RocKeR Posted May 9, 2006 Share Posted May 9, 2006 Could any of our IT savvy colleagues on this forum please check their anti-spyware logs to see if they concur with my findings? Each page I access on LR4x4.com results in my package (WebRoot Spy Sweeper) blocking access to either traffweb.biz, or 2-extreme.biz. Not sure if it's just me on this hotel LAN in Sydney... It's only happening on LR4x4 though... If you haven't got an anti spyware package, have a close look at the lower left corner of your web page where it says: "Opening page http://......." I can see it flash to traffweb.biz before it finishes loading the required page. If you haven't got anti SW, you may be seeing other behavior, or getting popups.... Trev, checked the server lately? Quote Link to comment Share on other sites More sharing options...
Fatboy Posted May 9, 2006 Share Posted May 9, 2006 Rocker, Same with me so its not just you!! Quote Link to comment Share on other sites More sharing options...
minivin Posted May 9, 2006 Share Posted May 9, 2006 loads too quickly at work to notice, will look at home to see if I notice anything on mine and see if there's any standard in system et cetera that may pin it down Quote Link to comment Share on other sites More sharing options...
LR90 Posted May 9, 2006 Share Posted May 9, 2006 Yep, sorry guys n gals. Some bright spark decided to take a pop at us and compromised one of the skins. This has now been cleaned and the breach is being repaired as I type this. Quote Link to comment Share on other sites More sharing options...
GBMUD Posted May 9, 2006 Share Posted May 9, 2006 Had some virus alerts from Norton. Seems the forum was hacked. Chris Quote Link to comment Share on other sites More sharing options...
Top90 Posted May 9, 2006 Share Posted May 9, 2006 Had some virus alerts from Norton. Seems the forum was hacked.Chris After looking at the post by new member 'wax' McAfee Tracked 3 trojans on my comp. Richard Quote Link to comment Share on other sites More sharing options...
GBMUD Posted May 9, 2006 Share Posted May 9, 2006 After looking at the post by new member 'wax' McAfee Tracked 3 trojans on my comp.Richard Yup. I smelled a rat when I saw that Wax was in the admin group. Chris Quote Link to comment Share on other sites More sharing options...
Top90 Posted May 9, 2006 Share Posted May 9, 2006 I forgot to add: WELL DONE ADMIN for getting the site sorted nice and fast. Richard Quote Link to comment Share on other sites More sharing options...
will_warne Posted May 9, 2006 Share Posted May 9, 2006 I forgot to add:WELL DONE ADMIN for getting the site sorted nice and fast. Richard Yeah, well done. That was dealt with very quickly! Quote Link to comment Share on other sites More sharing options...
Happyoldgit Posted May 9, 2006 Share Posted May 9, 2006 Yeah, well done. That was dealt with very quickly! Thirded Quote Link to comment Share on other sites More sharing options...
Les Henson Posted May 9, 2006 Share Posted May 9, 2006 Fourthded! I think Trev (LR90) gets all the credit. If I had anything to do with it you would all be looking at a blank screen most likely. Les. Quote Link to comment Share on other sites More sharing options...
minivin Posted May 9, 2006 Share Posted May 9, 2006 Yup. I smelled a rat when I saw that Wax was in the admin group.Chris I'd say more like the trowl had got out from under the bridge and was dancing about rather than just smelling a rat Good work on the swift fix Quote Link to comment Share on other sites More sharing options...
Mark Posted May 9, 2006 Share Posted May 9, 2006 why was there a trowel under the bridge? Quote Link to comment Share on other sites More sharing options...
minivin Posted May 9, 2006 Share Posted May 9, 2006 why was there a trowel under the bridge? troll, toll, towel, oh I know I nearly flunked English Quote Link to comment Share on other sites More sharing options...
Paul Humphreys Posted May 9, 2006 Share Posted May 9, 2006 I got it as well, but I did not have an email address to let anyone know. Paul Quote Link to comment Share on other sites More sharing options...
Hillbilly Raider Posted May 9, 2006 Share Posted May 9, 2006 Thank God for Tonk and the new softwear he put on me pooter! it got a bit scary for a mo here! still kept me off the forum for a while though didnt it? Quote Link to comment Share on other sites More sharing options...
Fatboy Posted May 9, 2006 Share Posted May 9, 2006 I'm impressed its sorted so quick! I had the sweats on at work when the spyware stuff kicked in but seemed to get away with it.. Then came home, couldn't resist a peek and its all sorted. Well done that man! Quote Link to comment Share on other sites More sharing options...
RocKeR Posted May 9, 2006 Author Share Posted May 9, 2006 Nice one Trevor. I'm intrigued though to know how long people had been noticing the problem before I flagged it this afternoon. It's a testament to how many people have a decent anti-virus or anti-spyware package these days, especially for those who probably didn't notice the problem. Also, how did someone manage to compromise the skin in the first place? Has the original vunerability been closed as well as fixing the attacked skin? Quote Link to comment Share on other sites More sharing options...
geoffbeaumont Posted May 9, 2006 Share Posted May 9, 2006 Nice one Trevor. I'm intrigued though to know how long people had been noticing the problem before I flagged it this afternoon. It's a testament to how many people have a decent anti-virus or anti-spyware package these days, especially for those who probably didn't notice the problem. Also, how did someone manage to compromise the skin in the first place? Has the original vunerability been closed as well as fixing the attacked skin? This is second hand, since it was Trevor that dealt with it, but I know he's gone home for a well earned rest. It appears that a vulnerability in the Invision Powerboard software which we use was exploited to run the attackers own code within the site. This technique would have allowed them to do pretty much anything with the database but due to the server permissions probably not much with the actual files. Fortunately it appears that the only thing they did before Trevor managed to deal with the problem was to embed a piece of code in the site skin that attempted to install something on user's machines. It sounds like most of you were smart enough to be running decent anti-virus/anti-spyware software which detected it. However; If you were using the site today, and you use Internet Explorer on Windows, and you didn't see any warnings, I suggest you make sure your anti-virus software is up to date and run a full scan of your system, to be on the safe side. Invision have produced patches for the vulnerability, which was only discovered recently, and Trevor has applied them to the site, so we shouldn't see any more of this. It's just unfortunate that the hackers beat us to the draw by a few hours Quote Link to comment Share on other sites More sharing options...
BogMonster Posted May 10, 2006 Share Posted May 10, 2006 I would have been using Firefox when there was that odd problem this morning (just getting a white screen) so hopefully OK Quote Link to comment Share on other sites More sharing options...
Les Henson Posted May 10, 2006 Share Posted May 10, 2006 Scanned my machine last night and two bugs in it. Norton got them. Les. Quote Link to comment Share on other sites More sharing options...
BogMonster Posted May 10, 2006 Share Posted May 10, 2006 No bugs in mine (did the same) but will do the work one later as I was on that early yesterday.... Quote Link to comment Share on other sites More sharing options...
Les Henson Posted May 10, 2006 Share Posted May 10, 2006 No bugs in mine Yes, but you're on dial-up, so they probably died of old age on the way to your PC. Les. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.