Malicious Attack

For comments about the UNoT website and its player guides.
User avatar
HM Silverbane
New Seedling
New Seedling
Posts: 49
Joined: May 29, 2010 7:05 am

Post  Posted:

just got pinged by it when i got here a moment ago. its still there guys.
i have ushi's off topic section saved, so i go directly there (bookmark i mean) and when i clicked 'board index' avast pinged me and warned it had stopped a malicious redirect. click back page and then click board index again and all is (seemingly) well.
i have adblock plus, and its popup blocker component aswell, if this helps
(avast flashed it up too fast for me to read it, sorry)

i think something is moving about in the site somehow still
Draconess
New Seedling
New Seedling
Posts: 4
Joined: Oct 09, 2010 10:32 am

Post  Posted:

I got it twice already I didn't get the banners the first time but this time around it was a sign up for xfinity triple play and android phones for sale now from AT&T on the Harvest Moon A New Beginning Main Page. I also have a popup blocked which I'm not checking <<;; sorry. Maybe this information helps a bit.... I have somewhat more detailed info from Norton but I'd rather not post it so if it helps I'll send it to you privately later if you need it let me know.
Vann Borakul
Crazy Cow Herder
Crazy Cow Herder
Posts: 192
Joined: Oct 26, 2009 7:51 pm

Post  Posted:

Ru-Ne Ni-Chaan wrote:They also appear like this.
Spoiler:
Image
meh ):
I just randomly started getting this too
Check your addons and see if anything is installed
I found the "selection links" addon installed, which is what is causing mine. I never authorized any addon
User avatar
Terranigma Freak
Ultimate Farming Fanatic
Ultimate Farming Fanatic
Posts: 1401
Joined: Oct 31, 2000 8:07 am

Post  Posted:

Yup, still get it as well.
User avatar
Cherubae
UNoT Dictator
UNoT Dictator
Posts: 8610
Joined: Sep 28, 2000 7:12 pm
Contact:

Post  Posted:

You will want to clear your browser cache and (tracking) cookies, and then do a scan for malware on your computer.

Or, you could simply be a tad more specific. I can check logs if you actually give details, but the site has been scanned and tested multiple times over the past week and nothing comes up. Being that it isn't affecting everybody who accesses the same data on the site, it may of been a malicious banner ad that has since been yanked and now there's just clean-up to do on local machines.
Madame Madie
UNoT Extreme Mooomber
UNoT Extreme Mooomber
Posts: 14241
Joined: May 23, 2002 3:48 am

Post  Posted:

Cher, I keep being redirected to this. No script blocks it.
http://liskjy.eu/index.php?r=d3FqYXp0aj ... MwMjhjZg==

That's just happened when I clicked on the backfence. No idea what it is, because I'm not okaying it on noscript!
Vann Borakul
Crazy Cow Herder
Crazy Cow Herder
Posts: 192
Joined: Oct 26, 2009 7:51 pm

Post  Posted:

Madame Madie wrote:Cher, I keep being redirected to this. No script blocks it.
http://liskjy.eu/index.php?r=d3FqYXp0aj ... MwMjhjZg==

That's just happened when I clicked on the backfence. No idea what it is, because I'm not okaying it on noscript!
That's one of the links I was redirected with

I'm gonna run a thorough scan later
Barbie Girl
Custodian of Corn
Custodian of Corn
Posts: 436
Joined: May 15, 2012 6:53 am

Post  Posted:

I haven't received warnings about malicious attacks or redirects, but I did just get a security warning on my phone after I clicked on page 235 of the Witch Princess fanclub in posting games. I copied it onto a piece of paper.
Warning wrote:The name of the site does not match the name on the certificate.
Then I hit view certificate.
Warning wrote:Issued to:
Common name: *google.com

Organization: Google Inc.

Organizationl unit:

Validaty:
Issued on: Dec 06, 2012
Expires on: Jun 07, 2013
Now I hit page info.
Warning wrote:Ushi No Tane - Harvest Moon - view topic - ~The Witch Princess Fanclub~ "Write a Poem About Joe!"

Adress: http://www.fogu.com/hmforum/viewtopic.p ... start=3510
Keera
Ultimate Farming Fanatic
Ultimate Farming Fanatic
Posts: 1557
Joined: Oct 04, 2011 7:41 pm
Contact:

Post  Posted:

Oh I've been getting this, too! I haven't copied any of the redirect links or anything, but I will whenever I get it again.

Also, I use adblock plus so I wouldn't be able to tell you which ad banner was currently up. Sorry I'm not being very helpful ^^;
Vann Borakul
Crazy Cow Herder
Crazy Cow Herder
Posts: 192
Joined: Oct 26, 2009 7:51 pm

Post  Posted:

I did a full MSE and malwarebytes scan in safe mode overnight and found nothing

Out of thousands of pages, it only ever redirects on this site
User avatar
midnighttherabbit
Carrots... yum
Carrots... yum
Posts: 545
Joined: Aug 06, 2012 12:00 am
Contact:

Post  Posted:

I was just redirected when I came on here, but being me, I panicked and closed the webpage before anything could happen.
User avatar
Narase
Wacky Weed Puller
Wacky Weed Puller
Posts: 127
Joined: Jan 01, 2010 2:42 pm

Post  Posted:

I normally have a page for guides up & open and it suddenly magically changes to a porn page on me as well :shock:
Usually happens when I'm away from my laptop too....

it's usually a page called hardcore xxx tube but I've gotten some others as well....but every time I've gotten it I clear almost everything in history (cache, cookies, the whole shebang) run 3 different adware/malware scanners and it never finds anything.

It just appeared for me again within the past few hours or so (haven't touched/looked at this thing since 10 hours ago though....) so I guess I gotta do a bunch of scans again and try not to leave my tabs open to ANYTHING on this site now that I've seen several others have this issue..........
Keera
Ultimate Farming Fanatic
Ultimate Farming Fanatic
Posts: 1557
Joined: Oct 04, 2011 7:41 pm
Contact:

Post  Posted:

Okay, I just got this

Code: Select all

http://015009130110005230567436cfaf9a4d6f028721eec5608.jkwypk.eu/sort.php
And I just clicked on the "view active topics" if that's of any help.[/color]
User avatar
weirdguy
New Seedling
New Seedling
Posts: 11
Joined: Jan 01, 2005 4:07 am

Post  Posted:

I believe this is the aforementioned "black hole" attack I have mentioned earlier, which apparently is now in this entire website, and strikes randomly so that it can't be easily traced without prepared detection. In order to avoid it, either have a strong antivirus (most commercially popular ones should protect against the common variety) or be able to use noscript (plugin for browsers like firefox) in order to stop the redirect to the bad site.
Icewings
UNoT Extreme Mooomber
UNoT Extreme Mooomber
Posts: 4531
Joined: Aug 29, 2007 7:20 am

Post  Posted:

For right now I'd install an adblocker. That would probably take care of it, since it's been confirmed it's banner-based, right?

Sorry you have to deal with this, Cher. :/
Post Reply