Administrators timm525 Posted July 7, 2012 Administrators Report Share Posted July 7, 2012 Every time I click on the page I get a pop up from Kaspersky7/7/2012 1:34:48 PM Detected: HEUR:Trojan.Script.Generic http://www.miamiviceonline.com/forumrunner/detect.js Google Chrome Quote Link to comment Share on other sites More sharing options...
Miami Love 1 Posted July 7, 2012 Report Share Posted July 7, 2012 Threat detectI'm getting the same thing, and I'm having trouble getting on to post. What's going on??? Quote Link to comment Share on other sites More sharing options...
Sjako Posted July 7, 2012 Report Share Posted July 7, 2012 I think virus scanners are a tid bit to cautious. Found this posted by a web developer:I've just been checking a number of websites which I have created for my clients including www. brownemasonpr. co. uk, www .purpleserve. co. uk, www. purpleinsure. co. uk and www. i4-beauty. co. uk.....for all of them I get this "Blackhole Exploit" warning. Having done some digging around and comparing each of the websites I created it would seem the warning is being displayed for anything which has a reference to a .js fileForum runner has a reference to a .js file... Quote Link to comment Share on other sites More sharing options...
Sonny-Burnett Posted July 7, 2012 Report Share Posted July 7, 2012 Malicious code?Think it may still be malicious code as this article suggests:http://stopmalvertising.com/malware-reports/runforestrun-pseudo-random-domains-and-random-exploit-kits.htmlAt the end of the article it is recommending: Plesk PanelIf you are affected by this hack, immediately change passwords of ALL Plesk accounts. This means: Plesk-admin-user, all reseller-accounts, all domain-administrators, FTP users of subdomains and web users of domains. If not done yet, update your Plesk installation.[FIX] Remote vulnerability in Plesk Panel Server Vulnerability Check Update to Parallels Plesk Panel 11 Quote Link to comment Share on other sites More sharing options...
Sjako Posted July 7, 2012 Report Share Posted July 7, 2012 Think it may still be malicious code as this article suggests:http://stopmalvertising.com/malware-reports/runforestrun-pseudo-random-domains-and-random-exploit-kits.htmlAt the end of the article it is recommending:Plesk PanelIf you are affected by this hack' date=' immediately change passwords of ALL Plesk accounts. This means: Plesk-admin-user, all reseller-accounts, all domain-administrators, FTP users of subdomains and web users of domains. If not done yet, update your Plesk installation.[FIX'] Remote vulnerability in Plesk PanelServer Vulnerability CheckUpdate to Parallels Plesk Panel 11Bingo! Checked the .js script. It has the malcious code at the bottom. Caipi time!Sent from my iPad using Forum Runner Quote Link to comment Share on other sites More sharing options...
Sonny-Burnett Posted July 9, 2012 Report Share Posted July 9, 2012 http://stopmalvertising.com/malware-reports/runforestrun-pseudo-random-domains-and-random-exploit-kits.htmlAt the end of the article it is recommending: Plesk PanelIf you are affected by this hack' date=' immediately change passwords of ALL Plesk accounts. This means: Plesk-admin-user, all reseller-accounts, all domain-administrators, FTP users of subdomains and web users of domains. If not done yet, update your Plesk installation.[FIX'] Remote vulnerability in Plesk Panel Server Vulnerability Check Update to Parallels Plesk Panel 11Mine is still showing this same intrusion alert from the Blackhole toolkit---just BUMPING this to make sure the Mods see it Quote Link to comment Share on other sites More sharing options...
Administrators KaeptnCaipi Posted July 9, 2012 Administrators Report Share Posted July 9, 2012 Hm... very strange. Did not get an alert neither at work nor at home. But I'll check it this evening as I return home from work. Quote Link to comment Share on other sites More sharing options...
Sonny-Burnett Posted July 9, 2012 Report Share Posted July 9, 2012 Hm... very strange. Did not get an alert neither at work nor at home. But I'll check it this evening as I return home from work.Hopefully the article I linked to was useful. This threat seems to be infecting a number of websites as of late. Quote Link to comment Share on other sites More sharing options...
Administrators KaeptnCaipi Posted July 9, 2012 Administrators Report Share Posted July 9, 2012 Do you still get the malware alert? Quote Link to comment Share on other sites More sharing options...
Gecko Posted July 9, 2012 Report Share Posted July 9, 2012 Mein Virenschutz von GData sagt immer attackierte Seite und sperrt den Zugriff. Quote Link to comment Share on other sites More sharing options...
Chloe Posted July 9, 2012 Report Share Posted July 9, 2012 Do you still get the malware alert?Yes..i have it again today : ( Quote Link to comment Share on other sites More sharing options...
Morgana Posted July 9, 2012 Report Share Posted July 9, 2012 Earlier on I got diverted to here trying to access the site:Web Server's Default PageThis page is generated by Parallels Plesk Panel, the leading hosting automation software. You see this page because there is no Web site at this address.You can do the following:Create domains and set up Web hosting using Parallels Plesk Panel.For more information please contact Administrator.Then I got sent here:Warning - visiting this web site may harm your computer!Suggestions:Return to the previous page and pick another result.Try another search to find what you're looking for.Or you can continue to http://www.miamiviceonline.com/ at your own risk. For detailed information about the problems we found, visit Google's Safe Browsing diagnostic page for this site.For more information about how to protect yourself from harmful software online, you can visit StopBadware.org.If you are the owner of this web site, you can request a review of your site using Google's Webmaster Tools. More information about the review process is available in Google's Webmaster Help Center.Advisory provided by GoogleAnd the I got:Advisory provided by Safe BrowsingDiagnostic page for miamiviceonline.comWhat is the current listing status for miamiviceonline.com?Site is listed as suspicious - visiting this web site may harm your computer.Part of this site was listed for suspicious activity 1 time(s) over the past 90 days.What happened when Google visited this site?Of the 118 pages we tested on the site over the past 90 days, 2 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2012-07-08, and the last time suspicious content was found on this site was on 2012-07-08.Malicious software is hosted on 2 domain(s), including lohnrnnpvvtxedfl.ru/, ntvrnrdpyoadopbo.ru/.This site was hosted on 3 network(s) including AS8972 (PLUSSERVER), AS15169 (Google Internet Backbone), AS4436 (AS).Has this site acted as an intermediary resulting in further distribution of malware?Over the past 90 days, miamiviceonline.com did not appear to function as an intermediary for the infection of any sites.Has this site hosted malware?No, this site has not hosted malicious software over the past 90 days.How did this happen?In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.Next steps:Return to the previous page.If you are the owner of this web site, you can request a review of your site using Google Webmaster Tools. More information about the review process is available in Google's Webmaster Help Center.Updated 3 hours ago Quote Link to comment Share on other sites More sharing options...
Administrators timm525 Posted July 9, 2012 Administrators Report Share Posted July 9, 2012 I'm ok on my end today. Quote Link to comment Share on other sites More sharing options...
Administrators KaeptnCaipi Posted July 10, 2012 Administrators Report Share Posted July 10, 2012 5 1/2 hours of hard work yesterday evening... :evil:Hope, I could fix the problem. Quote Link to comment Share on other sites More sharing options...
Pandina Posted July 10, 2012 Report Share Posted July 10, 2012 All seems fine today.Thanks for the hard work Caipi! Quote Link to comment Share on other sites More sharing options...
Sonny-Burnett Posted July 10, 2012 Report Share Posted July 10, 2012 5 1/2 hours of hard work yesterday evening... :evil:Hope' date=' I could fix the problem.[/quote']Wow, 5.5 hours is a lot of work. What did you have to do to solve the problem, Caipi? No alerts as of today thus far. Quote Link to comment Share on other sites More sharing options...
Administrators KaeptnCaipi Posted July 10, 2012 Administrators Report Share Posted July 10, 2012 Wow' date=' 5.5 hours is a lot of work. What did you have to do to solve the problem, Caipi? No alerts as of today thus far.[/quote']Change all passwords for our server, FTP..., upload all vBulletin files again, check files for malware, delete old files, update server software... Quote Link to comment Share on other sites More sharing options...
Sonny-Burnett Posted July 10, 2012 Report Share Posted July 10, 2012 Change all passwords for our server' date=' FTP..., upload all vBulletin files again, check files for malware, delete old files, update server software...[/quote']I recall the article I read did seem to suggest that the server passwords likely were compromised as it suggested all of them be reset. The scammers are getting more inventive these days. Thanks for all your efforts. Quote Link to comment Share on other sites More sharing options...
miamijimf Posted July 10, 2012 Report Share Posted July 10, 2012 No problem this morning. Quote Link to comment Share on other sites More sharing options...
Tonysmallz Posted July 10, 2012 Author Report Share Posted July 10, 2012 thanks for sorting out the problem, great people looking after this site, sounded like a lot of work and i apriciate it Quote Link to comment Share on other sites More sharing options...
CarolineUK Posted July 10, 2012 Report Share Posted July 10, 2012 Yes, thank you very much, Caipi :clap: Quote Link to comment Share on other sites More sharing options...
Matt5 Posted July 11, 2012 Report Share Posted July 11, 2012 [ATTACH=CONFIG]6405[/ATTACH]says its coming from forum runner.Is it ok - I couldnt get on .ws for days cos of threat Quote Link to comment Share on other sites More sharing options...
juscat Posted July 12, 2012 Report Share Posted July 12, 2012 Thanks for your big efforts, Caipi. Nothing to report from my end, either. Quote Link to comment Share on other sites More sharing options...
Kavinsky Posted July 20, 2012 Report Share Posted July 20, 2012 Okay seems to be fine on my end as well, nothing so far.glad to be back online and back here again. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.