonder if your anti-virus has put a rule in your firewall to prevent accessing the site , either that or still problems with the anti-virus companies putting out updates that automatically block the site , strange that I get in and others are having problems

martin johns
18th March 2012, 15:16
Still playing up with AVG Davie. I tried un-installing & re-installing but still the same. I was asked 3 times yesterday by different people why the site hasn't been working for a few weeks so the problem is quite widespread (also evident by how quiet it is here of late).

Davie Tait
18th March 2012, 15:48
Yeah I know ,nothing I can do I still can't get into the admin panel , still waiting for Vbullettin to do an upgrade of the forum software , we've had another message from Google about a trojan ( think its the one earlier this week ) so I've forwarded it on to the guys and hopefully the info in that email will help , seems to be the archive thats throwing up problems now according to google

wbeedie
18th March 2012, 19:46
I had a lovely trojan from here the other day when I tried logging in , took me a few hours after work to get it sorted but think you must have dealt with it as it hasnt happened again , but my boss says he still cant get on , and I asked if his AV was AVG to his reply was Yes

Davie Tait
18th March 2012, 19:59
AVG sent out an update automatically blocking the site Willie , we are trying to get them to remove the block but guess it will still be a day or 2 before we get a reply from them , I'd like nothing better than to see hackers have their hands cut off and a bucket of maggots chucked over them , let that drive them bonkers when they can't scratch !!!

lilguy43uk
19th March 2012, 07:55
I can get in OK now Davie but I'm still getting malware redirect alerts. Each day it's a different one. Today it's hllp://mosh2823.myvnc.c0m

Davie Tait
19th March 2012, 14:45
do you have an update for JAVA going on just now ?? I had an automatic update for JAVA start yesterday and Norton blocked a couple of dozen redirects before I shut down JAVA and it stopped so I wonder if there's a hacker using java to do this

Donegal Bay.
20th March 2012, 10:24
Today is the first time in two weeks that I have been able access the site, I use AVG and I have also encountered all of the problems previously mentioned. Everything seems to be working correctly now, hopefully it will stay that way.

exfish
21st March 2012, 16:55
Welcome back

Exfish

Davie Tait
21st March 2012, 17:29
The software guy in Denmark deserves a crate of Tuborg for the work he's had to do getting rid of the hackers code that we found on the server , damn code was in every sub folder and archive we had , I've switched off the uploads for video for now as that is one potential route to bypass the security on the server , once we're sure the firewall and anti-virus on the server is as good as we can manage I'll switch video uploads back on

Davie

Adventurer
21st March 2012, 22:02
Caused me big probelms on my p.c these F****** hackers,
Virus protection was not functioning correctly and have lost some data and it has slowed down,
Lets hope they are gone and i can try and get the machine to works properly again,

Davie Tait
22nd March 2012, 15:10
The JAVA updates have stopped so that must have been the last bit of code we got rid of , thankfully we have full control of the server computer now so hopefully our member have not had too many problems with their own computers. We still don't really know how the hackers got in but we're as protected as we possibly can be now so we're hoping to make sure this never happens again

Adventurer
22nd March 2012, 19:40
O.K Davie,
Lets hope for that,hopefully we will c an increase in members on the site from now on,

fastcat
22nd March 2012, 20:32
Glad to see everything back to normal again :cool:

jimmyt
30th April 2012, 15:52
i just got pc back from getting virus removed but still wont let me on gallery is problem still on going im using avg
jimmyt