Welcome to the North American Subaru Impreza Owners Club Thursday February 21, 2019
Home Forums WikiNASIOC Products Store Modifications Upgrade Garage
NASIOC
Go Back   NASIOC > NASIOC Miscellaneous > Off-Topic

Welcome to NASIOC - The world's largest online community for Subaru enthusiasts!
Welcome to the NASIOC.com Subaru forum.

You are currently viewing our forum as a guest, which gives you limited access to view most discussions and access our other features. By joining our community, free of charge, you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is free, fast and simple, so please join our community today!

If you have any problems with the registration process or your account login, please contact us.
* Registered users of the site do not see these ads. 
Reply
 
Thread Tools Display Modes
Old 04-28-2009, 04:30 PM   #1
jacobsen1
Scooby Newbie
 
Member#: 16711
Join Date: Mar 2002
Chapter/Region: NESIC
Location: N. Kingstown RI
Vehicle:
2011 forester
2015 legacy

Default malware on my own damn site?

WTF is this about?

when I goto benjacobsen.com I get this nice warning (only from chrome, FF and IE will both go):

Quote:
Warning: Visiting this site may harm your computer!
The website at www.benjacobsen.com contains elements from the site gumblar.cn, which appears to host malware software that can hurt your computer or otherwise operate without your consent. Just visiting a site that contains malware can infect your computer.
For detailed information about the problems with these elements, visit the Google Safe Browsing diagnostic page for gumblar.cn.
Learn more about how to protect yourself from harmful software online.
I understand that visiting this site may harm my computer.
then that has this link about gumblar.cn:
http://safebrowsing.clients.google.c...hrome&hl=en-US

Quote:
Safe Browsing
Diagnostic page for gumblar.cn

What is the current listing status for gumblar.cn?
Site is listed as suspicious - visiting this web site may harm your computer.

Part of this site was listed for suspicious activity 1 time(s) over the past 90 days.

What happened when Google visited this site?
Of the 2 pages we tested on the site over the past 90 days, 0 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2009-04-28, and the last time suspicious content was found on this site was on 2009-04-28.
Malicious software includes 535 scripting exploit(s), 15 trojan(s).

This site was hosted on 1 network(s) including AS42831 (UKSERVERS).

Has this site acted as an intermediary resulting in further distribution of malware?
Over the past 90 days, gumblar.cn did not appear to function as an intermediary for the infection of any sites.

Has this site hosted malware?
Yes, this site has hosted malicious software over the past 90 days. It infected 250 domain(s), including basket-nymburk.cz/, arabicnights.com.au/, naturalchoices.co.uk/.

How did this happen?
In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.

Next steps:
Return to the previous page.
If you are the owner of this web site, you can request a review of your site using Google Webmaster Tools. More information about the review process is available in Google's Webmaster Help Center.
anyone know what any of that means? I'm in the process of trying to move my sites to a new host anyway, but I figured I should fix this before I go any further.
* Registered users of the site do not see these ads.
jacobsen1 is offline   Reply With Quote
Sponsored Links
* Registered users of the site do not see these ads.
Old 04-28-2009, 04:37 PM   #2
cRayZee
Scooby Specialist
 
Member#: 6271
Join Date: May 2001
Location: San Jose
Vehicle:
2001 2.5RSTi
2007 Legacy Spec B

Default

Duh, this wouldn't happen if your site was running on a mac
cRayZee is offline   Reply With Quote
Old 04-28-2009, 04:46 PM   #3
jacobsen1
Scooby Newbie
 
Member#: 16711
Join Date: Mar 2002
Chapter/Region: NESIC
Location: N. Kingstown RI
Vehicle:
2011 forester
2015 legacy

Default

thanks, that's helpful.
jacobsen1 is offline   Reply With Quote
Old 04-28-2009, 04:47 PM   #4
nitr0x99
Scooby Newbie
 
Member#: 111471
Join Date: Apr 2006
Location: Chicago
Vehicle:
2002 WRX

Default

Quote:
Originally Posted by jacobsen1 View Post
thanks, that's helpful.
lmao, get a mac brah
nitr0x99 is offline   Reply With Quote
Old 04-28-2009, 04:48 PM   #5
boxered
Scooby Specialist
 
Member#: 61884
Join Date: May 2004
Chapter/Region: International
Location: buying guns
Default

It worked! hahahaha.....errr..I mean, sorry dude, hope it's nothing serios.
boxered is offline   Reply With Quote
Old 04-28-2009, 04:50 PM   #6
wrxanakin
Scooby Newbie
 
Member#: 102514
Join Date: Dec 2005
Location: NYC
Vehicle:
1970 NYC Subway

Default

It's more likely than you think.
wrxanakin is offline   Reply With Quote
Old 04-28-2009, 04:52 PM   #7
Bokuden
Scooby Newbie
 
Member#: 75767
Join Date: Nov 2004
Chapter/Region: South East
Location: Baton Rouge, LA
Vehicle:
1999 Legacy GT
"Is that Purple?" Black

Default

malware's on your comp, not your site, most likely.
Bokuden is offline   Reply With Quote
Old 04-28-2009, 04:53 PM   #8
jacobsen1
Scooby Newbie
 
Member#: 16711
Join Date: Mar 2002
Chapter/Region: NESIC
Location: N. Kingstown RI
Vehicle:
2011 forester
2015 legacy

Default

^ why does google say it's on my site then? And why ONLY my site, not any of the other sites I go to (including 5 of my other sites, but they've been moved to different hosts)?
jacobsen1 is offline   Reply With Quote
Old 04-28-2009, 04:55 PM   #9
WRX300
Scooby Newbie
 
Member#: 17974
Join Date: Apr 2002
Chapter/Region: MWSOC
Location: Chicago
Default

Quote:
Originally Posted by jacobsen1 View Post
^ why does google say it's on my site then? And why ONLY my site, not any of the other sites I go to (including 5 of my other sites, but they've been moved to different hosts)?
fwiw Avast! AV freaks the **** out when I go to your site - same virus warning as well...
WRX300 is offline   Reply With Quote
Old 04-28-2009, 04:56 PM   #10
beethoven
Scooby Newbie
 
Member#: 6654
Join Date: May 2001
Chapter/Region: MWSOC
Location: Wis-Con-sin
Vehicle:
2006 Odyssey
2006 Prius

Default

You do have some encrypted or obfuscated javascript on your main page.
beethoven is offline   Reply With Quote
Old 04-28-2009, 05:08 PM   #11
Fuzz541
Scooby Specialist
 
Member#: 4739
Join Date: Mar 2001
Chapter/Region: NESIC
Location: Jiangxi, China
Default

Fuzz541 is offline   Reply With Quote
Old 04-28-2009, 05:22 PM   #12
jacobsen1
Scooby Newbie
 
Member#: 16711
Join Date: Mar 2002
Chapter/Region: NESIC
Location: N. Kingstown RI
Vehicle:
2011 forester
2015 legacy

Default

hrm, weird.

OK, so of my sites, www.awesomeroadtrips.com was showing the same error. It also had some weird **** in it's theme, I deleted that and it works fine. BJ.com (uses almost an identical them, a few links are changed) still doesn't work. I've even copied the art.com theme over and it still doesn't work so it's looking like more than the theme for BJ.com....

the only obvious difference, beyond the content (blog posts and pics) is the host... So I guess I'll finish moving BJ.com to the new host and see if somehow that's the issue?
jacobsen1 is offline   Reply With Quote
Old 04-28-2009, 05:52 PM   #13
srgdrum
Scooby Newbie
 
Member#: 140402
Join Date: Feb 2007
Chapter/Region: South East
Location: Denver Colorado
Vehicle:
2015 WRX
White

Default

Quote:
Originally Posted by jacobsen1 View Post
BJ.com
Hm. I get a different problem when I go to that site. My wife gets pissed!
srgdrum is offline   Reply With Quote
Old 04-29-2009, 09:51 AM   #14
jacobsen1
Scooby Newbie
 
Member#: 16711
Join Date: Mar 2002
Chapter/Region: NESIC
Location: N. Kingstown RI
Vehicle:
2011 forester
2015 legacy

Default

bump.

So not only was my theme "infected", so was my Gallery plugin. I just copied the plugins folder to my computer, then deleted them one at a time and refreshed the browser.

But the serious (obvious) next question is how do I stop this in the future?
jacobsen1 is offline   Reply With Quote
Old 04-29-2009, 09:55 AM   #15
boxered
Scooby Specialist
 
Member#: 61884
Join Date: May 2004
Chapter/Region: International
Location: buying guns
Default

Quit using teh innernets?
boxered is offline   Reply With Quote
Old 04-29-2009, 10:09 AM   #16
Dystinct
Scooby Specialist
 
Member#: 105759
Join Date: Jan 2006
Chapter/Region: South East
Location: I am OT's complete
Vehicle:
lack of suprise
KatsSubyRocks!

Default

We were having the same problem on a few of our sites. It had something to do with GoDaddy hosting. I think they said that 4500 sites had been infected.
Dystinct is offline   Reply With Quote
Old 04-29-2009, 10:13 AM   #17
beethoven
Scooby Newbie
 
Member#: 6654
Join Date: May 2001
Chapter/Region: MWSOC
Location: Wis-Con-sin
Vehicle:
2006 Odyssey
2006 Prius

Default

Quote:
Originally Posted by jacobsen1 View Post
bump.

So not only was my theme "infected", so was my Gallery plugin. I just copied the plugins folder to my computer, then deleted them one at a time and refreshed the browser.

But the serious (obvious) next question is how do I stop this in the future?
Honestly? Don't use Gallery.
beethoven is offline   Reply With Quote
Old 04-29-2009, 01:36 PM   #18
Jessie James
Scooby Specialist
 
Member#: 2072
Join Date: Aug 2000
Chapter/Region: MAIC
Location: Out of my mind
Default

Quote:
Originally Posted by jacobsen1 View Post
bump.

So not only was my theme "infected", so was my Gallery plugin. I just copied the plugins folder to my computer, then deleted them one at a time and refreshed the browser.

But the serious (obvious) next question is how do I stop this in the future?
The situation here is that the software you were using (Gallery) likely had a security vulnerability. The only way you can find out for sure is if you (a) keep ALL of your log files (b) back them up offsite every day and (c) go back through the log files to find anything suspicious.

The best advice I can give you is to make sure you check for software updates as often as possible, and apply patches/new versions right away.

The other solution is to use as few software packages/plug-ins as possible to minimize your exposure.

If you were compromised, then you should do the following:

1. Get a new host
2. Install all your software FRESH
3. Copy over static files (like images) to the new server. Do NOT copy over any dynamic files, like php scripts, as they could be infected.

Sometimes the host was infected, and then there is not much you can do to prevent that. However, the host should offer to switch you to a new server at no charge.

Bottom line? The only way to be safe is to do frequent updates and start fresh when something goes wrong.
Jessie James is offline   Reply With Quote
Old 04-29-2009, 01:40 PM   #19
KC
Scooby Guru
 
Member#: 442
Join Date: Oct 1999
Chapter/Region: NESIC
Location: RI/SE Mass
Vehicle:
17 Imp Spurt
00 S2k | 14 BRZ (SSC)

Default

My coppermine gallery was comprimised a while ago. Never put anything new up... yet. Just haven't found anything worthwhile, but may end up doing it in flash... a bit more secure.

--kC
KC is offline   Reply With Quote
Old 04-29-2009, 01:41 PM   #20
jacobsen1
Scooby Newbie
 
Member#: 16711
Join Date: Mar 2002
Chapter/Region: NESIC
Location: N. Kingstown RI
Vehicle:
2011 forester
2015 legacy

Default

^ yeah, that's pretty much what I've done (except for keeping/checking the logs).

I started with a fresh WP, and used a very similar theme from a different site. I just re-edited the style sheet to what it was. Then I installed the plugins fresh copied over the data (pics).

it's funny though, this happened when I upgraded my next-gen gallery plugin. I've always been hesitant with it because I've had issues with it's compatibility with my customized theme in the past (so I stuck with a really old version until the new WP version forced it). But yeah, the last upgrade ****ed itself. I lost some functions I thought were due to the upgrade. With a new copy of that plugin (same new version) it now works fine so that was it.
jacobsen1 is offline   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Keep money in 401k after I leave my job, or invest on my own? munkis Off-Topic 43 11-27-2006 03:14 PM
i decided to gut my upipe on my own.. skimmilk68 Southern California Impreza Club Forum -- SCIC 16 05-05-2004 05:02 AM
Took the MSF today, hated it, learned to ride on my own Fubaru Off-Topic 18 04-19-2004 12:35 PM
stupit question, is it worth it to change plugs/wires on my own? Keith New England Impreza Club Forum -- NESIC 15 12-16-2003 05:01 PM
GC sighting on my own street. lucien2 Mid Atlantic Impreza Club -- MAIC 2 12-31-2002 04:15 PM

All times are GMT -4. The time now is 02:11 PM.


Powered by vBulletin® Version 3.7.0
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.
Powered by Searchlight © 2019 Axivo Inc.
Copyright ©1999 - 2017, North American Subaru Impreza Owners Club, Inc.