• The Derbyshire Caver, No. 158

    The latest issue is finally complete and printed

    Subscribers should have received their issue in the post - please let us know if you haven't. For everyone else, the online version is now available for free download:

    Click here for download link

Virus attack

underground

underground

Active member
bubba said:
I'd remove Java completely unless you have a particular need for it. 

I'd certainly remove Java plugins from all browsers.
Click to expand...
Interesting, I'm sick of java autoupdater, is that a general recommendation or specific to this issue dude?
 
graham

graham

New member
underground said:
bubba said:
I'd remove Java completely unless you have a particular need for it. 

I'd certainly remove Java plugins from all browsers.
Click to expand...
Interesting, I'm sick of java autoupdater, is that a general recommendation or specific to this issue dude?
Click to expand...

It's a general recommendation. Java is hellishly buggy and full of exploitable problems. Trouble is a have one very specific need for it.

P.S. Does this mean I am a 'dude'?  :-\
 
bubba

bubba

Administrator
We've had a few such reports in the last few days.  I can access the site using IE/FF/Chrome with no issues so I don't believe it's an issue with the server, possibly a false alarm with Chrome.

Thanks for the warning anyway...
 
bagpuss

bagpuss

Member
estelle said:
google chrome just warned me not to come here too for risk of malware... firefox didn't have a problem though!
Click to expand...

I've got the same thing with Chrome & also my virus checker..
 
ttxela

ttxela

New member
Sophos warns that it's blocked malware when I access the site and every time I move to a new page within the site  :-\

Mal/HTML -GenA whatever that means  ::)
 
bubba

bubba

Administrator
All of a sudden, we're getting a load of these this evening...

Weird coz I don't have an issue using IE, FF or Chrome.

Not sure if this is a false alert or there is a genuine issue. Will investigate...
 
bubba

bubba

Administrator
Ok, Toby (site overlord) has done some digging and it appears that this problem has been caused by an old (3 years) post on ukbouldering.com linking to a site that is now serving malware.

Because ukbouldering.com an ukcaving.com are served from the same IP, we have been flagged as well.

I'm confident that this is a non-issue and you can carry on using the site as usual.
 
menacer

menacer

Active member
I would like to thank whoever or whatever evil bot or link caused this. Chris aka the cap n has not been able to get on the site with either FF or Chrome ( because he didnt read the info properly..shhhh) . Im getting loads done round the house in this downtime. (y)

Ps im using safari on the ipad no problems
 
bubba

bubba

Administrator
We're confident that this has now been fixed.

Browsers may continue to flag the site as malicious for some time though...
 
martinm

martinm

New member
bagpuss said:
estelle said:
google chrome just warned me not to come here too for risk of malware... firefox didn't have a problem though!
Click to expand...

I've got the same thing with Chrome & also my virus checker..
Click to expand...

I got the same thing with Firefox and my normal Linux system that I use every day. I disconnected my t-mobile broadband dongle, reconnected it and the forum came up no problem! Maybe IP address related?
 
bubba

bubba

Administrator
The problem was with the software that feeds the banner adverts into the forum.  Somebody had managed to insert some code into the database that pulled in some malicious code from a third party website.

The code has now been removed and the advert software patched to the latest version.
 
martinm

martinm

New member
Nice one!  (y)

I had a similar problem with a clients web site. He had inserted some code via the wysiwyg editor pulling in similar stuff. I removed that and all was well again!
 
ah147

ah147

New member
I'm still getting issues with it. Is there anything I/admin can do to stop the problem occurring?

Chrome, windows 7
 
graham

graham

New member
bubba said:
The code has now been removed and the advert software patched to the latest version.
Click to expand...

Interesting, 'cos it is only now showing as an attack site for me.  :-\
 
bubba

bubba

Administrator
The problem has been fixed, however this takes time to be recognised by the bodies that flag sites as bad so it'll still come up with the warning until we've been whitelisted again.

No idea how long this takes but for now the site is safe to use.
 
M

marlboroman

New member
I've today is the first time seen warning had to try few different things to get on site to post this is the information i got from the message it seem to be this site that is compiling the lists of untrusted sites https://www.stopbadware.org
in full cant attach file it seems

Diagnostic page for ukcaving.com
What is the current listing status for ukcaving.com?
Site is listed as suspicious - visiting this web site may harm your computer.
Part of this site was listed for suspicious activity 2 time(s) over the past 90 days.
What happened when Google visited this site?
Of the 40 pages we tested on the site over the past 90 days, 20 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2013-06-16, and the last time suspicious content was found on this site was on 2013-06-16.
This site was hosted on 1 network(s) including AS6428 (CDM).
Has this site acted as an intermediary resulting in further distribution of malware?
Over the past 90 days, ukcaving.com did not appear to function as an intermediary for the infection of any sites.
Has this site hosted malware?
No, this site has not hosted malicious software over the past 90 days.
How did this happen?
In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.
Next steps:
Return to the previous page.
If you are the owner of this web site, you can request a review of your site using Google Webmaster Tools. More information about the review process is available in Google's Webmaster Help Center.
                                                                                                                                                               

Diagnostic page for AS6428 (CDM)
What happened when Google visited sites hosted on this network?
Of the 871 site(s) we tested on this network over the past 90 days, 57 site(s), including, for example, ukbouldering.com/, babesandtoys.com/, topdogbreeders.com/, served content that resulted in malicious software being downloaded and installed without user consent.
The last time Google tested a site on this network was on 2013-06-16, and the last time suspicious content was found was on 2013-06-16.
Has this network hosted sites acting as intermediaries for further malware distribution?
Over the past 90 days, we found 7 site(s) on this network, including, for example, erosdiva.com/, villasexxx.com/, mikespornsitereviews.com/, that appeared to function as intermediaries for the infection of 10 other site(s) including, for example, picnapper.com/, inew.ru/, sesso-internet.com/.
Has this network hosted sites that have distributed malware?
Yes, this network has hosted sites that have distributed malicious software in the past 90 days. We found 6 site(s), including, for example, openeros.com/, lapeches.com/, egmontkeyferry.com/, that infected 10 other site(s), including, for example, tinyurl.com/, search-metrotampabay.com/, sesso-internet.com/.
Next steps:
Return to the previous page.

 
You must log in or register to reply here.
Top