View Active Topics          Latest 100 Topics          View Your Posts          Switch to Mobile

A problem with infected ads on this forum

Post suggestions, ideas and feedback for SCEPCOP and this website. Propose and coordinate projects, plans, articles, site improvements, etc. Requests for new boards can be made here too.

Re: A problem with infected ads on this forum

Postby NinjaPuppy » 26 Dec 2009, 05:04

SCEPCOP - I sent you a PM. I don't believe it's AdBrite.
User avatar
NinjaPuppy
 
Posts: 4002
Joined: 28 Jul 2009, 20:44






Re: A problem with infected ads on this forum

Postby Scepcop » 28 Dec 2009, 00:40

Let me remove the adbrite ad and see if the virus is still there.

I will also try to tighten the spam controls in the user registration to see if that will help get rid of the spam bots. There is a humanizer question during the registration process that usually eliminates all spambots. I don't know how they are getting past that.
“Devotion to the truth is the hallmark of morality; there is no greater, nobler, more heroic form of devotion than the act of a man who assumes the responsibility of thinking.” - Ayn Rand, Atlas Shrugged
User avatar
Scepcop
Site Admin
 
Posts: 3256
Joined: 16 May 2009, 07:29

Re: A problem with infected ads on this forum

Postby Scepcop » 28 Dec 2009, 01:41

Ok I've removed the Adbrite ad at the bottom. Let me know if the virus is still here. Adbrite was the only change that occurred on this forum right before the virus problem started, so it is the first logical suspect.

I've also tightened the user registration controls a bit by making the CAPTCHA a bit harder. I don't want to make it too hard, as then it will be unreadable. I hate it when forums have unreadable CAPTCHA's that I can never get correctly.

I've also changed the humanizer question on the registration screen to something that a bot can't simply "add up" or do math with.

Hopefully, Ninjapuppy, that cuts down on the spam bots. Let me know if it does.

Btw Ninjapuppy, in case you didn't know, you can delete a spambot account and all its posts with one click. When you delete a profile, at the bottom you will see a checkbox for "delete all user's posts". If you select that, it will delete the user's posts as well when you delete the profile.

Thanks for alerting me about the virus problem.
“Devotion to the truth is the hallmark of morality; there is no greater, nobler, more heroic form of devotion than the act of a man who assumes the responsibility of thinking.” - Ayn Rand, Atlas Shrugged
User avatar
Scepcop
Site Admin
 
Posts: 3256
Joined: 16 May 2009, 07:29

Re: A problem with infected ads on this forum

Postby NinjaPuppy » 28 Dec 2009, 02:23

Ahhhhh! Thanks for the easy delete tip. However, I'm usually not that quick at 3AM when I seem to find them. :lol:
User avatar
NinjaPuppy
 
Posts: 4002
Joined: 28 Jul 2009, 20:44

Re: A problem with infected ads on this forum

Postby NinjaPuppy » 28 Dec 2009, 20:14

So far, so good. Not a single problem last night or this morning as far as that virus.
User avatar
NinjaPuppy
 
Posts: 4002
Joined: 28 Jul 2009, 20:44

Re: A problem with infected ads on this forum

Postby Scepcop » 20 Jan 2010, 13:42

Anyone experience any viruses on here lately?

ProfWag, are you able to browse this forum virus free now?
“Devotion to the truth is the hallmark of morality; there is no greater, nobler, more heroic form of devotion than the act of a man who assumes the responsibility of thinking.” - Ayn Rand, Atlas Shrugged
User avatar
Scepcop
Site Admin
 
Posts: 3256
Joined: 16 May 2009, 07:29

Re: A problem with infected ads on this forum

Postby ProfWag » 20 Jan 2010, 19:14

Scepcop wrote:Anyone experience any viruses on here lately?

ProfWag, are you able to browse this forum virus free now?

I had the same adware pop up a few days ago while I think I was in the JREF thread, but my anti-virus caught and quarantined it almost immediately. I guess the updates finally caught up with it.
User avatar
ProfWag
 
Posts: 3843
Joined: 05 Aug 2009, 03:54

Re: A problem with infected ads on this forum

Postby NinjaPuppy » 20 Jan 2010, 20:21

That darned thing is all over the Internet now.
User avatar
NinjaPuppy
 
Posts: 4002
Joined: 28 Jul 2009, 20:44

Re: A problem with infected ads on this forum

Postby ProfWag » 20 Jan 2010, 21:40

When I say I was in the JREF thread, I was meaning I was in the thread in this forum...
User avatar
ProfWag
 
Posts: 3843
Joined: 05 Aug 2009, 03:54

Re: A problem with infected ads on this forum

Postby NinjaPuppy » 20 Jan 2010, 21:43

Yeah, I know. I was just adding my two cents. I had about a dozen people call me this week to ask me how to get rid of it and none of them come to this forum.
User avatar
NinjaPuppy
 
Posts: 4002
Joined: 28 Jul 2009, 20:44

Re: A problem with infected ads on this forum

Postby Scepcop » 02 Feb 2010, 23:15

I wrote Godaddy, my web serve host about the virus problem in this forum, even after I remove Adbrite, and here are their suggestions. However, I do not know what a virtual machine is nor how to scan a website the way they describe. Anyone have any ideas?

From Godaddy:

Dear Winston,

Thank you for contacting Online Support. Staying current with 3rd party application patches and having a strong server password are your best defenses against malware. When checking for the presence of malware, be sure to check the code residing on your server and not your backup files. Always use a virtual machine for verification to avoid infecting your own computer.

Malware can be anything from unexplained links on your web pages to executables that infect your site visitors' computers. There are three major steps to keep your hosting server and web pages free of malware. Make sure you address each of these to keep your hosting account clean and uninfected.

NOTE: Once your hosting server becomes infected with malware, we cannot assist you with its cleanup. You need to be proactive in preventing malware and in identifying/removing it if your server account becomes infected.

Identifying Malware

Perhaps Google® contacted you indicating your site was infected or maybe it was one of your site visitors that alerted you. Possibly you noticed something yourself. If you think you're having an issue with malware, here are steps to identify the problem.

NOTE: Always use a virtual machine to test for malware to prevent infecting your own computer. Remember to test the code that resides on your hosting server — not your backup files.

1. Software downloads offered from your site may contain malware. Test any offered software posted on your site to avoid unintentionally passing along malware.

2. Links from your site to malware sites. Be sure to test all links on your site.

* Search for unknown links — especially links to executables that you do not recognize: .exe, .bat, .cmd, .scr, or .pif.

* You can purchase or download free software that scans for malicious links in your code.

* Be sure to check online malware clearing houses such as http://www.stopbadware.org/ to learn of known issues.

3. Malware can be distributed through ads on your site. These can be identified the same way you identify malware links but you can also research problems via the Internet to see if others have had problems with your ad partner(s).

4. Malware links can be lurking in user-posted areas of your site. These can be identified in the same manner as links in other portions of your site.

5. Be alert for hacking attacks. Injection (inserting code or executables onto your web pages) is a common method of hacking that exploits a security vulnerability to introduce harmful code to one or more of your web pages.

* Invisible frames: These tags set up tiny frames on a web page. They are virtually invisible because of their size. To find these, search for iframe tags with height=“0” width=“0”. These are usually placed at the very top or bottom of the source code for the page.

* Obfuscated code: This type of attack is designed to be hidden and to be difficult to identify. Most common ways code is obfuscated are encoding and encrypting.

Encoding can be spotted as using hex or unicode/wide characters.

For hex, you'll see strings of percent signs ('%' ) followed by two characters (e.g. %ww%xx%yy). Unicode can be identified as "\u" followed by 4 characters and these blocks can take up several paragraphs. Example: \u9900\u1212\u8879.

Encrypted code is harder to find because there are no set patterns. Since even Javascript syntax is based on English words, most of your code should be readable. If you find entire sections of your code that are completely unintelligible blocks of letters, numbers, and symbols, you are probably looking at encrypted code.

* Often the easiest method to identify malware is to download all of your source code to a virtual machine and scan it using anti-virus and anti-spyware programs.


NOTE: Most hacking focuses on HTML code but it is also possible for malware including executables, javascript files, or even images to be uploaded to your site if the hacker gains access to your hosting server.

Removing Malware

The method required to remove the malware you find on your hosting server will differ depending upon what you have found. Here are some methods to rid your hosting server of malware that has infected it.

1. If you find malware in software that you offer for download, remove the infected software from your site and do not offer it again until you are sure that it is not infected. If you created the software, you can use malware prevention sites to understand guidelines for software compliance.

2. If you find links to malware sites on your site, remove them from your code.

3. If ads on your site are linking to malware, remove the infected ads. If you use an ad network, this may mean removing all of the network's ads from your site until you can insure that the network is clean. You may also wish to contact your ad provider and let them know.

4. If malware is found in user-generated areas of your site, remove the malware links you've found. This may involve editing user posts or deleting entire user posts.

5. If your site has been hacked:

* Take the site offline to avoid putting site visitors and customers at risk.

* Remove all offending code. This is only effective long-term in conjunction prevention.

* Fix underlying security vulnerabilities to prevent future attacks.

* Check for and remove any 'back doors' left by the hacker. A back door allows the hacker future access even after you secure the site.

* Check user forums for the software you are using on your site to determine if other users have been affected and to see if your site is missing security updates.

Preventing Malware

Long term, this is the most important tool against malware. Following these guidelines can save you time, effort, and trouble in the future.


1. Insure software offered for download is malware-free before making it available.

2. Before adding a link to your site, check it for malware.

3. Use only reputable ad providers and monitor them regularly.

* Insure that your ad providers are currently clean and that they scan regularly for malware from advertisers.

* Before choosing and implementing a new ad partner, use Internet searches to check them out for previous or current problems.


4. Monitor user-generated areas of your site.

* Post terms of use for additions to your forums or blogs to explicitly forbid posting links to malware. Actively monitor these areas for suspicious links or executables.

* Use a strong password. For guidelines on creating a password see Generating a Strong Password.

* Use FTP-SSL, if available. To check your hosting server for FTP-SSL availability and to connect using FTP-SSL, see Connecting to Your Shared Hosting Account with FTP-SSL.

* Scan your site for security vulnerabilities. There are both free and commercial auditing scanners you can use.

* Make sure to install the latest available version and all available patches for 3rd party software you're using on your site. This is very important. If the 3rd party software you are using has a security vulnerability, your site will be vulnerable. Staying current with provider releases and security patches will lessen those vulnerabilities.

Please let us know if we can help you in any other way.

Sincerely,

Matt P.
Online Support Representative
“Devotion to the truth is the hallmark of morality; there is no greater, nobler, more heroic form of devotion than the act of a man who assumes the responsibility of thinking.” - Ayn Rand, Atlas Shrugged
User avatar
Scepcop
Site Admin
 
Posts: 3256
Joined: 16 May 2009, 07:29

Re: A problem with infected ads on this forum

Postby NinjaPuppy » 03 Feb 2010, 01:22

It's written for those who have dedicated servers. In other words, it's for PhpBB. They own the servers for this forum.
User avatar
NinjaPuppy
 
Posts: 4002
Joined: 28 Jul 2009, 20:44

Re: A problem with infected ads on this forum

Postby Scepcop » 04 Feb 2010, 20:39

NinjaPuppy wrote:It's written for those who have dedicated servers. In other words, it's for PhpBB. They own the servers for this forum.


Does that mean I can't follow those instructions? What is a dedicated server?
“Devotion to the truth is the hallmark of morality; there is no greater, nobler, more heroic form of devotion than the act of a man who assumes the responsibility of thinking.” - Ayn Rand, Atlas Shrugged
User avatar
Scepcop
Site Admin
 
Posts: 3256
Joined: 16 May 2009, 07:29

Re: A problem with infected ads on this forum

Postby NinjaPuppy » 04 Feb 2010, 21:53

It's basically a computer that is on all the time to keep your site up and running. Years ago, it was easy to put up a website without needing to use a third party like phpBB as long as you knew what you were doing from the tech end. Now it's really easy but you usually have to pay to do it.

If we have a tech person here who can explain this much better than I can, please feel free. I am not formally trained in all things computer and if I ask my husband to explain it to me in proper technical terms, my head will explode in 2 minutes or less.
User avatar
NinjaPuppy
 
Posts: 4002
Joined: 28 Jul 2009, 20:44

Re: A problem with infected ads on this forum

Postby Scepcop » 27 Feb 2010, 14:02

Has anyone had any problems with malware or viruses here lately?
“Devotion to the truth is the hallmark of morality; there is no greater, nobler, more heroic form of devotion than the act of a man who assumes the responsibility of thinking.” - Ayn Rand, Atlas Shrugged
User avatar
Scepcop
Site Admin
 
Posts: 3256
Joined: 16 May 2009, 07:29

PreviousNext

Return to Suggestions / Feedback

Who is online

Users browsing this forum: No registered users and 1 guest

cron