TriS reported as an Attack site
Moderators: justTripn, Elessar, dark_rain
Re: TriS reported as an Attack site
Their reply is only half-true. They don't block the site, but they deactivate all javascript if you choose 'ignore this warning'. That's why the formatting is all messed up, because for reasons that escape my understanding, the archive part of TriS is relying heavily on javascript, which is unneccessary. Most of what's done in JavaScript can be just as easily implemented using CSS-classes, which are generally much safer than using JavaScript, which is a major source of scurity problems and browser incompatibilities.
Re: TriS reported as an Attack site
FYI: My computer crashed after trying to visit the forum the other day. Part of my hard drive was gone. I am now working on a different, isolated hard drive. Still fear I have to bring in my computer for some major repairs. I also heard from another member that she was infected with a nasty virus when she visited the site. It turned out to be that kind of software which is aimed to get personal information. She had to repair her computer.
Hopefully everything is solved now.
Hopefully everything is solved now.
Love is a verb.
Chapter 17 of Word of Ice is up!
https://www.fanfiction.net/s/8522099/17/World-of-Ice
The Naked Truth and other necessities of life
https://www.fanfiction.net/s/12056258/1 ... es-of-life
Chapter 17 of Word of Ice is up!
https://www.fanfiction.net/s/8522099/17/World-of-Ice
The Naked Truth and other necessities of life
https://www.fanfiction.net/s/12056258/1 ... es-of-life
- Kevin Thomas Riley
- Rear Admiral
- Posts: 4336
- Joined: Wed Dec 27, 2006 2:42 am
- Show On Map: No
- Location: NX-01
Re: TriS reported as an Attack site
My Google doesn't block it. However, I got a Norton warning that it had blocked whatever it is. I could still see the main page though (it doesn't always do that whem it say it has blocked something).
It said that it was a Web Attack: Blackhole Toolkit Website 5
The attacking URL is: vfgkpjtq.co.tv/forum.php?to=dd05b6b7bbcae20d
whatever all that means?
It said that it was a Web Attack: Blackhole Toolkit Website 5
The attacking URL is: vfgkpjtq.co.tv/forum.php?to=dd05b6b7bbcae20d
whatever all that means?
She's got an awfully nice bum!
-Malcolm Reed on T'Pol, in Shuttlepod One
-Malcolm Reed on T'Pol, in Shuttlepod One
Re: TriS reported as an Attack site
It does look as if the site has been compromised by having that dodgy script from .co.tv inserted into the home page.
Luckily the Firefox NoScript blocked it for me, and Firefox warned about the infection anyway. But others might not be so lucky.
Luckily the Firefox NoScript blocked it for me, and Firefox warned about the infection anyway. But others might not be so lucky.
- Silverbullet
- Commodore
- Posts: 3507
- Joined: Thu May 14, 2009 4:38 pm
- Show On Map: No
- Location: Casa Grande , Arizona
Re: TriS reported as an Attack site
KKTR, I have been notified a few times in the past day sthat the blackhole Toolkit Web 5 had been blocked when it attacked my computer. Apparently my firewall is successful at fending it off. I ran a anti Malware program but it came up with nothing. I have a anti spybot program but don't think that the blackhole toolkit Web 5 is a spybot.
I did say the other day I had a warning about this. Unfortunately my memory is bad so I used Blackbox tooolkit instead of Blackhole Toolkit Web5. TW the notice said it ws a Web attack.
SB
I did say the other day I had a warning about this. Unfortunately my memory is bad so I used Blackbox tooolkit instead of Blackhole Toolkit Web5. TW the notice said it ws a Web attack.
SB
I am Retired. Having a good time IS my job
- justTripn
- Consigliere
- Posts: 3991
- Joined: Tue Dec 26, 2006 11:12 pm
- Show On Map: No
- Location: Pittsburgh
Re: TriS reported as an Attack site
Cogito, I got your message and somehow removed the alert. Without knowing the IT aspects of this, I beleive you are right. We should probably take down the site until we can figure out what is wrong. Someone please turn this post into an alert by clicking on the exclaimation point.
Thank you,
Ann
Thank you,
Ann
I'm donating my body to science fiction.
- justTripn
- Consigliere
- Posts: 3991
- Joined: Tue Dec 26, 2006 11:12 pm
- Show On Map: No
- Location: Pittsburgh
Re: TriS reported as an Attack site
OK, I was able to turn my own post into an alert. I'll try to contact Elessar.
I'm donating my body to science fiction.
- justTripn
- Consigliere
- Posts: 3991
- Joined: Tue Dec 26, 2006 11:12 pm
- Show On Map: No
- Location: Pittsburgh
Re: TriS reported as an Attack site
Well, it looks like our IT guys have at least heard about the problem. I hope they are dashing to our rescue. Thanks Cogito.
I'm donating my body to science fiction.
Re: TriS reported as an Attack site
As I said, we're aware of it and we've been working on it. We appreciate your diligence, we've already contacted BadWares and removed the offending script but it is self-replicating. We're looking into it further with the Host to see what we can do to increase security.
In the meantime, I apologize for the inconvenience but it would seem to be an overreaction at this time to take the site down. Most browsers and all anti-virus clients will keep you safe from the malware, which is likely aimed at retrieving personal information, not causing widespread havoc and system failures. I cannot say with certainty there's no connection but it's unlikely - the era of 14 yr olds programming doomsday viruses for a laugh has long since been replaced with greed-driven worms and trojans designed to retrieve personal browsing information to sell to advertising firms. Your machine is probably compromised or attacked by bugs like this on a daily basis, as many sites are routinely compromised by 3rd party malwares of this nature.
Again, we're doing everything we can to isolate and remove the offending code. For now, I would suggest everyone make sure they're running antivirus clients (as you already should be...) and that they are fully up to date. We'll post updates as they become available.
I would also suggest to anyone concerned about the integrity of their system to install and run Spybot Search & Destroy
In the meantime, I apologize for the inconvenience but it would seem to be an overreaction at this time to take the site down. Most browsers and all anti-virus clients will keep you safe from the malware, which is likely aimed at retrieving personal information, not causing widespread havoc and system failures. I cannot say with certainty there's no connection but it's unlikely - the era of 14 yr olds programming doomsday viruses for a laugh has long since been replaced with greed-driven worms and trojans designed to retrieve personal browsing information to sell to advertising firms. Your machine is probably compromised or attacked by bugs like this on a daily basis, as many sites are routinely compromised by 3rd party malwares of this nature.
Again, we're doing everything we can to isolate and remove the offending code. For now, I would suggest everyone make sure they're running antivirus clients (as you already should be...) and that they are fully up to date. We'll post updates as they become available.
I would also suggest to anyone concerned about the integrity of their system to install and run Spybot Search & Destroy
"I call shotgun!"
"I call nine millimeter." - John and Cameron
Favorites:
Vulcan For...
Your Mom n' Me
"I call nine millimeter." - John and Cameron
Favorites:
Vulcan For...
Your Mom n' Me
- justTripn
- Consigliere
- Posts: 3991
- Joined: Tue Dec 26, 2006 11:12 pm
- Show On Map: No
- Location: Pittsburgh
Re: TriS reported as an Attack site
NEVER MIND! The Triaxian Silk facebook page is legit.
I'm donating my body to science fiction.
- Silverbullet
- Commodore
- Posts: 3507
- Joined: Thu May 14, 2009 4:38 pm
- Show On Map: No
- Location: Casa Grande , Arizona
Re: TriS reported as an Attack site
Got latest updates and then ran Spybot Search and destroy. Nada. Came up empty. No spy bots apparently. Have no idea what this Web Attack Blackhole Toolkit Web 5 is.
SB
SB
I am Retired. Having a good time IS my job
Re: TriS reported as an Attack site
Silverbullet wrote:Got latest updates and then ran Spybot Search and destroy. Nada. Came up empty. No spy bots apparently. Have no idea what this Web Attack Blackhole Toolkit Web 5 is.
SB
I've read the Symantec analysis of the thing and in all my 16 years of experience as a professional programmer, I've never seen such an evil piece of work That thing goes to ridiculous lengths to conceal itself within websites and anyone short of a professional would never even notice a thing, although one has to concede that most producers of websites provide a fertile environment for such things to succeed, since most people these days use WYSIWYG tools to create their websites by point-and-click, rather than good ol' handcraft, for which you don't need anything but a paint program and a text editor, else people would recognize the suspicious block of hex-dump suddenly appearing in the resulting HTML source.
I hate to sound like an old man, but the best way to be sure of safety is programming sites like in the olden days, even if it is significantly slower and the source has to be monitored regularily. To the untrained eye, things like this blackhole toolkit are practically invisible, which is, why it is so dangerous.
- justTripn
- Consigliere
- Posts: 3991
- Joined: Tue Dec 26, 2006 11:12 pm
- Show On Map: No
- Location: Pittsburgh
Re: TriS reported as an Attack site
justTripn wrote:The Triaxian Silk facebook page is legit.
I'm donating my body to science fiction.
- Silverbullet
- Commodore
- Posts: 3507
- Joined: Thu May 14, 2009 4:38 pm
- Show On Map: No
- Location: Casa Grande , Arizona
Re: TriS reported as an Attack site
Kotik, obviously my computer is being attacked but the firewall is holding and blocking The blackhole Toolkit Web 5. How in Hell does one get rid of the damned thinig for good. I am afraid that it just might succeed in its attack once which is all it will need.
why in gods name ae these people doing this. Bad enough that those kids used to let loose their little pieces of hate.
Like you I am too damned old for this shit.
SB
why in gods name ae these people doing this. Bad enough that those kids used to let loose their little pieces of hate.
Like you I am too damned old for this shit.
SB
I am Retired. Having a good time IS my job
Re: TriS reported as an Attack site
Silverbullet,
What your firewall is blocking, is the trojans attempts to call home and/or downloading more trojans. Removing them completely is usually a very tedious bit of work. I once had a trojan infection on my main development machine and it took me several hours to get rid of it completely and only over a decade of experience made it possible at all.
I'm afraid, once it is infected, you can't really avoid to let an expert take care of your machine. Sometimes a complete re-installation is unavoidable as latest generation trojans do not only contain code to conceal themselves, they actually contain code to actively fight removal.
About the motivation to write such things? Well for most of those "l33t hax0rz" it is first and foremost a binary penis enlargement. They feed their ego by hiding behind a ridiculous nickname and tell everybody that they wrote this or that virus and think they are great.
The sad bit is, that some of them are actually bloody good programmers. I've seen a few dissected trojans or dissected them myself and the coding was excellent. This is why some of them are so dangerous - they aren't written by some dimwitted script-kiddie, but by brilliant coders with a character and a social problem.
What your firewall is blocking, is the trojans attempts to call home and/or downloading more trojans. Removing them completely is usually a very tedious bit of work. I once had a trojan infection on my main development machine and it took me several hours to get rid of it completely and only over a decade of experience made it possible at all.
I'm afraid, once it is infected, you can't really avoid to let an expert take care of your machine. Sometimes a complete re-installation is unavoidable as latest generation trojans do not only contain code to conceal themselves, they actually contain code to actively fight removal.
About the motivation to write such things? Well for most of those "l33t hax0rz" it is first and foremost a binary penis enlargement. They feed their ego by hiding behind a ridiculous nickname and tell everybody that they wrote this or that virus and think they are great.
The sad bit is, that some of them are actually bloody good programmers. I've seen a few dissected trojans or dissected them myself and the coding was excellent. This is why some of them are so dangerous - they aren't written by some dimwitted script-kiddie, but by brilliant coders with a character and a social problem.
Who is online
Users browsing this forum: No registered users and 27 guests