ATTN: Webmaster/Everyone - Suspicious/Malicious content from this site

This is a discussion on ATTN: Webmaster/Everyone - Suspicious/Malicious content from this site within the Forum News, Feedback, Problems & Comments forums, part of the DefensiveCarry.com Forum Office category; I started getting this just today, and it just so happens that I allowed Firefox to upgrade to version 3.6.4 yesterday. I don't know if ...

Page 6 of 11 FirstFirst ... 2345678910 ... LastLast
Results 76 to 90 of 161

Thread: ATTN: Webmaster/Everyone - Suspicious/Malicious content from this site

  1. #76
    Distinguished Member Array SpringerXD's Avatar
    Join Date
    Nov 2007
    Location
    Southeast
    Posts
    1,971
    I started getting this just today, and it just so happens that I allowed Firefox to upgrade to version 3.6.4 yesterday. I don't know if this is related. I ran MalwareBytes earlier and it found nothing.

    I was just about to start a thread on this when I saw yours.
    "I practice the ancient art of Klik Pao."

    -miklcolt45

  2. Remove Ads

  3. #77
    Distinguished Member Array SpringerXD's Avatar
    Join Date
    Nov 2007
    Location
    Southeast
    Posts
    1,971
    Quote Originally Posted by gruntingfrog View Post
    Here's another (temporary) option if you're an admin on your PC (such as at home). Add the site that it's hitting to your hosts file with an IP address of 127.0.0.1. This will make your computer look for the file on YOUR machine, not the bad guy's server.

    Windows Instructions
    1. Open Windows Explorer
    2. Browse to c:\windows\system32\drivers\etc
    3. Double-click the "hosts" file.
    4. Choose Notepad when asked what to open it with.
    5. At the very bottom on a new line add the following:

    127.0.0.1 poskeheryrggy.com

    6. Click File>Save.
    7. Close Notepad.

    Now you can use the site normally without it attempting to download the trojan.
    Don't forget to flush your DNS cache afterwards:

    ipconfig /flushdns

    (or just reboot)
    "I practice the ancient art of Klik Pao."

    -miklcolt45

  4. #78
    VIP Member Array NC Bullseye's Avatar
    Join Date
    Apr 2009
    Location
    NC Foothills
    Posts
    2,500
    Looks like "poskeheryrggy.com/ks" is in the page source for all the pages here on DC.

    There is some other weirdness going on too, when you go to the next page from the bottom of one page and hit the back button, instead of going back to the bottom of the previous page you go to the top. This is different from earlier today.

  5. #79
    Senior Member Array mr surveyor's Avatar
    Join Date
    Jul 2006
    Location
    Texas, South of the Sabine
    Posts
    1,149
    so far, AVG has quarantined the poske bug for me three times today so I assume I'm still safe.

    For the record, we got hit at KTRange dot com a couple of weeks ago by hackers about the same time our host site decided to move us to another server... we're finally back up and running but lost about a month's worth of posts and now running at about the speed of dial-up on low dose of steroids. I would have to agree with the above mentioned conspiracy theory about some particular group maliciously attacking firearms related forums. There has been a lot of banter lately about the fed taking over complete control of the internet and it's "content".

    I hope the Admin here can get a handle on it before too much damage is done. I wish you guys in Admin better luck than we had at the KTRange.

    surv

  6. #80
    New Member Array Draftbeerman's Avatar
    Join Date
    Jun 2010
    Location
    South Jersey
    Posts
    3
    I am new here but I keep getting a pop up that my norton caught as a virus.
    ‘‘To preserve liberty, it is essential that the whole body of people always possess arms, and be taught alike, especially when young, how to use them...’’

    — Richard Henry Lee, 1787

  7. #81
    Member Array Shackleton's Avatar
    Join Date
    Jun 2010
    Location
    Lynchburg, Virginia
    Posts
    267
    Quote Originally Posted by Wastelander View Post
    I'm getting it and I use Firefox, but for me it just pops up a Java splash window and downloads the file to Windows Media Player, although it doesn't play. I'm ignoring it for now, but thanks for bringing it up so the admins can look into it.
    +1 and I don't like it!
    Semper Paratus

    ‎"People sleep peaceably in their beds at night only because rough men stand ready to do violence on their behalf." - George Orwell

  8. #82
    VIP Member Array SIGguy229's Avatar
    Join Date
    Mar 2006
    Location
    Kommie-fornia-stan
    Posts
    7,045
    Quote Originally Posted by Tangolima600 View Post
    On a similar note Glocktalk is down completely. Something looks fishy...
    SO at least there is an upside....

    Just joking!
    Magazine <> clip - know the difference

    martyr is a fancy name for crappy fighter
    You have never lived until you have almost died. For those that have fought for it, life has a special flavor the protected will never know

  9. #83
    DC Founder
    Array Bumper's Avatar
    Join Date
    May 2004
    Location
    Missouri
    Posts
    20,045
    Okay, I believe I found the culprit. If it now clears up it was the Tapatalk plugin that I installed so people could access the forum from their cellphones. It has been disabled and if it has, in fact, cleared up the problem, I will remove it completely.

    With that, I have to say I'm not surprised as the Tapatalk software was developed by the Chinese who are on the forefront of hacking right now. If you have posted to this thread or not, please let me know if you are experiencing anything goofy.....
    Bumper
    Coimhéad fearg fhear na foighde; Beware the anger of a patient man.

  10. #84
    New Member Array Dale531's Avatar
    Join Date
    May 2010
    Location
    Here, There..EVERYWHERE
    Posts
    14

    Post the Suspicious/Malicious content From this site

    yeah i got it too i'm REbooting my system NOW...NOT COOL

  11. #85
    DC Founder
    Array Bumper's Avatar
    Join Date
    May 2004
    Location
    Missouri
    Posts
    20,045
    Quote Originally Posted by Dale531 View Post
    yeah i got it too i'm REbooting my system NOW...NOT COOL
    Are you saying you have had it happen since I posted my above post? Anyone that IS still getting hit reload on your browser and get the code after I removed the link to their site. Then, tell me whether it is still happening or not.....
    Bumper
    Coimhéad fearg fhear na foighde; Beware the anger of a patient man.

  12. #86
    Senior Member Array Pure Kustom's Avatar
    Join Date
    Oct 2008
    Location
    Mesa,Az
    Posts
    1,081
    It seems to be disabled now Bumper. I had gotten it 4 times today. Avg healed it after it got on my PC.

    Logged back in 3 times and seems to be fine now.

  13. #87
    Moderator
    Array buckeye .45's Avatar
    Join Date
    Nov 2006
    Location
    Ohio
    Posts
    7,589
    Seems to be working better now Bumper, plug in did not try to install when I logged in. Thanks
    Fortes Fortuna Juvat

    Former, USMC 0311, OIF/OEF vet
    NRA Pistol/Rifle/Shotgun/Reloading Instructor, RSO, Ohio CHL Instructor

  14. #88
    Member Array Shackleton's Avatar
    Join Date
    Jun 2010
    Location
    Lynchburg, Virginia
    Posts
    267
    Looks like it's all clear from here Bumper, thank you for the quick action!
    Semper Paratus

    ‎"People sleep peaceably in their beds at night only because rough men stand ready to do violence on their behalf." - George Orwell

  15. #89
    Moderator
    Array Bark'n's Avatar
    Join Date
    Apr 2007
    Location
    West Central Missouri
    Posts
    9,917
    Looks like everything is "Good to Go!"

    Lordy how I love this place! The Bumper is always on top of things!
    -Bark'n
    Semper Fi


    "The gun is the great equalizer... For it is the gun, that allows the meek to repel the monsters; Whom are bigger, stronger and without conscience, prey on those who without one, would surely perish."

  16. #90
    Member Array swatspyder's Avatar
    Join Date
    May 2009
    Location
    Washington
    Posts
    157
    Glocktalk.com was hit with the same thing...

    The results below are provided by Rebel.com.
    (whois.Rebel.com)

    Domain: poskeheryrggy.com

    Date Registered: 06/23/10
    Date Modified: 06/23/10
    Expiry Date: 06/23/11
    DNS1: dns.rebel.com
    DNS2: dns2.rebel.com

    Registrant

    Wendi Kerkman
    Wendi Kerkman
    5901 Big River Heights Road
    DE SOTO, MO (US)
    63020

    Administrative Contact

    Wendi Kerkman
    Wendi Kerkman
    5901 Big River Heights Road
    DE SOTO, MO (US)
    63020

    +1.6363295209

    Technical Contact

    Wendi Kerkman
    Wendi Kerkman
    5901 Big River Heights Road
    DE SOTO, MO (US)
    63020

    +1.6363295209

    Registrar: Rebel.com

    Free People Search | WhitePages
    (636) 329-5209
    is a landline in Harvester, MO


    Contact Us
    C Bar C Ranch
    Alan, Sherry, Bud and Sarah Clark
    5901 Big River Heights Rd.
    De Soto, MO 63020

    636-586-6034 • 314-607-1076



    traceroute to 178.63.170.185 (178.63.170.185), 30 hops max, 60 byte packets
    1 (10.0.0.10) 0.521 ms 0.722 ms 1.364 ms
    2 73.102.216.1 (73.102.216.1) 11.677 ms 19.061 ms 19.237 ms
    3 68.85.144.25 (68.85.144.25) 19.475 ms 19.643 ms 19.803 ms
    4 be-60-ar01.seattle.wa.seattle.comcast.net (68.85.240.89) 23.011 ms 23.177 ms 23.334 ms
    5 pos-1-4-0-0-cr01.seattle.wa.ibone.comcast.net (68.86.90.209) 22.432 ms 22.589 ms 22.746 ms
    6 pos-0-11-0-0-cr01.portland.or.ibone.comcast.net (68.86.85.110) 25.458 ms 20.799 ms 20.950 ms
    7 pos-1-15-0-0-cr01.sacramento.ca.ibone.comcast.net (68.86.85.197) 33.732 ms 27.268 ms 26.762 ms
    8 pos-0-7-0-0-cr01.sanjose.ca.ibone.comcast.net (68.86.85.46) 35.563 ms 35.870 ms 36.277 ms
    9 68.86.87.2 (68.86.87.2) 37.079 ms 37.249 ms 37.409 ms
    10 80.156.163.153 (80.156.163.153) 34.556 ms 34.722 ms 34.936 ms
    11 217.239.40.166 (217.239.40.166) 192.152 ms 190.603 ms 195.887 ms
    12 dtag-gw.hetzner.de (193.159.226.178) 218.064 ms 220.385 ms 220.542 ms
    13 hos-bb1.juniper2.fs.hetzner.de (213.239.240.243) 212.338 ms hos-bb1.juniper1.fs.hetzner.de (213.239.240.242) 213.782 ms 219.899 ms
    14 hos-tr4.ex3k5.rz12.hetzner.de (213.239.228.230) 218.915 ms hos-tr3.ex3k5.rz12.hetzner.de (213.239.228.198) 214.484 ms 212.329 ms
    15 ovz36.fastvps.ru (78.46.69.19) 217.693 ms 217.853 ms 217.507 ms
    16 static.185.170.63.178.clients.your-server.de (178.63.170.185) 217.235 ms 215.298 ms 220.922 ms
    Static IP, possibly hosted in Germany

    your-server.de hosts bad bots --
    btw, your-server.de is actually hetzner.de, and it's no surprise there are alot rouge bots on their net, since they are one of the cheapest providers in germany, offering quite powerful dedicated servers with unlimited traffic (though bandwidth is reduced after the first two tb in a month, iirc) for a low price.
    I've come to find them quite reasonable in dealing with complaints, so if you're tracking open proxies etc anyhow, you might consider handing them a list and asking for action.
    whois Hetzner.de
    Name: Martin Hetzner
    Organisation: Hetzner Online AG
    Address: Stuttgarter Strasse 1
    Pcode: 91710
    City: Gunzenhausen
    Country: DE
    Phone: +499831610061
    Fax: +499831610062
    Email: info@hetzner.de

Page 6 of 11 FirstFirst ... 2345678910 ... LastLast

Links

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Similar Threads

  1. Loudoun malicious wounding suspect possibly caught...
    By packinnova in forum In the News: The Good, the Bad and the Ugly
    Replies: 1
    Last Post: January 11th, 2011, 12:10 AM
  2. I'm always suspicious...
    By ctsketch in forum Home (And Away From Home) Defense Discussion
    Replies: 27
    Last Post: May 27th, 2010, 10:37 PM
  3. Charged with burglary and malicious wounding and still on the street???
    By DaveH in forum In the News: The Good, the Bad and the Ugly
    Replies: 1
    Last Post: August 26th, 2009, 10:46 AM
  4. William Steele Jr: guilty of aggravated malicious wounding
    By DaveH in forum Law Enforcement, Military & Homeland Security Discussion
    Replies: 8
    Last Post: February 9th, 2009, 06:41 PM
  5. Suspicious Character!
    By Phil Elmore in forum Off Topic & Humor Discussion
    Replies: 11
    Last Post: March 26th, 2006, 09:44 PM

Search tags for this page

73.102.216.1

,
a website with suspicious or malicious content
,
hacked webmaster at bersa.com
,
malicious or suspicious user agents
,
marion lawyer jav
,

suspicious mozilla user-agent typo

,

tapatalk vbseo .htaccess

,

tracert 73.102.216.1

Click on a term to search for related topics.