Malicious Attack

For comments about the UNoT website and its player guides.
hopeandjoy
Anonymous Fish

Post  Posted:

Just wanted to let you all know that Norton caught and blocked a malicious attack from your New Beginning page. Might want to check for hacking.
Oslm-markguy
Carrots... yum
Carrots... yum
Posts: 516
Joined: Nov 26, 2011 12:44 pm
Contact:

Post  Posted:

Thanks for the heads up. I just sent a pm to cher.
User avatar
Terranigma Freak
Ultimate Farming Fanatic
Ultimate Farming Fanatic
Posts: 1401
Joined: Oct 31, 2000 8:07 am

Post  Posted:

I've been getting various warning around the site too. When I try to click on the links, I get transported to this link: http://rousng.eu/index.php?h=ZnhmcXdwaz ... ZlOTc2OGVm

DO NOT CLICK ON LINK!!!
Guest
Anonymous Fish

Post  Posted:

Uh-oh....well THIS certainly doesn't sound good. I visited the ANB guide site last night, not seeing this. I didn't click on anything, just scrolled to see if anything new had been added. Should I be worried......? Maybe I'll run a virus check on my computer later. *&^#ing hackers, why do they want to take the fun out of going online?!? A computer should be enjoyed as an asset, not feared as a liability!
User avatar
HMG
UNoT Extreme Mooomber
UNoT Extreme Mooomber
Posts: 5253
Joined: Jan 16, 2005 3:39 pm

Post  Posted:

Terranigma Freak wrote:I've been getting various warning around the site too. When I try to click on the links, I get transported to this link: http://rousng.eu/index.php?h=ZnhmcXdwaz ... ZlOTc2OGVm

DO NOT CLICK ON LINK!!!
I can confirm this as well.
User avatar
Terranigma Freak
Ultimate Farming Fanatic
Ultimate Farming Fanatic
Posts: 1401
Joined: Oct 31, 2000 8:07 am

Post  Posted:

Cher, it even happens on your Terranigma site.
User avatar
Cherubae
UNoT Dictator
UNoT Dictator
Posts: 8610
Joined: Sep 28, 2000 7:12 pm
Contact:

Post  Posted:

Terranigma Freak wrote:Cher, it even happens on your Terranigma site.
There aren't any banner ads on the Terranigma site. You probably have something infected on your machine now.
Guest
Anonymous Fish

Post  Posted:

Is it only the ANB guide page that's acting weird? And does merely going to the page cause problems, or is it only when you click on the links there? What happens, exactly? I've been afraid to look at the guide since reading this topic.....
Guest
Anonymous Fish

Post  Posted:

It's happened a few times to me too. Usually when I click on a link for the first time I go to the UnoT main page.
User avatar
Terranigma Freak
Ultimate Farming Fanatic
Ultimate Farming Fanatic
Posts: 1401
Joined: Oct 31, 2000 8:07 am

Post  Posted:

Cherubae wrote:
Terranigma Freak wrote:Cher, it even happens on your Terranigma site.
There aren't any banner ads on the Terranigma site. You probably have something infected on your machine now.
No, the link to ushi no tane from your Terranigma site has the same link. I did a virus scan too.
User avatar
Cherubae
UNoT Dictator
UNoT Dictator
Posts: 8610
Joined: Sep 28, 2000 7:12 pm
Contact:

Post  Posted:

Terranigma Freak wrote: No, the link to ushi no tane from your Terranigma site has the same link. I did a virus scan too.
It isn't a virus; it is maleware, so you're possibly infected and triggering it on other pages. The only thing on the Terranigma site was a third-party counter script that I've unplugged, but that script doesn't exist on the forum so that isn't the problem. Nothing on the Terranigma site has been modified in years, except for my recent disabling of the counter script.

It has to be one of the Google banner ads. I've gone through the server, and have had the site scanned, and nothing comes up. Google doesn't detect anything being served and hosted from the site, so it has to be one of the dynamic banner ads served by Adsense.

So far no one has said what appeared on their screen when they notice it, so it's pretty difficult to track down. Just 'oh so and so', which doesn't really help at all :shock: I can't even get anything to appear, with No-script disabled or enabled.
User avatar
Terranigma Freak
Ultimate Farming Fanatic
Ultimate Farming Fanatic
Posts: 1401
Joined: Oct 31, 2000 8:07 am

Post  Posted:

I just got one here after I logged in to the boards and clicked on the return to the previous page link if that helps.
User avatar
HMG
UNoT Extreme Mooomber
UNoT Extreme Mooomber
Posts: 5253
Joined: Jan 16, 2005 3:39 pm

Post  Posted:

I logged onto the forums just now, clicked my PM box, and the 'malicious attack' popped up again. It tried to redirect me to another site, which my virus blocker, AVG, blocked. It told me the type of maleware it was, so I was trying to write it down. Unfortunately, after about... I'd say 15 seconds, the website redirected again to a website with pornography. :/ And I was forced to close the window so I could close the website.

This was all I was able to write down about it. It said that it's a Exploit Blackhole Exploit Kit Detection (type 1961). I don't know if that's helpful or specific or anything. I was trying to write down the full object-name, but I had to close it down real quick.
Vann Borakul
Crazy Cow Herder
Crazy Cow Herder
Posts: 192
Joined: Oct 26, 2009 7:51 pm

Post  Posted:

I was redirected to porn after clicking the back fence o_O
My OS is like a day old

I think it happened right after the website told me a plugin on this website said I needed to install a java runtime environment thing. I'm pretty sure the redirect happened before it finished

I can PM the urls or something if that helps. The URLs are gibberish, but link to ushi
User avatar
Cherubae
UNoT Dictator
UNoT Dictator
Posts: 8610
Joined: Sep 28, 2000 7:12 pm
Contact:

Post  Posted:

As it is practically impossible to detect which of the banner ads have been infected (as I don't host them, Google is suppose to be handling it), I've unplugged the ads from the forum for now. We'll see if that makes the porn go away (or maybe I'm suppose to be charging for "special bonus Fogu services", heh.)
Vann Borakul wrote: I think it happened right after the website told me a plugin on this website said I needed to install a java runtime environment thing. I'm pretty sure the redirect happened before it finished
The site doesn't have anything you need to install.
Post Reply