Help | Contact Us
NukeWorker.com
NukeWorker Menu So What Is This? honeypot

Author Topic: So What Is This?  (Read 67316 times)

0 Members and 2 Guests are viewing this topic.

Offline Higgs

  • SRO
  • Very Heavy User
  • *****
  • Posts: 1942
  • Karma: 1284
  • Gender: Male
  • Life has a melody...
Re: So What Is This?
« Reply #50 on: Oct 01, 2012, 06:29 »
All good here!

Thanks!

Justin
"How feeble is the mindset to accept defenselessness. How unnatural. How cheap. How cowardly. How pathetic.” - Ted Nugent

Offline Marlin

  • Forum Staff
  • *
  • Posts: 17047
  • Karma: 5147
  • Gender: Male
  • Stop Global Whining!!!
Re: So What Is This?
« Reply #51 on: Oct 01, 2012, 06:37 »
No more problems here.

Offline HydroDave63

  • Retired
  • *
  • Posts: 6295
  • Karma: 6629
Re: So What Is This?
« Reply #52 on: Oct 01, 2012, 08:23 »
Looks like lots of member photo galleries were nuked! But at least the bug is gone  :)

I tried to upload, but got a no permission error
« Last Edit: Oct 01, 2012, 08:26 by HydroDave63 »

Offline OldHP

  • Very Heavy User
  • *****
  • Posts: 502
  • Karma: 276
  • Gender: Male
  • Tell Recruiters to use NukeWorker.com
Re: So What Is This?
« Reply #53 on: Oct 01, 2012, 08:28 »
The only thing I can see is whatever changes were made also changed the server clock.  It is ~ 2030 EDT and the site is showing that it is 10/02/12!
Humor is a wonderful way to prevent hardening of the attitudes! unknown
The government is like a baby's alimentary canal, with a happy appetite at one end and no responsibility at the other. Regan

Offline Rennhack

  • Forum Administrator
  • *
  • Posts: 8995
  • Karma: 4683
  • Gender: Male
Re: So What Is This?
« Reply #54 on: Oct 01, 2012, 08:53 »
The only thing I can see is whatever changes were made also changed the server clock.  It is ~ 2030 EDT and the site is showing that it is 10/02/12!

The server time hasen't changed.

Check your profile's time offset:

http://www.nukeworker.com/forum/index.php?action=profile;sa=theme

Offline OldHP

  • Very Heavy User
  • *****
  • Posts: 502
  • Karma: 276
  • Gender: Male
  • Tell Recruiters to use NukeWorker.com
Re: So What Is This?
« Reply #55 on: Oct 01, 2012, 09:20 »
It is showing correct at local time.  Your post shows up as (today - 10-02-12, 0053)
Humor is a wonderful way to prevent hardening of the attitudes! unknown
The government is like a baby's alimentary canal, with a happy appetite at one end and no responsibility at the other. Regan

Offline Rennhack

  • Forum Administrator
  • *
  • Posts: 8995
  • Karma: 4683
  • Gender: Male
Re: So What Is This?
« Reply #56 on: Oct 02, 2012, 12:32 »
Weird.

Offline HydroDave63

  • Retired
  • *
  • Posts: 6295
  • Karma: 6629
Re: So What Is This?
« Reply #57 on: Nov 06, 2012, 08:40 »
Iframer alert tonight. Looks like allfashion and his bot buddies are back

Offline Rennhack

  • Forum Administrator
  • *
  • Posts: 8995
  • Karma: 4683
  • Gender: Male
Re: So What Is This?
« Reply #58 on: Nov 07, 2012, 05:32 »
Marlin alerted me to this yesterday as well.  I'm out of town workign an outage for the next three weeks.  I don't have any of my tools with me.  I may not be able to fix this untill I get back home.

Offline Rennhack

  • Forum Administrator
  • *
  • Posts: 8995
  • Karma: 4683
  • Gender: Male
Re: So What Is This?
« Reply #59 on: Nov 11, 2012, 08:30 »
I got a day off. I downloaded an ftp program. (free, and its better than the one I have at home that I paid big bucks -- I have a new preferred ftp program! Filezilla)

I think I found and fixed some issues.  So let me know if its resolved.
« Last Edit: Nov 11, 2012, 08:39 by Rennhack »

Offline HydroDave63

  • Retired
  • *
  • Posts: 6295
  • Karma: 6629
Re: So What Is This?
« Reply #60 on: Nov 11, 2012, 09:47 »
I think I found and fixed some issues.  So let me know if its resolved.

Big K still gives me the Red warning and blocks me from the front page.

Offline Rennhack

  • Forum Administrator
  • *
  • Posts: 8995
  • Karma: 4683
  • Gender: Male
Re: So What Is This?
« Reply #61 on: Nov 11, 2012, 10:56 »
Big K still gives me the Red warning and blocks me from the front page.
Thanks for the feedback.

Offline Higgs

  • SRO
  • Very Heavy User
  • *****
  • Posts: 1942
  • Karma: 1284
  • Gender: Male
  • Life has a melody...
Re: So What Is This?
« Reply #62 on: Nov 11, 2012, 10:59 »
On my main machine, my Avast is blocking the site again.

On my laptop, Microsoft security essentials gives no warning of anything.

Justin
"How feeble is the mindset to accept defenselessness. How unnatural. How cheap. How cowardly. How pathetic.” - Ted Nugent

Offline Marlin

  • Forum Staff
  • *
  • Posts: 17047
  • Karma: 5147
  • Gender: Male
  • Stop Global Whining!!!
Re: So What Is This?
« Reply #63 on: Nov 11, 2012, 01:40 »
I have access again. Thanx.

Offline Rennhack

  • Forum Administrator
  • *
  • Posts: 8995
  • Karma: 4683
  • Gender: Male
Re: So What Is This?
« Reply #64 on: Nov 11, 2012, 02:09 »
I made one more change.  Hopefully that fixes it.

Offline Rennhack

  • Forum Administrator
  • *
  • Posts: 8995
  • Karma: 4683
  • Gender: Male
Re: So What Is This?
« Reply #65 on: Nov 14, 2012, 09:41 »
Did that last change fix it?

Offline Marlin

  • Forum Staff
  • *
  • Posts: 17047
  • Karma: 5147
  • Gender: Male
  • Stop Global Whining!!!
Re: So What Is This?
« Reply #66 on: Nov 14, 2012, 10:44 »
No problems here.

Offline HydroDave63

  • Retired
  • *
  • Posts: 6295
  • Karma: 6629
Re: So What Is This?
« Reply #67 on: Nov 14, 2012, 08:53 »
Did that last change fix it?

Kaspersky + Firefox = Red threat window

Kaspersky + Chrome = Just fine

This tells me that the threat is aimed at Firefox and IE code, since Kaspersky is the common input but differing results. But IMHO, the Iframer problem is still resident.

My "fix" was to renew my Gold for another year and download Chrome ;)

Offline Rennhack

  • Forum Administrator
  • *
  • Posts: 8995
  • Karma: 4683
  • Gender: Male
Re: So What Is This?
« Reply #68 on: Nov 14, 2012, 09:40 »
Kaspersky + Firefox = Red threat window

Kaspersky + Chrome = Just fine

This tells me that the threat is aimed at Firefox and IE code, since Kaspersky is the common input but differing results. But IMHO, the Iframer problem is still resident.

My "fix" was to renew my Gold for another year and download Chrome ;)

Thanks for the update.  I'll look into it again Sunday (my day off).

Offline Higgs

  • SRO
  • Very Heavy User
  • *****
  • Posts: 1942
  • Karma: 1284
  • Gender: Male
  • Life has a melody...
Re: So What Is This?
« Reply #69 on: Nov 14, 2012, 11:09 »
Blocked by avast + firefox.

Blocked at work.

OK with firefox + microsoft security essentials.
"How feeble is the mindset to accept defenselessness. How unnatural. How cheap. How cowardly. How pathetic.” - Ted Nugent

Fermi2

  • Guest
Re: So What Is This?
« Reply #70 on: Nov 15, 2012, 11:23 »
Just started getting blocked at home with avasts and firefox

Offline Higgs

  • SRO
  • Very Heavy User
  • *****
  • Posts: 1942
  • Karma: 1284
  • Gender: Male
  • Life has a melody...
Re: So What Is This?
« Reply #71 on: Nov 15, 2012, 05:21 »
Blocked by avast + firefox.

Blocked at work.

OK with firefox + microsoft security essentials.


Update from work...,

It's blocked by my work's firewall when using firefox,

but when I use IE, it isn't blocked and works just fine.

I agree with HD..., something is targeting FF. Here is what my work's firewall says;


Request Blocked by Proactive Scanning
Your request to URL "http://www.nukeworker.com/forum//" has been Blocked by McAfee Web Gateway Proactive Scanning. The program could potentially perform operations, which is not allowed by your administrator at this time.

Malware Name:    McAfeeGW: Heuristic.BehavesLike.JS.Infe cted.A
URL:    http://www.nukeworker.com/forum/
File:    http://www.nukeworker.com/forum//
File Type:    -
Reputation Level:    Neutral




Hope it helps.

Justin
"How feeble is the mindset to accept defenselessness. How unnatural. How cheap. How cowardly. How pathetic.” - Ted Nugent

Offline Rennhack

  • Forum Administrator
  • *
  • Posts: 8995
  • Karma: 4683
  • Gender: Male
Re: So What Is This?
« Reply #72 on: Nov 15, 2012, 07:41 »
The files I 'fixed' have been reinfected.... This one is gonna suck.  My outage ends on the 24th.  Until then, I'll try to keep up with it.  Fixing the files each night they are infecting.

They have some of the forum files, and now some of the adserver files laced with crap.
« Last Edit: Nov 15, 2012, 07:42 by Rennhack »

Offline Rennhack

  • Forum Administrator
  • *
  • Posts: 8995
  • Karma: 4683
  • Gender: Male
Re: So What Is This?
« Reply #73 on: Nov 15, 2012, 07:58 »
So... I replaced the adserver files and the forum files (that were altered), and I locked the forum files.  I hope this helps.

Keeps the updates coming in.

Offline Rennhack

  • Forum Administrator
  • *
  • Posts: 8995
  • Karma: 4683
  • Gender: Male
Re: So What Is This?
« Reply #74 on: Nov 15, 2012, 08:01 »
I downloaded an ftp program. (free, and its better than the one I have at home that I paid big bucks for -- I have a new preferred ftp program! Filezilla)

http://filezilla-project.org/

That file zilla is a great tool in our fight against these people.

 


NukeWorker ™ is a registered trademark of NukeWorker.com ™, LLC © 1996-2024 All rights reserved.
All material on this Web Site, including text, photographs, graphics, code and/or software, are protected by international copyright/trademark laws and treaties. Unauthorized use is not permitted. You may not modify, copy, reproduce, republish, upload, post, transmit or distribute, in any manner, the material on this web site or any portion of it. Doing so will result in severe civil and criminal penalties, and will be prosecuted to the maximum extent possible under the law.
Privacy Statement | Terms of Use | Code of Conduct | Spam Policy | Advertising Info | Contact Us | Forum Rules | Password Problem?