View previous topic :: View next topic |
Author |
Message |
DallanC Site Admin
Joined: Jan 18, 2005 Posts: 3572 Location: Utah
|
Posted: Tue May 28, 2013 9:23 pm Post subject: Virus |
|
I am getting reports from users about a virus when they attempt to access HuntingNut. I am talking to my webhost to see if this is valid, or it its a false positive.
Details to follow as I learn more.
-DallanC
Last edited by DallanC on Tue Dec 03, 2013 5:30 pm; edited 1 time in total |
|
Back to top |
|
|
DallanC Site Admin
Joined: Jan 18, 2005 Posts: 3572 Location: Utah
|
Posted: Tue May 28, 2013 9:48 pm Post subject: Re: Virus |
|
From my host:
Quote:: |
Hi,
I am sorry, but it look like a cached or false positive alarm on AVG. I have performed a full scan on your account and the result is just positive;
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
scan completed on /home/hunting/public_html: files 27482, malware hits 0, cleaned hits 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Also, checked the domain with other antivirus site like McAfee, Norton etc and those results showing there is no infections on your account.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
huntingnut.com
We tested this site and didn't find any significant problems.
Are you the owner of this site? Leave a comment
Contact information: Country Popularity
United States
Some users
Automated Web Safety Testing Results for huntingnut.com
E-MAIL TESTS FOR HUNTINGNUT.COM:
DOWNLOAD TESTS FOR HUNTINGNUT.COM:
Downloads we found on this site:
Download Analysis
PointBlankCRBSv18a.zip
PointBlankCRBSv18a.zip
PointBlankCRBSv18a.zip
PointBlankCRBSv18a.zip
PointBlankCRBSv18a.zip
6 total downloads. See more.
6 green downloads
In our tests, we found downloads on this site were free of adware, spyware, and other potentially unwanted programs.
View detailed analysis
Submit a download for analysis
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Thank you.
Regards,
--
Alex Spaford
Level 2 System Administrator
TotalChoiceHosting INC. |
Still digging, into this!
-DallanC
|
|
Back to top |
|
|
DallanC Site Admin
Joined: Jan 18, 2005 Posts: 3572 Location: Utah
|
Posted: Wed May 29, 2013 11:20 am Post subject: Re: Virus |
|
Ok I was able to track down the infection, it does indeed seem we got accessed somehow. I will continue to investigate how this happened, meanwhile the site appears "clean".
If anyone happens to notice any pages that trigger wierd behavior let me know. Apologies for the inconvience!
-DallanC
|
|
Back to top |
|
|
shrpshtrjoe Super Red Neck Member
Joined: Jan 26, 2005 Posts: 2965 Location: Maryland
|
Posted: Wed May 29, 2013 1:36 pm Post subject: Re: Virus |
|
Cool Thanks for your efforts Dallan...
_________________ "MOLON LABE"
P E T A
People Eating Tasty Animals |
|
Back to top |
|
|
Dawgdad Super Member
Joined: Feb 08, 2006 Posts: 1065 Location: On the Prairie
|
Posted: Wed May 29, 2013 1:56 pm Post subject: Re: Virus |
|
I had posted a link to a photo hosted on Coppermine and some people said they got a "hack attempt has been recorded" alert when they tried to open it.
_________________ Alcohol, Tobacco and Firearms should be a convenience store, not a government agency... |
|
Back to top |
|
|
DallanC Site Admin
Joined: Jan 18, 2005 Posts: 3572 Location: Utah
|
Posted: Wed May 29, 2013 1:57 pm Post subject: Re: Virus |
|
Dawgdad wrote: |
I had posted a link to a photo hosted on Coppermine and some people said they got a "hack attempt has been recorded" alert when they tried to open it. |
Email me the link you used, I will look into it.
-DallanC
|
|
Back to top |
|
|
DallanC Site Admin
Joined: Jan 18, 2005 Posts: 3572 Location: Utah
|
Posted: Wed May 29, 2013 2:00 pm Post subject: Re: Virus |
|
shrpshtrjoe wrote: |
Cool Thanks for your efforts Dallan... |
Heh no problem. I had a site wide backup made on the 13th of this month, so I made a new backup with the virus, then ran some software I have that does file comparisons to show what changed from one version to the next. It quickly showed the 70'ish files that got modified. I manually restored them all and it seems fine.
As annoying as it is, it seems we are "big enough" that hackers feel we are worth the effort to access.
-DallanC
|
|
Back to top |
|
|
DallanC Site Admin
Joined: Jan 18, 2005 Posts: 3572 Location: Utah
|
Posted: Wed May 29, 2013 2:02 pm Post subject: Re: Virus |
|
PS: the trojan really only seemed to affect the newest version of Internet Explorer (version 10), it would just try to redirect the user from HuntingNut to some silly dating site.
-DallanC
|
|
Back to top |
|
|
shrpshtrjoe Super Red Neck Member
Joined: Jan 26, 2005 Posts: 2965 Location: Maryland
|
|
Back to top |
|
|
Ominivision1 Super Member
Joined: Sep 20, 2010 Posts: 2984 Location: Iowa
|
Posted: Wed May 29, 2013 2:54 pm Post subject: Re: Virus |
|
One other thing to watch for is rogue certificates being installed on your web browser(s). If you get redirected to another website, shut down the browser and lock the firewall and open up FF or whatever you use) and go to advance settings (encryption, view certificates) and I found found a rogue sever security certificate installed who knows when (date).
_________________ Regards
Limitations are but boundaries created inside our minds. |
|
Back to top |
|
|
gelandangan Super Member
Joined: May 07, 2006 Posts: 6397 Location: Sydney Australia
|
Posted: Wed May 29, 2013 3:10 pm Post subject: Re: Virus |
|
Good on you Dallan!
Thanks for the hard work, I am glad we are back.
_________________ A straight line is the shortest distance between two points.
A smile is the shortest distance between two people.
Do - Not try!
gelandangan.weebly.com/ |
|
Back to top |
|
|
Pumpkinslinger Super Member
Joined: Sep 22, 2007 Posts: 5002 Location: NC foothills
|
Posted: Wed May 29, 2013 4:19 pm Post subject: Re: Virus |
|
Yep, I was going through HuntingNut withdrawal! Norton blocked it at home and whatever they use at work did the same.
_________________ Mike
"I ain't no better than anybody else, and there ain't nobody better than me!" Ma Kettle |
|
Back to top |
|
|
Pumpkinslinger Super Member
Joined: Sep 22, 2007 Posts: 5002 Location: NC foothills
|
Posted: Wed May 29, 2013 10:58 pm Post subject: Re: Virus |
|
Hmmm, when I went to the photos here to put some in a post I got that same warning from Norton that I was getting on Tuesday. Here is some of the Norton information.
Category: Intrusion Prevention
An intrusion attempt by www.huntingnut.com was blocked.
Web Attack: Mass Injection Website 5, ,"www.huntingnut.com (208.76.80.141,80) ",www.huntingnut.com/modules/coppermine/scripts.js," Network traffic from www.huntingnut.com/mod...scripts.js matches the signature of a known attack. The attack was resulted from \DEVICE\HARDDISKVOLUME3\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE.
_________________ Mike
"I ain't no better than anybody else, and there ain't nobody better than me!" Ma Kettle |
|
Back to top |
|
|
Vince Site Admin
Joined: May 25, 2005 Posts: 15715 Location: Brisbane AUSTRALIA
|
|
Back to top |
|
|
Elvis Super Member
Joined: Jul 27, 2008 Posts: 9253 Location: south island New Zealand
|
Posted: Thu May 30, 2013 12:26 am Post subject: Re: Virus |
|
good on you DallanC
YOU THE MAN
_________________ You shot it You pluck it !
Them who eats the most duck eats the most feathers! |
|
Back to top |
|
|
|