Ushi No Tane - Harvest Moon

The forum for Ushi No Tane, a Harvest Moon fansite

* Rules    * Login 

   * Search  * Register
It is currently Nov 29, 2020 8:16 am

All times are UTC - 8 hours





Post new topic Reply to topic  [ 76 posts ]  Go to page Previous  1, 2, 3, 4, 5, 6  Next
Author Message
hologramblue
  Post subject: Re: Malicious Attack
Post Posted: Jan 11, 2013 6:16 pm 
Huggy Chickens
Huggy Chickens

User avatar
Posts: 307

Offline
i haven't been hit with anything because avast is blocking the malicious urls, but i've been redirected to shady-looking links when trying to access the ucp.
 
Reply with quote  
boh
  Post subject: Re: Malicious Attack
Post Posted: Jan 11, 2013 10:06 pm 
Anonymous Fish

Even if you have an ad blocker it still will redirect you. This has affected me before and I thought it was just me because I didn't notice anybody else post about this. I have a good anti-virus on my computer (sunbelt VIPRE). I have deep-scanned my computer and found nothing. On top of that my computer is automatically set to do a quick-scan every night.

I usually receive the redirects when I click on the portal at the top here for the update page since the forum is bookmarked for me.

I've gotten random pages before and even gotten redirected to a porn website :/ I tend to keep away nowadays.
 
Reply with quote  
Ru-Ne Ni-Chaan
  Post subject: Re: Malicious Attack
Post Posted: Jan 12, 2013 3:17 am 
Ultimate Farming Fanatic
Ultimate Farming Fanatic

User avatar
Posts: 1216

Offline
hologramblue wrote:
i haven't been hit with anything because avast is blocking the malicious urls, but i've been redirected to shady-looking links when trying to access the ucp.

Uhh, like this?
Spoiler:
Image
 
Reply with quote  
WorMzy
  Post subject: Re: Malicious Attack
Post Posted: Jan 12, 2013 4:25 am 
Huggy Chickens
Huggy Chickens

User avatar
Posts: 270

Offline
Well that's an unconvincing ad, Windows uses backslashes for directory paths. *shakes head*
 
Reply with quote  
Raven Mist
  Post subject: Re: Malicious Attack
Post Posted: Jan 12, 2013 8:36 am 
Not the Eggplant Wizard
Not the Eggplant Wizard

User avatar
Posts: 623

Offline
It was happening on mine's too while logging in... :/
 
Reply with quote  
Yaneci
  Post subject: Re: Malicious Attack
Post Posted: Jan 13, 2013 11:08 am 
Wacky Weed Puller
Wacky Weed Puller

User avatar
Posts: 135

Offline
Vann Borakul wrote:
I was redirected to porn after clicking the back fence o_O
My OS is like a day old

I think it happened right after the website told me a plugin on this website said I needed to install a java runtime environment thing. I'm pretty sure the redirect happened before it finished

I can PM the urls or something if that helps. The URLs are gibberish, but link to ushi

A friend posted this on another forums, in a thread we both frequent. If everyone who's having the issue has updated java then maybe that's it?
Quote:
[align=center]HEY GUYS

Friendly PSA from your local computer nerd!
[/align]

There's a really bad exploit for Java that was released into the wild that uses a known security hole in order to remotely install software on your machine. This means that someone could install and run software on your computer without you even knowing about it. Everyone who uses Windows should disable Java on all of their internet browsers ASAP.

Here's some more information:
http://www.us-cert.gov/cas/techalerts/TA13-010A.html
http://www.kb.cert.org/vuls/id/625617
http://news.yahoo.com/government-warns-java-security-concerns-escalate-160640366--sector.html

Some websites are gonna look really ugly with Java turned off, but this is better than getting your files deleted or your personal info compromised. Oracle (the company who makes Java) has known about this since August last year and has blown off fixing it.


edit: Also I've run into the issue (minus the porn site redirect) but only when I google ushi no tane and try to get to the ANB page from there. And only the ANB page, all other ushi no tane pages I get to from google don't give me the issue.
 
Reply with quote  
Saikatsu
  Post subject: Re: Malicious Attack
Post Posted: Jan 13, 2013 12:47 pm 
New Seedling
New Seedling

Posts: 6

Offline
Yaneci wrote:
A friend posted this on another forums, in a thread we both frequent. If everyone who's having the issue has updated java then maybe that's it?


I'm running AdBlock (sorry, I don't trust ad serving domains and this is exactly why, I would rather just hand my money over directly) and NoScript. I have not installed anything Java related beyond the runtime itself. The only Java application I've run is Minecraft, and no one I know who plays it is running into this issue. NoScript is configured to not run any embedded Java unless I authorize it, and I have not done so at all yet.

All scans come up clean. Yes, I realize that's not an absolute confirmation, but I am only ever encountering these redirects on the fogu.com domain, nowhere else. I browse quite a bit, it's not coincidental.

Here's a probably full list of addresses I've been redirected to:
Spoiler:
nygrht.eu/index.php?e=aXNjbmhhYno9eXN3bW0mdGltZT0xMjI1MTkxMzEwNDU3NzgwMjUmc3JjPTkmc3VybD1mb2d1LmNvbSZzcG9ydD04MCZrZXk9RDZDMjlDQTImc3VyaT0vaG0xMS8=
iuzwtu.eu/index.php?t=a3NoY2R4cz1pbWt1ZGxpaXJ6JnRpbWU9MTIyNzE5MTktODEyMjUzMTM4JnNyYz05JnN1cmw9Zm9ndS5jb20mc3BvcnQ9ODAma2V5PUQ2QzI5Q0EyJnN1cmk9L2htZm9ydW0vdmlld3RvcGljLnBocCUzZmY9MjgmdD0xNTE1Nzgmc3RhcnQ9MTIw
oznnvm.eu/index.php?h=b2VqZmRhdnA9Z3hybGwmdGltZT0xMjMwMDgxMDEwMDk4NDU5MjUmc3JjPTkmc3VybD13d3cuZm9ndS5jb20mc3BvcnQ9ODAma2V5PUQ2QzI5Q0EyJnN1cmk9L2htZm9ydW0vdmlld2ZvcnVtLnBocCUzZmY9Mjg=
qwrnsx.eu/index.php?z=d3NhcHhvaD1kaWwmdGltZT0wMTAxMDcyMi0xNTk3NDA3NzUmc3JjPTkmc3VybD13d3cuZm9ndS5jb20mc3BvcnQ9ODAma2V5PUQ2QzI5Q0EyJnN1cmk9L2htZm9ydW0vdmlld2ZvcnVtLnBocCUzZmY9Mjg=
lpwlij.eu/index.php?r=bGJ0a25reGM9amNhcmp4JnRpbWU9MTMwMTAzMTIzODExNTc0NjYzMjYmc3JjPTkmc3VybD13d3cuZm9ndS5jb20mc3BvcnQ9ODAma2V5PUQ2QzI5Q0EyJnN1cmk9L2htZm9ydW0vdmlld2ZvcnVtLnBocCUzZmY9Mjg=
oriikw.eu/index.php?a=bGpreGRuaz1waSZ0aW1lPTEzMDEwNTE4NTQ3NjQ2MjAzNjYmc3JjPTkmc3VybD13d3cuZm9ndS5jb20mc3BvcnQ9ODAma2V5PUQ2QzI5Q0EyJnN1cmk9L2htZm9ydW0vdmlld2ZvcnVtLnBocCUzZmY9Mjg=
psknxr.eu/index.php?w=dW1ycWNiZGg9Zm93a211dnZ0JnRpbWU9MTMwMTA3MjMxOTcxMTU3NDYxNCZzcmM9OSZzdXJsPXd3dy5mb2d1LmNvbSZzcG9ydD04MCZrZXk9RDZDMjlDQTImc3VyaT0vaG1mb3J1bS92aWV3Zm9ydW0ucGhwJTNmZj0yOA==
ngupgl.eu/index.php?n=dWhpbnVieT10Z2Rna2t4JnRpbWU9MTMwMTEwMDEyMi0zOTQwMzk2MTgmc3JjPTkmc3VybD13d3cuZm9ndS5jb20mc3BvcnQ9ODAma2V5PUQ2QzI5Q0EyJnN1cmk9L2htZm9ydW0vdmlld2ZvcnVtLnBocCUzZmY9Mjg=
xxqmgp.eu/index.php?o=cWJieXJlbGw9ZWZoYW1xciZ0aW1lPTEzMDExMjAwNDYtNTkyMTg5MDIzJnNyYz05JnN1cmw9d3d3LmZvZ3UuY29tJnNwb3J0PTgwJmtleT1ENkMyOUNBMiZzdXJpPS9obWZvcnVtL3ZpZXdmb3J1bS5waHAlM2ZmPTI4


EDIT: Finally have a redirect with what link I clicked on, if it helps. First one so far that wasn't a .eu domain.
Spoiler:
Page I was on: http://www.fogu.com/hmforum/viewtopic.php?f=28&t=140231
Link I clicked: http://www.fogu.com/hmforum/viewforum.php?f=28
Redirect: 34c360c197fac1f7.belcantotoday.com/index.php?c=YWFqYWNhcD1wY3VjdiZ0aW1lPTEzMDExNDAwMjUxMDczNjQ4MzM1JnNyYz05JnN1cmw9d3d3LmZvZ3UuY29tJnNwb3J0PTgwJmtleT1ENkMyOUNBMiZzdXJpPS9obWZvcnVtL3ZpZXdmb3J1bS5waHAlM2ZmPTI4


Last edited by Saikatsu on Jan 13, 2013 7:13 pm, edited 1 time in total.
 
Reply with quote  
SilverFire
  Post subject: Re: Malicious Attack
Post Posted: Jan 13, 2013 4:35 pm 
UNoT Extreme Mooomber
UNoT Extreme Mooomber

User avatar
Posts: 2102

Offline
Well I just got hit by clicking on the link to the PG section. Yay for Avast and Firefox.
Spoiler:
Image


I've been pretty good so far in not getting hit but my time as come v~v
 
Reply with quote  
Kitana Coldfire
  Post subject: Re: Malicious Attack
Post Posted: Jan 13, 2013 5:08 pm 
Huggy Chickens
Huggy Chickens

User avatar
Posts: 323

Offline
So this is why I've been getting more notifications from my antivirus about blocked port scans. I was wondering why the number suddenly seemed to jump.....

It certainly seems like someone is out to get fansites lately. Pokejungle got hacked a few months back, Bulbapedia just a few weeks ago, and now Ushi.
 
Reply with quote  
SilverFire
  Post subject: Re: Malicious Attack
Post Posted: Jan 14, 2013 3:13 am 
UNoT Extreme Mooomber
UNoT Extreme Mooomber

User avatar
Posts: 2102

Offline
Apparently PG is the hot area atm. I got pinged again;
Spoiler:
http://f8b42cc6dbfd8df0.biwebgroup.com.au/index.php?z=YWhhdWhrPW1jcWZwdXdoeiZ0aW1lPTEzMDExNDEwMDI3ODMyODE0MjEmc3JjPTkmc3VybD13d3cuZm9ndS5jb20mc3BvcnQ9ODAma2V5PUNFQjczMUIzJnN1cmk9L2htZm9ydW0vdmlld2ZvcnVtLnBocCUzZmY9MTImc2lkPTRkNjY5OGRiMzRlOTlkODcwNmE2YzFkNWViNmFiM2Iw
 
Reply with quote  
Oslm-markguy
  Post subject: Re: Malicious Attack
Post Posted: Jan 14, 2013 7:21 am 
Carrots... yum
Carrots... yum

User avatar
Posts: 516

Offline
I have a question... If I get an infection warning, should I be worried? Or is it just one of those fake ones?
 
Reply with quote  
SilverFire
  Post subject: Re: Malicious Attack
Post Posted: Jan 14, 2013 7:53 am 
UNoT Extreme Mooomber
UNoT Extreme Mooomber

User avatar
Posts: 2102

Offline
I'd run a scan just to be safe.
 
Reply with quote  
Cherubae
  Post subject: Re: Malicious Attack
Post Posted: Jan 14, 2013 8:04 am 
UNoT Dictator
UNoT Dictator

User avatar
Posts: 8239

Offline
SilverFire wrote:
Spoiler:
Image



It says right in the error where that is from. It isn't even the same urls we're dealing with.

Kitana Coldfire wrote:
So this is why I've been getting more notifications from my antivirus about blocked port scans. I was wondering why the number suddenly seemed to jump.....


:roll: port scans have nothing at all to do with this issue.

On the one machine that I was able to replicate on, it has been redirect/porn free for the past 4 days after I cleared Firefox cache, cookies, and browsing history. Typically the .eu redirect occurred once per day, but nothing has triggered since I wiped the history. I could never get it to trigger in IE.

If you're getting the redirect, clear those three datafields from your browser.
 
Reply with quote  
Kitana Coldfire
  Post subject: Re: Malicious Attack
Post Posted: Jan 14, 2013 10:08 am 
Huggy Chickens
Huggy Chickens

User avatar
Posts: 323

Offline
Cherubae wrote:
Kitana Coldfire wrote:
So this is why I've been getting more notifications from my antivirus about blocked port scans. I was wondering why the number suddenly seemed to jump.....


:roll: port scans have nothing at all to do with this issue.

On the one machine that I was able to replicate on, it has been redirect/porn free for the past 4 days after I cleared Firefox cache, cookies, and browsing history. Typically the .eu redirect occurred once per day, but nothing has triggered since I wiped the history. I could never get it to trigger in IE.

If you're getting the redirect, clear those three datafields from your browser.


Huh, really? I figured they were connected since the scan notifications tended to follow the site attempting to redirect, but maybe I'm mistaken. If so, I apologize for my erroneous thinking. This college wifi is odd. ^^;

Regardless, my firewall just takes me to a blank page when the attempted redirects happen, though I don't think it's attempted again since I turned AdBlock back on.
 
Reply with quote  
Keera
  Post subject: Re: Malicious Attack
Post Posted: Jan 15, 2013 5:12 pm 
Ultimate Farming Fanatic
Ultimate Farming Fanatic

User avatar
Posts: 1557

Offline
I cleared that stuff from my browser a few days ago and thought it would fix it. It did seem like it went away because I went a whole, like.. day and a half without getting that anymore.

However just now I got
Code:
http://70878435736e2563015009130116010750259946cfaf9a4fed1f986c90deb03.ctsau.com/sort.php


I'll try clearing my stuff again right now and let you know if it happens again.
 
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 76 posts ]  Go to page Previous  1, 2, 3, 4, 5, 6  Next


All times are UTC - 8 hours


 

Search this topic:

Powered by phpBB® Forum Software © phpBB Group