Pop up ads

Does what it says on the tin!
ultiali
Posts: 179
Joined: Wed Sep 12, 2007 9:35 am

Pop up ads

Post by ultiali » Mon Sep 13, 2010 7:59 pm

Wasn't sure where to put this...

I've been getting pop up adds telling me that my hard-drive is infected when I go to the BDGA web site. Has happened from both work and home computers.

Can one of the boffins investigate.

Paul Holden
Posts: 578
Joined: Wed Mar 05, 2008 10:34 pm
Location: York

Post by Paul Holden » Mon Sep 13, 2010 8:35 pm

Have informed Westie who has passed this on to Nige/Jon, don't know if they have been able to respond yet.

Best solution we have at the moment is to turn off Javascript before going to the site. Looks like a script injection attack, he says, knowingly, not!
Paul Holden
BDGA No. 307
PDGA No. 34662

bongo
Posts: 11
Joined: Wed Sep 08, 2010 3:07 pm

Post by bongo » Mon Sep 13, 2010 9:35 pm

there's a request to run js from blindstudioinfoonline.com (blocked by noscript)

quick google shows a couple of reports of that domain being used in hacks recently, so that looks to be it.

User avatar
West
Posts: 2624
Joined: Thu Oct 27, 2005 4:51 pm
Location: Leamington Spa, UK

Post by West » Tue Sep 14, 2010 8:40 am

Your drive most likely isn't infected, however when you click on something on that "ad/scan" its when it can get infected. I'd recommend closing your firefox/ie tab and running your Anti Virus.

I've noticed this morning it seems ok, I've also been given access to the bdga ftp site just in case in future so I'll keep an eye out on it :-)
"West"
PDGA: #8823
BDGA: #250
Twitter: @WestDiscGolf
BDGA DoC 2007 - 2011

User avatar
Nige
Posts: 85
Joined: Wed Oct 26, 2005 9:49 am
Location: Shropshire
Contact:

Post by Nige » Tue Sep 14, 2010 8:57 am

The site was restored from a backup last night, so it's fixed for now. Expect sections of the site to go down for some time later today/tomorrow as I upgrade things.

If it happens again, get firefox and noscript while I'm fixing it :wink:

User avatar
West
Posts: 2624
Joined: Thu Oct 27, 2005 4:51 pm
Location: Leamington Spa, UK

Post by West » Tue Sep 14, 2010 8:59 am

Nige to the rescue!!! :D
"West"
PDGA: #8823
BDGA: #250
Twitter: @WestDiscGolf
BDGA DoC 2007 - 2011

User avatar
rhatton1
Posts: 1692
Joined: Wed Oct 24, 2007 12:13 pm
Location: Leamington Spa
Contact:

Post by rhatton1 » Tue Sep 14, 2010 10:48 am

Mine did get infected yesterday and i'm pretty sure I didn't click within the window, I thought I closed from the tab bar in firefox but maybe I clicked by mistake, my laptop pad is activated as well as the mouse so it very often clicks on stuff when my fat hand hits it. However a quick scan picked up the evil little blighters and kicked them out, a couple of different trojans.

Might be worth anyone whose been on in the last day doing a scan to be sure.
www.discgolfuk.com
richard@discgolfuk.com
Home of the Midlands One Day Series
Talk to us about courses!

ultiali
Posts: 179
Joined: Wed Sep 12, 2007 9:35 am

Post by ultiali » Sun Sep 26, 2010 3:47 pm

its back

User avatar
Steve
Posts: 814
Joined: Wed Oct 26, 2005 11:33 am
Location: Shrewsbury, Shropshire
Contact:

Post by Steve » Mon Sep 27, 2010 10:17 am

hmmmm, my IT dept has just contacted me about a dodgy website I visited. :/
[url=http://www.shropdisc.co.uk/]Disc Golf In Shropshire[/url]

[color=red] BDGA # 266
[url=http://www.pdga.org/tournament/playerstats.php?PDGANum=8833&year=2007]PDGA # 8833[/url]
[/color]

User avatar
rhatton1
Posts: 1692
Joined: Wed Oct 24, 2007 12:13 pm
Location: Leamington Spa
Contact:

Post by rhatton1 » Mon Sep 27, 2010 10:54 am

Taking Java script off my browser has worked again. no more pop ups since then.
www.discgolfuk.com
richard@discgolfuk.com
Home of the Midlands One Day Series
Talk to us about courses!

User avatar
BOF
Posts: 473
Joined: Wed Nov 02, 2005 8:29 pm
Location: Harrogate
Contact:

Post by BOF » Mon Sep 27, 2010 10:54 am

happening to me, too!

aaaaah!



BOF
BDGA #33
PDGA #8835

http://www.ashvillediscgolf.co.uk

User avatar
Steve
Posts: 814
Joined: Wed Oct 26, 2005 11:33 am
Location: Shrewsbury, Shropshire
Contact:

Post by Steve » Thu Sep 30, 2010 7:54 am

West can you sort this please?
[url=http://www.shropdisc.co.uk/]Disc Golf In Shropshire[/url]

[color=red] BDGA # 266
[url=http://www.pdga.org/tournament/playerstats.php?PDGANum=8833&year=2007]PDGA # 8833[/url]
[/color]

User avatar
West
Posts: 2624
Joined: Thu Oct 27, 2005 4:51 pm
Location: Leamington Spa, UK

Post by West » Thu Sep 30, 2010 12:26 pm

fixed ... assuming Jon or nige did it tho as it wasn't me :-)

Unfortunatly it might continue to happen for a while until we can upgrade to the latest versions of stuff, which will require either Jon or Nige as they know what they're doing :)

Don't know this php stuff ... I'm a .net man :-)
"West"
PDGA: #8823
BDGA: #250
Twitter: @WestDiscGolf
BDGA DoC 2007 - 2011

bongo
Posts: 11
Joined: Wed Sep 08, 2010 3:07 pm

Post by bongo » Thu Sep 30, 2010 10:22 pm

I think it's Joomla that has the issue, shouldn't take too long to upgrade in any case.

User avatar
West
Posts: 2624
Joined: Thu Oct 27, 2005 4:51 pm
Location: Leamington Spa, UK

Post by West » Fri Oct 01, 2010 7:30 am

Jon has done a cracking job of upgrading to the last build on the main version we're running of joomla. We will look to move to the very latest (which is a big job) soon :)
"West"
PDGA: #8823
BDGA: #250
Twitter: @WestDiscGolf
BDGA DoC 2007 - 2011

bongo
Posts: 11
Joined: Wed Sep 08, 2010 3:07 pm

Post by bongo » Sun Oct 03, 2010 11:00 pm

it's back - being detected by my AV this time (as well as blocked by no script)

User avatar
rhatton1
Posts: 1692
Joined: Wed Oct 24, 2007 12:13 pm
Location: Leamington Spa
Contact:

Post by rhatton1 » Mon Oct 04, 2010 7:37 am

yep NOD32 is blocking popups for megashopper on every click I make,
www.discgolfuk.com
richard@discgolfuk.com
Home of the Midlands One Day Series
Talk to us about courses!

User avatar
CharlieM
Posts: 55
Joined: Wed Nov 01, 2006 3:11 pm

Post by CharlieM » Mon Oct 04, 2010 10:02 am

The site must be taken down, every visitor is having the HTML/ScrInject.B.Gen Virus copied onto their machines (Unless their virus checker blocks it or they don't run JavaScript).

This is very bad news indeed.

Please take the site down quickly and fix this. It probably came back because the original security hole is still in place, a backup previous to 11 Sep must be restored and the hole closed before the site is put back live.

What version of Joomla is the site based on? What version of PHPBB2 is in use? Actually PHPBB2 is old and no longer supported so an upgrade to the latest PHPBB3 might be in order.

I am willing to help in anyway that can be useful to rectify this issue.

User avatar
CharlieM
Posts: 55
Joined: Wed Nov 01, 2006 3:11 pm

Post by CharlieM » Mon Oct 04, 2010 10:03 am

OK vitually every PHP script that is part of Joomla and PHPBB2 is now infected. Every time I do anything on the site the script that runs is detected as being infected!

bongo
Posts: 11
Joined: Wed Sep 08, 2010 3:07 pm

Post by bongo » Mon Oct 04, 2010 12:25 pm

I think that virus is just the javascript injection which causes the pop ups (which they want you to click to get something nastier) but they could inject anything which is an issue.

When I looked into the problem (a quick google) last time it seemed like it was an issue with Joomla that then allowed them to modify no joomla files too.

I agree with Charlie though it needs to be sorted properly pretty quickly - traffic to the site could dry up fast if google/AV prodviders label it as spreading malware.

Post Reply