Site may contain malicious script/code - Website Help - IBS Self Help and Support Group Forums - IBSgroup.org
Advertisement

Jump to content


Photo
* * * * * 1 votes

Site may contain malicious script/code


  • Please log in to reply
51 replies to this topic

#1 sjw596

sjw596

    Prolific Member

  • Members
  • PipPipPip
  • 124 posts
  • Country:United States

Posted 08 October 2017 - 08:32 PM

Advertisement

More than a few times over the last several months, I have experienced malicious pop-ups or redirects in Firefox when visiting the forum.  Tonight, I experienced a redirect that blasted a siren that warned a problem with Firefox.  I neglected to kill my audio and gather more details, but will try to do so next time.  I had to kill Firefox and reboot to stop the malcode from reappearing. My system is not infected.  Perhaps your host can check it out.  Thanks. 


  • flossy likes this

#2 flossy

flossy

    Very Prolific Member

  • Members
  • PipPipPipPip
  • 2133 posts
  • Country:United States

Posted 08 October 2017 - 08:57 PM

I got the same thing several times using Chrome. I did a Malewarebytes scan afterwards, I'm not infected either.

 

Screen shot:

 

aVeC9Qz.jpg



#3 sjw596

sjw596

    Prolific Member

  • Members
  • PipPipPip
  • 124 posts
  • Country:United States

Posted 08 October 2017 - 09:00 PM

Yes, this is the one.  My sense is that there's a malicious script on the site.  I set Firefox to InPrivate and it did not present.  I may try again and turn off all scripts.



#4 flossy

flossy

    Very Prolific Member

  • Members
  • PipPipPipPip
  • 2133 posts
  • Country:United States

Posted 08 October 2017 - 09:31 PM

Yes, this is the one.  My sense is that there's a malicious script on the site.  I set Firefox to InPrivate and it did not present.  I may try again and turn off all scripts.

 

I blocked the actual website (DON'T click on the below link)...

 

http://0x13602.info/...OCkgOTAxLTU2NDU

 

...on Chrome that was the direct URL of the script. I don't know if that helps or not, or if the script will just take you to another malicious site if it is blocked.

 

So far, so good though.

 

I gotta go to bed.



#5 shadytree

shadytree

    Regular Member

  • Members
  • PipPip
  • 52 posts
  • Country:United States

Posted 08 October 2017 - 09:39 PM

 I use Ublock origin and have third party sites blocked in Fire Fox,so I have never seen this.

I did get a notice this site might not be secure when I first signed up from Fire Fox,but since I use Ubuntu,I feel pretty safe.cool.png

 

  Did you report this to the admin? They should fix it pretty quick.



#6 annie7

annie7

    Community Manager

  • Community Managers
  • PipPipPipPip
  • 10530 posts
  • Country:United States

Posted 09 October 2017 - 04:47 AM

yes, this was first reported in june and i pm'd my contact at vertical scope about it. 

 

http://www.ibsgroup....o-a-virus-site/

 

she wanted a screen shot of it but at that time i didn't have one to send her.

 

yesterday Flossy pm'd me a screen shot of the pop up and i sent that on to her.  i haven't heard anything back from her yet but when i do, i'll post about it here. 


these are just my own thoughts. for expert medical advice please contact a health care professional.


#7 sjw596

sjw596

    Prolific Member

  • Members
  • PipPipPip
  • 124 posts
  • Country:United States

Posted 09 October 2017 - 02:14 PM

One of the issues with using site blockers with these domains is that the URLs morph constantly.  Note the base-x encoded characters in the URL that flossy posted.  That's one clue.  You could try to block scripts on forum with something like YesScript for Firefox, but that may affect how you browse and navigate the site. The web host has to remove the troublesome code. 



#8 flossy

flossy

    Very Prolific Member

  • Members
  • PipPipPipPip
  • 2133 posts
  • Country:United States

Posted 09 October 2017 - 02:25 PM

One of the issues with using site blockers with these domains is that the URLs morph constantly.  Note the base-x encoded characters in the URL that flossy posted.  That's one clue.  You could try to block scripts on forum with something like YesScript for Firefox, but that may affect how you browse and navigate the site. The web host has to remove the troublesome code. 

 

I had a feeling that would happen ("One of the issues with using site blockers with these domains is that the URLs morph constantly"), but I tried it anyhow.

 

So far no more problems, but like you said the web host needs to remove the code/malware/whatever it actually is.



#9 The Community Managers

The Community Managers

    The Community Managers

  • Community Managers
  • PipPipPip
  • 536 posts
  • Country:United States

Posted 10 October 2017 - 12:41 PM

Hi everyone. How did you guys get on the site? 

 

through a bookmarked link or through Google searches? 

 

Lee



#10 annie7

annie7

    Community Manager

  • Community Managers
  • PipPipPipPip
  • 10530 posts
  • Country:United States

Posted 10 October 2017 - 12:53 PM

Hi Lee

 

i get on the site through a bookmark.   i haven't seen the pop up since june, when it first appeared.  

 

thanks so much for looking into this!


these are just my own thoughts. for expert medical advice please contact a health care professional.


#11 sjw596

sjw596

    Prolific Member

  • Members
  • PipPipPip
  • 124 posts
  • Country:United States

Posted 10 October 2017 - 02:27 PM

Through a bookmark in LastPass password manager.



#12 The Community Managers

The Community Managers

    The Community Managers

  • Community Managers
  • PipPipPip
  • 536 posts
  • Country:United States

Posted 10 October 2017 - 02:30 PM

so another question for everyone. Have you updated your browsers to the latest version? 

 

Lee



#13 annie7

annie7

    Community Manager

  • Community Managers
  • PipPipPipPip
  • 10530 posts
  • Country:United States

Posted 10 October 2017 - 02:44 PM

yes, i have,  thanks.


these are just my own thoughts. for expert medical advice please contact a health care professional.


#14 sjw596

sjw596

    Prolific Member

  • Members
  • PipPipPip
  • 124 posts
  • Country:United States

Posted 10 October 2017 - 02:47 PM

Yes, to Firefox 56.0.



#15 flossy

flossy

    Very Prolific Member

  • Members
  • PipPipPipPip
  • 2133 posts
  • Country:United States

Posted 10 October 2017 - 03:44 PM

so another question for everyone. Have you updated your browsers to the latest version? 

 

Lee

 

Yes.



#16 The Community Managers

The Community Managers

    The Community Managers

  • Community Managers
  • PipPipPip
  • 536 posts
  • Country:United States

Posted 11 October 2017 - 03:04 PM

perhaps it's an infected cookie on your browser? a regular clear cache and cookie wouldn't fix it. Have you tried using a cleaner? 

 

these might help: https://answers.micr...0a-f2e54f4289af

 

lee



#17 flossy

flossy

    Very Prolific Member

  • Members
  • PipPipPipPip
  • 2133 posts
  • Country:United States

Posted 11 October 2017 - 03:25 PM

perhaps it's an infected cookie on your browser? a regular clear cache and cookie wouldn't fix it. Have you tried using a cleaner? 

 

these might help: https://answers.micr...0a-f2e54f4289af

 

lee

 

I ran a Malwarebytes scan and also a Bitdefender Antivirus scan and got nothing. As sjw596 posted, I think it might be a malicious script/code, embedded somehow on this website.



#18 sjw596

sjw596

    Prolific Member

  • Members
  • PipPipPip
  • 124 posts
  • Country:United States

Posted 11 October 2017 - 05:23 PM

It's not a cookie or any text file.  It acts as a redirect that is initiated by a script.  You can block scripts with any number of tools, but you're navigation of the forum will suffer.  It is not a good idea to clear all cookies, as many are needed at various sites for a number of reasons.  You can review your cache for REDR entries, but they can be normal and probably won't yield many clues from the local machine.  These things even can be tailored to run on machines located in certain geographic areas.  Regardless, this must be fixed on the host's end.  Add blockers, cleaners, and site blockers won't work.  They may seem to, for the reason I cited above with respect to targeted geography. 


  • annie7 likes this

#19 annie7

annie7

    Community Manager

  • Community Managers
  • PipPipPipPip
  • 10530 posts
  • Country:United States

Posted 12 October 2017 - 02:29 PM

i'm not very tech savy but i was wondering if the fact that this site is not secure has anything to do with the pop up appearing. 

 

we had a topic about this earlier but nothing was ever done about it.

 

http://www.ibsgroup....ssword-warning/

 

this is the message that is on the admin board:

 

 

New Version Available: 4.2.5 A new version of IP.Board is available now. Click here for more information.
IP.Board Bulletin

IMPORTANT: As of April 1, 2017, IP.Board 3.x (all versions) have been discontinued. No further support or security patches will be provided and you may be operating the software in an insecure state. We recommending updating to our latest IPS Community Suite (IPS4) release at your earliest convenience. Please contact us with any questions.

 

these are just my own thoughts. for expert medical advice please contact a health care professional.


#20 sjw596

sjw596

    Prolific Member

  • Members
  • PipPipPip
  • 124 posts
  • Country:United States

Posted 12 October 2017 - 05:34 PM

The fact that the site is not running https is one noteworthy reason why it's more vulnerable to an exploit.  In and of itself, that fact doesn't cause pop-ups.  The host has to find and remove the malcode and start running on https.


  • The Community Managers, annie7 and flossy like this





Advertisement

About Us | Contact Us | Advertise With Us | Disclaimer | Terms of Service | Crisis Resources

Irritable Bowel Syndrome |  Inflammatory Bowel Disease |  Crohn's Disease |  Ulcerative Colitis |  Fibromyalgia |  GERD - Reflux Disease


©Copyright 1995-2016 IBS Self Help and Support Group All rights reserved




This website is certified by Health On the Net Foundation. Click to verify. We comply with the HONcode standard for trustworthy health information: verify here