This is a discussion on ATTN: Webmaster/Everyone - Suspicious/Malicious content from this site within the Forum News, Feedback, Problems & Comments forums, part of the DefensiveCarry.com Forum Office category; I started getting this just today, and it just so happens that I allowed Firefox to upgrade to version 3.6.4 yesterday. I don't know if ...
Array
I started getting this just today, and it just so happens that I allowed Firefox to upgrade to version 3.6.4 yesterday. I don't know if this is related. I ran MalwareBytes earlier and it found nothing.
I was just about to start a thread on this when I saw yours.
"I practice the ancient art of Klik Pao."
-miklcolt45
Array
Don't forget to flush your DNS cache afterwards:Originally Posted by gruntingfrog
ipconfig /flushdns
(or just reboot)
"I practice the ancient art of Klik Pao."
-miklcolt45
Array
Looks like "poskeheryrggy.com/ks" is in the page source for all the pages here on DC.
There is some other weirdness going on too, when you go to the next page from the bottom of one page and hit the back button, instead of going back to the bottom of the previous page you go to the top. This is different from earlier today.
Array
so far, AVG has quarantined the poske bug for me three times today so I assume I'm still safe.
For the record, we got hit at KTRange dot com a couple of weeks ago by hackers about the same time our host site decided to move us to another server... we're finally back up and running but lost about a month's worth of posts and now running at about the speed of dial-up on low dose of steroids. I would have to agree with the above mentioned conspiracy theory about some particular group maliciously attacking firearms related forums. There has been a lot of banter lately about the fed taking over complete control of the internet and it's "content".
I hope the Admin here can get a handle on it before too much damage is done. I wish you guys in Admin better luck than we had at the KTRange.
surv
Array
I am new here but I keep getting a pop up that my norton caught as a virus.
To preserve liberty, it is essential that the whole body of people always possess arms, and be taught alike, especially when young, how to use them...
Richard Henry Lee, 1787
Array
+1 and I don't like it!
Semper Paratus
"People sleep peaceably in their beds at night only because rough men stand ready to do violence on their behalf." - George Orwell
Array
SO at least there is an upside....
Just joking!
Magazine <> clip - know the difference
martyr is a fancy name for crappy fighter
You have never lived until you have almost died. For those that have fought for it, life has a special flavor the protected will never know
Okay, I believe I found the culprit. If it now clears up it was the Tapatalk plugin that I installed so people could access the forum from their cellphones. It has been disabled and if it has, in fact, cleared up the problem, I will remove it completely.
With that, I have to say I'm not surprised as the Tapatalk software was developed by the Chinese who are on the forefront of hacking right now. If you have posted to this thread or not, please let me know if you are experiencing anything goofy.....
Bumper
Coimhιad fearg fhear na foighde; Beware the anger of a patient man.
Array
the Suspicious/Malicious content From this site
yeah i got it too i'm REbooting my system NOW...NOT COOL
Are you saying you have had it happen since I posted my above post? Anyone that IS still getting hit reload on your browser and get the code after I removed the link to their site. Then, tell me whether it is still happening or not.....
Bumper
Coimhιad fearg fhear na foighde; Beware the anger of a patient man.
Array
It seems to be disabled now Bumper. I had gotten it 4 times today. Avg healed it after it got on my PC.
Logged back in 3 times and seems to be fine now.
Seems to be working better now Bumper, plug in did not try to install when I logged in. Thanks
Fortes Fortuna Juvat
Former, USMC 0311, OIF/OEF vet
NRA Pistol/Rifle Instructor, RSO, Ohio CHL Instructor
My Firearms Blog: Little Miami Tactical Shooter's Corner
Array
Looks like it's all clear from here Bumper, thank you for the quick action!
Semper Paratus
"People sleep peaceably in their beds at night only because rough men stand ready to do violence on their behalf." - George Orwell
Looks like everything is "Good to Go!"
Lordy how I love this place! The Bumper is always on top of things!
-Bark'n
Semper Fi
"The gun is the great equalizer... For it is the gun, that allows the meek to repel the monsters; Whom are bigger, stronger and without conscience, prey on those who without one, would surely perish."
Array
Glocktalk.com was hit with the same thing...
The results below are provided by Rebel.com.
(whois.Rebel.com)
Domain: poskeheryrggy.com
Date Registered: 06/23/10
Date Modified: 06/23/10
Expiry Date: 06/23/11
DNS1: dns.rebel.com
DNS2: dns2.rebel.com
Registrant
Wendi Kerkman
Wendi Kerkman
5901 Big River Heights Road
DE SOTO, MO (US)
63020
Administrative Contact
Wendi Kerkman
Wendi Kerkman
5901 Big River Heights Road
DE SOTO, MO (US)
63020
+1.6363295209
Technical Contact
Wendi Kerkman
Wendi Kerkman
5901 Big River Heights Road
DE SOTO, MO (US)
63020
+1.6363295209
Registrar: Rebel.com
Free People Search | WhitePages
(636) 329-5209
is a landline in Harvester, MO
Contact Us
C Bar C Ranch
Alan, Sherry, Bud and Sarah Clark
5901 Big River Heights Rd.
De Soto, MO 63020
636-586-6034 • 314-607-1076
traceroute to 178.63.170.185 (178.63.170.185), 30 hops max, 60 byte packets
1 (10.0.0.10) 0.521 ms 0.722 ms 1.364 ms
2 73.102.216.1 (73.102.216.1) 11.677 ms 19.061 ms 19.237 ms
3 68.85.144.25 (68.85.144.25) 19.475 ms 19.643 ms 19.803 ms
4 be-60-ar01.seattle.wa.seattle.comcast.net (68.85.240.89) 23.011 ms 23.177 ms 23.334 ms
5 pos-1-4-0-0-cr01.seattle.wa.ibone.comcast.net (68.86.90.209) 22.432 ms 22.589 ms 22.746 ms
6 pos-0-11-0-0-cr01.portland.or.ibone.comcast.net (68.86.85.110) 25.458 ms 20.799 ms 20.950 ms
7 pos-1-15-0-0-cr01.sacramento.ca.ibone.comcast.net (68.86.85.197) 33.732 ms 27.268 ms 26.762 ms
8 pos-0-7-0-0-cr01.sanjose.ca.ibone.comcast.net (68.86.85.46) 35.563 ms 35.870 ms 36.277 ms
9 68.86.87.2 (68.86.87.2) 37.079 ms 37.249 ms 37.409 ms
10 80.156.163.153 (80.156.163.153) 34.556 ms 34.722 ms 34.936 ms
11 217.239.40.166 (217.239.40.166) 192.152 ms 190.603 ms 195.887 ms
12 dtag-gw.hetzner.de (193.159.226.178) 218.064 ms 220.385 ms 220.542 ms
13 hos-bb1.juniper2.fs.hetzner.de (213.239.240.243) 212.338 ms hos-bb1.juniper1.fs.hetzner.de (213.239.240.242) 213.782 ms 219.899 ms
14 hos-tr4.ex3k5.rz12.hetzner.de (213.239.228.230) 218.915 ms hos-tr3.ex3k5.rz12.hetzner.de (213.239.228.198) 214.484 ms 212.329 ms
15 ovz36.fastvps.ru (78.46.69.19) 217.693 ms 217.853 ms 217.507 ms
16 static.185.170.63.178.clients.your-server.de (178.63.170.185) 217.235 ms 215.298 ms 220.922 ms
Static IP, possibly hosted in Germany
your-server.de hosts bad bots --
whois Hetzner.debtw, your-server.de is actually hetzner.de, and it's no surprise there are alot rouge bots on their net, since they are one of the cheapest providers in germany, offering quite powerful dedicated servers with unlimited traffic (though bandwidth is reduced after the first two tb in a month, iirc) for a low price.
I've come to find them quite reasonable in dealing with complaints, so if you're tracking open proxies etc anyhow, you might consider handing them a list and asking for action.
Name: Martin Hetzner
Organisation: Hetzner Online AG
Address: Stuttgarter Strasse 1
Pcode: 91710
City: Gunzenhausen
Country: DE
Phone: +499831610061
Fax: +499831610062
Email: info@hetzner.de
Posting Permissions
LinkBack URL
About LinkBacks
Reply With Quote
