Sign in to follow this  
Tonysmallz

threat detected, black hole exploit.

Recommended Posts

Miami Love 1

Threat detectI'm getting the same thing, and I'm having trouble getting on to post. What's going on???

Share this post


Link to post
Share on other sites
Sjako

I think virus scanners are a tid bit to cautious. Found this posted by a web developer:I've just been checking a number of websites which I have created for my clients including www. brownemasonpr. co. uk, www .purpleserve. co. uk, www. purpleinsure. co. uk and www. i4-beauty. co. uk.....for all of them I get this "Blackhole Exploit" warning. Having done some digging around and comparing each of the websites I created it would seem the warning is being displayed for anything which has a reference to a .js fileForum runner has a reference to a .js file...

Share this post


Link to post
Share on other sites
Sonny-Burnett

Malicious code?Think it may still be malicious code as this article suggests:http://stopmalvertising.com/malware-reports/runforestrun-pseudo-random-domains-and-random-exploit-kits.htmlAt the end of the article it is recommending: Plesk PanelIf you are affected by this hack, immediately change passwords of ALL Plesk accounts. This means: Plesk-admin-user, all reseller-accounts, all domain-administrators, FTP users of subdomains and web users of domains. If not done yet, update your Plesk installation.[FIX] Remote vulnerability in Plesk Panel Server Vulnerability Check Update to Parallels Plesk Panel 11

Share this post


Link to post
Share on other sites
Sjako

Think it may still be malicious code as this article suggests:http://stopmalvertising.com/malware-reports/runforestrun-pseudo-random-domains-and-random-exploit-kits.htmlAt the end of the article it is recommending:Plesk PanelIf you are affected by this hack' date=' immediately change passwords of ALL Plesk accounts. This means: Plesk-admin-user, all reseller-accounts, all domain-administrators, FTP users of subdomains and web users of domains. If not done yet, update your Plesk installation.[FIX'] Remote vulnerability in Plesk PanelServer Vulnerability CheckUpdate to Parallels Plesk Panel 11

Bingo! Checked the .js script. It has the malcious code at the bottom. Caipi time!Sent from my iPad using Forum Runner

Share this post


Link to post
Share on other sites
Sonny-Burnett

http://stopmalvertising.com/malware-reports/runforestrun-pseudo-random-domains-and-random-exploit-kits.htmlAt the end of the article it is recommending: Plesk PanelIf you are affected by this hack' date=' immediately change passwords of ALL Plesk accounts. This means: Plesk-admin-user, all reseller-accounts, all domain-administrators, FTP users of subdomains and web users of domains. If not done yet, update your Plesk installation.[FIX'] Remote vulnerability in Plesk Panel Server Vulnerability Check Update to Parallels Plesk Panel 11

Mine is still showing this same intrusion alert from the Blackhole toolkit---just BUMPING this to make sure the Mods see it

Share this post


Link to post
Share on other sites
KaeptnCaipi

Hm... very strange. Did not get an alert neither at work nor at home. But I'll check it this evening as I return home from work.

Share this post


Link to post
Share on other sites
Sonny-Burnett

Hm... very strange. Did not get an alert neither at work nor at home. But I'll check it this evening as I return home from work.

Hopefully the article I linked to was useful. This threat seems to be infecting a number of websites as of late.

Share this post


Link to post
Share on other sites
KaeptnCaipi

Do you still get the malware alert?

Share this post


Link to post
Share on other sites
Gecko

Mein Virenschutz von GData sagt immer attackierte Seite und sperrt den Zugriff.

Share this post


Link to post
Share on other sites
Chloe

Do you still get the malware alert?

Yes..i have it again today : (

Share this post


Link to post
Share on other sites
Morgana

Earlier on I got diverted to here trying to access the site:Web Server's Default PageThis page is generated by Parallels Plesk Panel, the leading hosting automation software. You see this page because there is no Web site at this address.You can do the following:Create domains and set up Web hosting using Parallels Plesk Panel.For more information please contact Administrator.Then I got sent here:Warning - visiting this web site may harm your computer!Suggestions:Return to the previous page and pick another result.Try another search to find what you're looking for.Or you can continue to http://www.miamiviceonline.com/ at your own risk. For detailed information about the problems we found, visit Google's Safe Browsing diagnostic page for this site.For more information about how to protect yourself from harmful software online, you can visit StopBadware.org.If you are the owner of this web site, you can request a review of your site using Google's Webmaster Tools. More information about the review process is available in Google's Webmaster Help Center.Advisory provided by GoogleAnd the I got:Advisory provided by Safe BrowsingDiagnostic page for miamiviceonline.comWhat is the current listing status for miamiviceonline.com?Site is listed as suspicious - visiting this web site may harm your computer.Part of this site was listed for suspicious activity 1 time(s) over the past 90 days.What happened when Google visited this site?Of the 118 pages we tested on the site over the past 90 days, 2 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2012-07-08, and the last time suspicious content was found on this site was on 2012-07-08.Malicious software is hosted on 2 domain(s), including lohnrnnpvvtxedfl.ru/, ntvrnrdpyoadopbo.ru/.This site was hosted on 3 network(s) including AS8972 (PLUSSERVER), AS15169 (Google Internet Backbone), AS4436 (AS).Has this site acted as an intermediary resulting in further distribution of malware?Over the past 90 days, miamiviceonline.com did not appear to function as an intermediary for the infection of any sites.Has this site hosted malware?No, this site has not hosted malicious software over the past 90 days.How did this happen?In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.Next steps:Return to the previous page.If you are the owner of this web site, you can request a review of your site using Google Webmaster Tools. More information about the review process is available in Google's Webmaster Help Center.Updated 3 hours ago

Share this post


Link to post
Share on other sites
timm525

I'm ok on my end today. :thumbsup:

Share this post


Link to post
Share on other sites
KaeptnCaipi

5 1/2 hours of hard work yesterday evening... :evil::evil:Hope, I could fix the problem.

Share this post


Link to post
Share on other sites
Pandina

All seems fine today.Thanks for the hard work Caipi! :clap:

Share this post


Link to post
Share on other sites
Sonny-Burnett
5 1/2 hours of hard work yesterday evening... :evil::evil:Hope' date=' I could fix the problem.[/quote']Wow, 5.5 hours is a lot of work. What did you have to do to solve the problem, Caipi? No alerts as of today thus far.

Share this post


Link to post
Share on other sites
KaeptnCaipi
Wow' date=' 5.5 hours is a lot of work. What did you have to do to solve the problem, Caipi? No alerts as of today thus far.[/quote']Change all passwords for our server, FTP..., upload all vBulletin files again, check files for malware, delete old files, update server software...

Share this post


Link to post
Share on other sites
Sonny-Burnett
Change all passwords for our server' date=' FTP..., upload all vBulletin files again, check files for malware, delete old files, update server software...[/quote']I recall the article I read did seem to suggest that the server passwords likely were compromised as it suggested all of them be reset. The scammers are getting more inventive these days. Thanks for all your efforts. :thumbsup:

Share this post


Link to post
Share on other sites
miamijimf

No problem this morning.

Share this post


Link to post
Share on other sites
Tonysmallz

thanks for sorting out the problem, great people looking after this site, sounded like a lot of work and i apriciate it :thumbsup:

Share this post


Link to post
Share on other sites
CarolineUK

Yes, thank you very much, Caipi :thumbsup::clap::clap:

Share this post


Link to post
Share on other sites
Matt5

[ATTACH=CONFIG]6405[/ATTACH]says its coming from forum runner.

Is it ok - I couldnt get on .ws for days cos of threat :D

Share this post


Link to post
Share on other sites
juscat

Thanks for your big efforts, Caipi. :clap: Nothing to report from my end, either. :thumbsup:

Share this post


Link to post
Share on other sites
Kavinsky

Okay seems to be fine on my end as well, nothing so far.glad to be back online and back here again.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this