Warning Off ECCIE Site

I got this warning this morning on Safari and Firefox on my Mac. I hope it gets cleared up soon!
I too am using Chrome and have been getting this message off and on for 2 days now.
m5552009's Avatar
not to worry on the blank banner. that's our doing. we have eliminated the vulnerability and are finding and removing anything that could have possibly been compromised...which seems to be limited to certain .swf files only (flash banner ads)

the warning is due to the fact that we were listed as possibly having malware. we will have to get that tag removed, but making sure that before we request the review we have cleared everything up and patched up any and every possible hole.

very sorry for this alarming development, but we are working round the clock to put this behind us. appreciate your patience. Originally Posted by St.Christopher
The following message came using Google Chrome, blocking sign on to ECCIE entirely on Sat 9/18 at 10 AM C. ECCIE is tagged as a Badware site by Google.
My Safari browser let me sign on.

Warning - visiting this web site may harm your computer!

Suggestions:
Return to the previous page and pick another result.
Try another search to find what you're looking for.
Or you can continue to http://eccie.net/forumdisplay.php?f=26 at your own risk. For detailed information about the problems we found, visit Google's Safe Browsing diagnostic page for this site.

For more information about how to protect yourself from harmful software online, you can visit StopBadware.org.

If you are the owner of this web site, you can request a review of your site using Google's Webmaster Tools. More information about the review process is available in Google's Webmaster Help Center.
Advisory provided by
Sir Lancelot's Avatar
One of the attacks seems to have used a Trojan-Horse called "Exploit-HelpOverflow"

I noticed our PM max size was reduced back to 50.

Was that part of the method of dealing with these issues?

SL
Mokoa's Avatar
  • Mokoa
  • 09-18-2010, 12:28 PM
in addition, the super admin needs to log into his google account and submit a review request so the warning is released. otherwise people will continue to get the warning message, which is what's happening now. Originally Posted by fidelpot
We are well aware of that and will do that after we are certain that any and all malicious stuff has been removed. Not before!

Also...

It takes a while before all of the various browsers become aware of the update to the "reported sites" list that added this site to the list. That is why some browsers have the issue and some do not. When the issue was first reported the browser I use, Firefox, had no issue. It took over 24 hours before I started experiencing the issue. By that same token, it may take a while before all of the browsers become aware the update to the "reported site" list that removes this site from the list.

So, it is being handled.

And...

Patience is a virtue.
One of the attacks seems to have used a Trojan-Horse called "Exploit-HelpOverflow"

I noticed our PM max size was reduced back to 50.

Was that part of the method of dealing with these issues?

SL Originally Posted by Sir Lancelot
The PM max size of 50 is unrelated to the virus warning . All registered male handles without Premium Access have a maximum capacity of 50 for private messaging. PA users have a much larger capacity. So do the Verified Providers.
We are well aware of that and will do that after we are certain that any and all malicious stuff has been removed. Not before!

Also...

It takes a while before all of the various browsers become aware of the update to the "reported sites" list that added this site to the list. That is why some browsers have the issue and some do not. When the issue was first reported the browser I use, Firefox, had no issue. It took over 24 hours before I started experiencing the issue. By that same token, it may take a while before all of the browsers become aware the update to the "reported site" list that removes this site from the list.

So, it is being handled.

And...

Patience is a virtue. Originally Posted by Mokoa
the warning message was a postscript. the serious issue is your old vulnerable install of vBulletin, which hasn't been updated. clearing the current malicious code is great, but not updating the software is boneheaded. this site is very hackable right now. want a proof of concept? I could penetrate via xss by morning. good thing i am a white hat/ lol/

patience is a virtue, dude, but waiting too long for something is commonly referred to as laziness. vBulletin 4 was released in December 2009 for god sakes!
Mokoa's Avatar
  • Mokoa
  • 09-18-2010, 01:49 PM
the warning message was a postscript. the serious issue is your old vulnerable install of vBulletin, which hasn't been updated. clearing the current malicious code is great, but not updating the software is boneheaded. this site is very hackable right now. want a proof of concept? I could penetrate via xss by morning. good thing i am a white hat/ lol/ Originally Posted by fidelpot
You know... There may be a number of valid reasons why we are using the version we have and why a new version has not been chosen.

Also, any threat to do malicious acts to this site will be taken seriously.

patience is a virtue, dude, but waiting too long for something is commonly referred to as laziness. vBulletin 4 was released in December 2009 for god sakes! Originally Posted by fidelpot
I suggest that you take your drama elsewhere. It is not welcome here.
You know... There may be a number of valid reasons why we are using the version we have and why a new version has not been chosen.

Also, any threat to do malicious acts to this site will be taken seriously.


I suggest that you take your drama elsewhere. It is not welcome here. Originally Posted by Mokoa
who is this guy and why is he so angry? hey mokoa, you have no idea what you are talking about. there is zero reason to stay with 3.8.1. none. zip. zilch. 3.8.3 fixed the vulnerability and that's about it. it was released 6 months ago. your cavalier attitude is a giant red flag.

the fact that you are mod (and seemingly more), refuse to protect your members from hacks like the this week for no good reason, and subject them to further exploits and account hacking because...yikes, i have to clue why other then you have no idea how to run a secure site.

anyway, if drama is pointing out how insecure this site (and at least one mod) is, then feel free to disable my account.

oh, and by the way here's a definition of white hat:
http://en.wikipedia.org/wiki/White_hat
i assume "Also, any threat to do malicious acts to this site will be taken seriously" was directed at me. but either way (at least you) do not take this kind of thing serious. proof is in the puddin'.
Mokoa's Avatar
  • Mokoa
  • 09-18-2010, 05:01 PM
who is this guy and why is he so angry? Originally Posted by fidelpot
You are the one who got angry first...

but waiting too long for something is commonly referred to as laziness. vBulletin 4 was released in December 2009 for god sakes! Originally Posted by fidelpot
the warning message was a postscript. the serious issue is your old vulnerable install of vBulletin, which hasn't been updated. clearing the current malicious code is great, but not updating the software is boneheaded. Originally Posted by fidelpot
Boneheaded? Now look who is being disrespectful.

i assume "Also, any threat to do malicious acts to this site will be taken seriously" was directed at me. Originally Posted by fidelpot
Actually, it applies to any member who would do such a thing. Now, since you wrote the following...

this site is very hackable right now. want a proof of concept? I could penetrate via xss by morning. Originally Posted by fidelpot
That, clearly, is a threat. So, I would say that my warning would apply to you as well.

hey mokoa, you have no idea what you are talking about. there is zero reason to stay with 3.8.1. none. zip. zilch. 3.8.3 fixed the vulnerability and that's about it. it was released 6 months ago. Originally Posted by fidelpot
And you do not know what you are talking about. Are you among those who are tasked with maintaining the software of this site? Do you know the real reasons why this site is using the version they are using? Your statements above that "laziness" is why the software has not been upgraded is speculation at best. Such baseless speculation from those who do not know all of the facts is counterproductive.
Fancyinheels's Avatar
Yep, having the same problem with my Firefox, and about had heart failure as I thought my computer had been invaded. I had pm's to answer and while I could ignore the "attack alert" and read them, wouldn't let me answer them, or post at all. SOOO frustrating, as I can't seem to change the Firefox settings. Had to go through Internet Explorer, which I hate, but no problem there. Help! I'm totally confused, aka technically inept. Any way ECCIE can get this site reviewed and approved per the Google/Firefox warning?
Fancyinheels's Avatar
Sorry but what a monumental F up. You guys should have had better antivirus proticals on your servers. Its pretty shamefull. Hey This site since the demise of ASPD has gone ganbusters and I'm sure has made some of you some good money. But just forgetting about your security proticals and that of your users is just down right ...well... ... Originally Posted by lucky21a
No reason to be catty. If hackers want to cause a problem, they will, no matter how much security we have. Just have to deal with it.
Fancyinheels's Avatar
Yep, having the same problem with my Firefox, and about had heart failure as I thought my computer had been invaded. I had pm's to answer and while I could ignore the "attack alert" and read them, wouldn't let me answer them, or post at all. SOOO frustrating, as I can't seem to change the Firefox settings. Had to go through Internet Explorer, which I hate, but no problem there. Help! I'm totally confused, aka technically inept. Any way ECCIE can get this site reviewed and approved per the Google/Firefox warning? Originally Posted by Fancyinheels
Ooops. Just read all the thread and realize what's going on now, so nevermind. And thanks for explaining, those of you who are computer literate. I have to agree with Mokoa in that jumping to conclusions without all the background is never good.
NshoreGeorge's Avatar
Same thing here switched back to IE from Firefox and am able to access site.....are we being hit by the same clownd that shut down craigs list and are threatening BP...the my gods better than your god crowd??

Just asking
Fancyinheels's Avatar
I just can't understand WHY some people care who f****s who, who worships who, and with all the REALLY wicked things going on in the world, why these people can't turn their minds to something constructive, like solving world hunger, or making 5-inch stiletto heels that won't cripple female tootsies.

Did I spell stiletto right? I miss my Firefox spellcheck already!