OT: suspicious behaviour

[BogMonster]

My computer has been doing odd things lately, lots of disk access when the computer is not being used and just seems a bit slow. Done all the usual and nothing on it but looking this morning, the firewall shows some odd things which Norton seems to be connected to:

Is this normal?

CCproxy.exe is part of Norton but some of those domains don't look very antivirusy to me

I started looking when I got a warning message about an expired site certificate for normalville.org and thought "eh?" never heard of it and was certainly not accessing it!

any thoughts from the learned IT folks please?

Ta

[Gromit]

My computer has been doing odd things lately, lots of disk access when the computer is not being used and just seems a bit slow.

might shed some light, if the next time you see alot of disck access, hit CTRL/ALT/DEL, go to the process tab on the task manager and see what process is hoging the CPU.

[pugwash]

I got that site certificate thing earlier today- i of course said no- but it was defintitely from trolilng around lr4x4.

can everyone else please check their firewall logs to see if anything has tried to access their PCs from LR4x4

[BogMonster]

I had LR4x4 and RIBnet forums open but nothing else at the time I got the certificate message. My firewall log says nothing...

[rtbarton]

I got that site certificate thing earlier today- i of course said no- but it was defintitely from trolilng around lr4x4.

can everyone else please check their firewall logs to see if anything has tried to access their PCs from LR4x4

Nothing out of the ordinary here.

I only visit International, Classified and Series forums

[Gromit]

I had LR4x4 and RIBnet forums open but nothing else at the time I got the certificate message. My firewall log says nothing...

I haven't got that site cert message this morning on lr4x4.

[Gromit]

disconnected my VPN and got the site cert message after lots of disk activity.

Somthings up

[Mark90]

I got a warning message about an expired site certificate for normalville.org

That is due to the = sign linked image in this post. You need to accept the certificate to connect to their server to download the image.

[BogMonster]

Ah ok, thanks Mark....

What about all the things my Norton is connected to?

Norton scan only done yesterday and ad-aware updated and run this morning, nothing apart from the usual "critical" tracking cookies you always get.... very odd. It has been doing the tonnes-of-disk-activity thing for a few weeks now, off and on

[Tonk]

Firewall?!?!?!?!!?

i just turn mine off, saves alot of agro

[Bull Bar Cowboy]

Yes there is something strange………….. I have just checked the main router (I have 2 chained routers) and it has seen (and turned around) a lot of activity from 195.55.x.x ip address’s …………. particularly 195.55.245.156……………. although I am fairly safe behind the router which is in stealth mode ……… and now locked down.

Looking this up ……….. it could be something we don’t want,

http://www.rhyolite.com/cgi-bin/group.cgi?group=195

Ian

[western]

That is due to the = sign linked image in this post. You need to accept the certificate to connect to their server to download the image.

from the link above in that thread Fridgefreezer has a photo or something linked from

https://normalville.org/setec/out_in_the_open/equals.jpg which woul;d explain the weird happenings. that link doesn't show it's picture just shows a red cross & IPB IMAGE. I got the certificate thing as well.

It's all FF fault

[pugwash]

what sort of security does this site have just out of interest?

if you link to another site which "may" have a virus- are we protected somehow?

[western]

what sort of security does this site have just out of interest?

if you link to another site which "may" have a virus- are we protected somehow?

good question for Trev [LR90] or Geoff to answer ??????

come on guys don't be shy

[LR90]

I think the official answer is usually along the lines that 'This site cannot be held responsible for links to material that resides on other sites'. As ever boys and girls you do need think before you click on any external link included in a post. That said the mods are pretty hot on stopping spam and other suspect posts but you may just get to the post before they do one day.

Virus protection on your PC or a healthy (?) dose of paranoia are good options.

[pugwash]

hey trev,

my post wasn't a criticism in anyway, just wondered really. don't really know how forums work so i thought i would ask.

[LR90]

Non taken, sorry if the response seemed a bit snappy

We limit what can be uploaded to the forum and prevent inclusion of html in members posts which goes a long way to making the forum safer. You do need to ensure your Windows PC is patched against the image born viruses and must be careful what link you click on.

At our end we work with Invision to keep the board fully up to date, usually means an update every other month, and they have been quick to close any holes that could compromise the board and in turn our members. An example is the incident that did occur earlier this year that resulted in a maliciously modified forum page that caused members browsers to pull up another site which was being used to distribute a virus. Members local virus protection alerted us to this one (which does show the benefit of virus protection) and the forum was cleaned and the security hole patched.

[BogMonster]

You do need to ensure your Windows PC is patched against the image born viruses and must be careful what link you click on.

WTF is that then?

[LR90]

Not been looking at dodgy pictures have you Steve? Never know what you might catch off them

Edit....

Some info on the bbc site: http://news.bbc.co.uk/2/hi/technology/4566504.stm but its not new news and the patches are out.

[geoffbeaumont]

That is due to the = sign linked image in this post. You need to accept the certificate to connect to their server to download the image.

However, it isn't a good idea to accept certificates that throw up warnings.

The certificate serves two purposes; it allows encryption of the connection between your browser and the server (this should work fine even with a dodgy certificate) and it identifies the organisation which owns or runs the site. If the certificate has expired (as in this case) it can no longer be accepted as evidence of the owner. In most cases they've probably just forgotten to renew their certificate, but you need to ask yourself whether you trust them to do the rest of their maintenance properly and keep the site secure... If the certificate doesn't match the site, steer well clear. The same applies to any certficates your browser warns you it can't validate due to an unknown certificate authority - these will usually have been created by the owner of the site ('proper' certificates are obtained from an authority which at least in theory checks that the applicant really is who they say they are). Self signed certificates are commonly used on development sites (because you have to pay for proper ones), but if you're accessing a development site you will normally know (or be) the owner and already be sure the site is okay. Self signed certificates can never be trusted, because you've only got the owners word for who they are (and that could be worthless), although at least one company that really should know better (Microsoft) regularly use them on production sites.

[jjojjas]

All clear here, no problems found.

Jas

[geoffbeaumont]

All clear here, no problems found.

Jas

That's because the offending image has been removed by Trev

[V8 Freak]

PM sent matey....

Respond and we'll see what we can do...

Neil

[BogMonster]

Thanks Neil