Topic: What the hell is going on

[Scalphunter]

I never logged out  yesterday  yet  to get  on the forum I had to become  an math student  taking an test to get on the board. have we really gotten to the point  that next  some thing will sniff our arse to see if it is really us.  I think  that all this BS has gotten to the point it starting to get riduclous. If  we are not wanted on the board say so, Not tell me that the IP I been using several years  now on DSL is infected.
 Stuff like this  going to drive  folks away.


John

[txweather.org]

I never logged out  yesterday  yet  to get  on the forum I had to become  an math student  taking an test to get on the board. have we really gotten to the point  that next  some thing will sniff our arse to see if it is really us.  I think  that all this BS has gotten to the point it starting to get riduclous. If  we are not wanted on the board say so, Not tell me that the IP I been using several years  now on DSL is infected.
 Stuff like this  going to drive  folks away.


John

Really?
So is ether that or deal with spam all day every day.

Its fine with me. I have had to do that several times but no complains here. Good job wxforums from keeping this place clean from spammers!

[saratogaWX]

Hi John,

Sorry you are experiencing difficulties.  The forum uses httpBL and projecthoneypot.org to automatically screen accesses based on IP addresses.  It seems that your IP address has a bit of history at projecthoneypot.org and that is why the challenge screen was offered to you.  Your address was not manually added, but was likely due to a bot (either using your IP address or successfully spoofing it) and so the suspicious activity was collected and recorded.

Looking in the logs (here) for httpBL I find

Today at 12:23:32 PM    206.223.193.244    26    3    Yes          Scalphunter    
2296735
Unknown    Unknown    127.3.26.1    2 Answers on the captcha
2 Good - 0 Bad

so correctly answering the challenge allowed the access.

Let me know if this happens again..I think it may be just a one-time occurrence.

Best regards,
Ken

[Scalphunter]

well it did it again

[saratogaWX]

And it appears your IP address was flagged by the CBL for sending a spam message today.  Their site shows 

IP Address 206.223.193.244 is listed in the CBL. It shows signs of being infected with a spam sending trojan, malicious link or some other form of botnet.

It was last detected at 2016-01-08 16:00 GMT (+/- 30 minutes), approximately 9 hours, 30 minutes ago.

It has been relisted following a previous removal at 2016-01-07 23:47 GMT (1 days, 1 hours, 27 minutes ago)

Perhaps the person who previously removed it didn't actually fix the problem.

This IP is infected (or NATting for a computer that is infected) with a spam-sending infection. In other words, it's participating in a botnet. If you simply remove the listing without ensuring that the infection is removed (or the NAT secured), it will probably relist again.

If this IP address is a web server (or NATting) for one, one possibility is that you are using a badly written email address verification tool. Some of these tools are remarkably badly written, and imitate botnets. One very poor one we know of is verify.php.

"email verification tools" are always a bad idea - the best way to tell whether an email address works properly is to send a "closed-loop-confirmation email", which parts of the email marketing community call "double opt-in". This is technically "confirmed opt-in". Essentially, you send a piece of email with a link, requesting the recipient click on the link to confirm the address is correct and they desire your correspondence, and only then do you use the address for further correspondence. In this way you can guarantee that the address is correct, does not contain typographic mistakes, and you're not subject to attack by malicious subscriptions. This is legally required in some jurisdictions. See Spamhaus on confirmed-opt-in for further information.

Is it possible that some device on your local network that uses your internet router's IP address has been compromised and is now doing a bit of spamming?  I'd recommend you check each system on your local network for malware.

[GregJ]

John,
This whole experience could be a good thing.  They have blocked some malicious activity from your IP address and brought it to your attention.  Don’t take this lightly….  We were hacked recently and it came in through my wife’s MacBook Air…. Yup… Mac’s are vulnerable too…..  Before it was over, they had everything.   Our lives were turned upside down to secure our financial information and identities. 

This may not land well… but the hassle that WxForum has caused you is really a VERY good thing.  We should all be thankful that this forum is watching for this type of activity and sharing what they find.  It’s a whole new world we live in.  I wish you well.

Greg

[Scalphunter]

well there are no mal ware on any of the computer that are on my  sytems  they are  checked daily. So if it  coming from here it is  from something outside my house. By the way  nothing is done on line here with finances everything done hardline or face to face with whoever we re dealing with. the old fashion way.

 Guess i'll just  shut everything down and say phuck it.

John

[txweather.org]

Guess i'll just  shut everything down and say phuck it.

John

That shouldn't be the attitude. Be thankful that wxforum is protecting you. Yes it might be annoying but it is what it is. I use to be a bartender and I use to ID every single CC.. Some people would get furious that I would ask them for an ID... I would tell them, Ok next time ill let the thief use your CC... They would stop and thank me and go on their way... You are a valuable resource to this forum! I would love to see you hang around

[sundevil01010101]

well there are no mal ware on any of the computer that are on my  sytems  they are  checked daily. So if it  coming from here it is  from something outside my house. By the way  nothing is done on line here with finances everything done hardline or face to face with whoever we re dealing with. the old fashion way.

John

If you don't already use it, I would suggest going to this page and download the free home verison and run a scan:

https://www.malwarebytes.org/mwb-intercept/

A comparison of what free vs. paid does is here:  https://www.malwarebytes.org/antimalware/

I have used this for a number of years, it's great software.

You can get Mac version here:  https://www.malwarebytes.org/antimalware/mac/

[GregJ]

FWIW....  The hack we experienced on my wife's MacBook Air was a key logger that was not detected by any antivirus or malware scans we did.  Apple did their deep scans and still couldn't find it.  Finally Apple requested that she bring it in and they would swap hard drives....  They wanted it for forensic study...  At that point, she just traded the whole thing in and bought a new laptop and started all over.....  grrrrrrr.....

Greg

[Jáchym]

Scalphunter:

Sorry, but if you say this:

there are no mal ware on any of the computer that are on my  sytems  they are  checked daily

Then unfortunately I must say you are a bit naive.... If you really think this is true then please send me the list of measures and programs you have taken and use that made you think this, because as far as I know, there are no bulletproof antivirus and antimalware programs, plus there are other ways to infect your computer, or even someone could be accessing the web from a computer outside through your network.

Also remember one thing:
It is also much easier to prove something did happen than to prove something did not. By that I mean, it is much more probable that the fact you were blacklisted and it says you are sending email etc., is not a mistake, than it is that your computer is not infected.

[sundevil01010101]

Scalphunter:

There are no bulletproof antivirus and antimalware programs.

Unfortunately so very true plus the sophistication of hacks are increasing exponentially...

The best you can do is to layer as much protection as you can in the form of rootkit detectors, antimalware, antivirus, antispyware, intrusion detection, inbound/outbound traffic filters but not one of those layers can be guaranteed to be truly 100% effective.  Your computer usage habits and personal security habits are also in play for infection vectors.

Good luck and I hope you're right and not really hacked but it would be wise to be concerned with the signs you're seeing.

[saratogaWX]

John,

Another avenue for compromise may be your internet router -- several manufacturers have used built-in passwords for administrator access and have released updates to cure this issue.  Make sure your internet router is at the latest firmware level, and change the password for access, and disable administrative access from the internet side.   You can test to see what the 'internet sees' as open ports by using Shields Up! tester by Gibson Research.  It will spot any open ports on the internet facing side of your connection.  If telnet(23) or ssh(22) , smtp(25), ftp(21) are open, you may be vulnerable to have a miscreant reconfigure your router to use as a spam relay and that could be how your IP address ended up on a spammer block list (and thus the WXForum.net extra captcha when you access here).

Hope this helps...

Best regards,
Ken

[Scalphunter]

Ken looking at that data you come up with  this stuff started  back in  October. Well that an pretty good trick to hack equipment that was turn off.  Damm I like to meet that guy and learn his secret. In October we where  still up in the interior and  only  internet  connection we had was by cell when in town.  looks like they hit the  provider  in some way to use  my IP  address.  I used malware, CC, reason core and kapsky. And jac  I started back building computer  when  4k was the top of memory.  Of  course at that time I don't even think you were around. So don't call some one naive unless you know something about them. Back then you had to do your own programming in asml and then compile it. Not too many here  can remember  the  not off the shelf stuff.

John

[saratogaWX]

I'm thinking that since your local systems scan clean of malware, then the possibility of your internet router being abused is a higher probability suspect (or maybe your cable modem, but more likely the router).  As I said before, there's been a lot of discussion on the security lists about home routers and home cable modems being compromised, some by a single malicious packet sent to them.  I hope you've checked the firmware version on your router, updated it if needed and changed admin password on it (and on your WiFi).

[Jáchym]

Ken looking at that data you come up with  this stuff started  back in  October. Well that an pretty good trick to hack equipment that was turn off.  Damm I like to meet that guy and learn his secret. In October we where  still up in the interior and  only  internet  connection we had was by cell when in town.  looks like they hit the  provider  in some way to use  my IP  address.  I used malware, CC, reason core and kapsky. And jac  I started back building computer  when  4k was the top of memory.  Of  course at that time I don't even think you were around. So don't call some one naive unless you know something about them. Back then you had to do your own programming in asml and then compile it. Not too many here  can remember  the  not off the shelf stuff.

John

Hi, sorry I didn´t mean to insult you. Obviously if a device is off then you can´t do much, that is of course true, but first of all - as Ken pointed out - it could be your modem/router that has been compromised and when I used the word "naive", I was referring to the fact that you will NEVER be 100% sure your PC is clean no matter which antivirus or antimalware SW you use. If a device is off it is a different matter, then it obviously cannot do anything, but that still does not mean it is clean once turned on.

[capeweather]

What happens if you log in through your mobile phone with wifi turned off? Do you experience the same issue?

[Scalphunter]

No problem  getting on with phone or thru tapatalks. Looks like I got another IP address since power outage last night


John

[saratogaWX]

Good news, John!