McAfee is giving me alert on the following virus when browsing TAMON forums.
JS/Exploit-MhtRedir.gen Trojan.
It gets deleted every time, but its something new that has popped up.
Virus alert?
this is different to the last one...
Nod32 comes up with a visual basic sript exploit.Phel.I trojan. But the trojan doesnt come from tamon... it comes from 82.179.170.11 which is a pc in north central netherland. cant resolve the ip to a host name and only ftp, http and dns ports are open.
probably the best option would be to block the ip address in an internal firewall till brayden can get ontop of it
security patches to prevent the trojan are available at
http://www.microsoft.com/technet/securi ... 5-001.mspx
the virus is spread through mhttp.
there is/was another case of this where a site was hacked and the html code was changed..
Nod32 comes up with a visual basic sript exploit.Phel.I trojan. But the trojan doesnt come from tamon... it comes from 82.179.170.11 which is a pc in north central netherland. cant resolve the ip to a host name and only ftp, http and dns ports are open.
probably the best option would be to block the ip address in an internal firewall till brayden can get ontop of it
security patches to prevent the trojan are available at
http://www.microsoft.com/technet/securi ... 5-001.mspx
the virus is spread through mhttp.
there is/was another case of this where a site was hacked and the html code was changed..
Hey guys, I'm not getting any virus warnings on my PC (WinXP / Norton / FireFox / D-Link router w/firewall)
The only time this site was hacked it wasn't malicious, just an html index page and some other little file structure changes.
The site host has made some unannounced changes to the server that caused a few issues over the last couple of days but they're absolutely useless at giving support. Thankfully I managed to solve that.
eDave is currently working on the new site and it will be hosted on a new server, which will see an end to these niggling issues.
The only time this site was hacked it wasn't malicious, just an html index page and some other little file structure changes.
The site host has made some unannounced changes to the server that caused a few issues over the last couple of days but they're absolutely useless at giving support. Thankfully I managed to solve that.
eDave is currently working on the new site and it will be hosted on a new server, which will see an end to these niggling issues.
F8B EFI turbo - Three pots and a snail.
Gladier, thanks for that IP address. I've blocked it from accessing the server, which should hopefully fix the problem.
As this problem is a Microsoft exploit, I would suggest that people don't use shitty Internet Explorer and switch to something like FireFox or Opera.
As this problem is a Microsoft exploit, I would suggest that people don't use shitty Internet Explorer and switch to something like FireFox or Opera.
F8B EFI turbo - Three pots and a snail.
! w00t![url=http://www.tamon.org/?page=owners&id=10][img]http://www.tamon.org/forum/images/ute_specs.gif[/img][/url]
fix in progress
EDIT: fixed. f*#king stupid ghey hacker script kiddies
EDIT: fixed. f*#king stupid ghey hacker script kiddies
F8B EFI turbo - Three pots and a snail.
I was trying to browse klass last night using Mozilla and I kept getting the
Active X warning(I have active x completely blocked) I was getting about 12 or so warnings and also a page was trying to open but was blank presumably because of Active x being blocked. I had to keep clicking X on both to get rid of it, every time I tried acces a page it would come up, eventually i gave up, but it's not here tonight (I am on IE tonight) can't remember the dtails but it was some Ad title in CC wherever that is.
Active X warning(I have active x completely blocked) I was getting about 12 or so warnings and also a page was trying to open but was blank presumably because of Active x being blocked. I had to keep clicking X on both to get rid of it, every time I tried acces a page it would come up, eventually i gave up, but it's not here tonight (I am on IE tonight) can't remember the dtails but it was some Ad title in CC wherever that is.
Sorry mate, mozilla doesnt have ActiveX
I think you're thinking of Javascript as that's what this hack was.
I think you're thinking of Javascript as that's what this hack was.
Yeah.
It was simply an encoded script which when run would write an iframe to the browser and attempt to load another site.
I've secured up the forum a bit as well, so hopefully it won't happen again before I move it over the new server (where, if anyone plays around with it, will get utterly punished).
Phear /\/\3 |<1dd13z.
It was simply an encoded script which when run would write an iframe to the browser and attempt to load another site.
I've secured up the forum a bit as well, so hopefully it won't happen again before I move it over the new server (where, if anyone plays around with it, will get utterly punished).
Phear /\/\3 |<1dd13z.
yeah - but the secret is to replace eval with alert and it displays the code they've encrypted.
I run both ie and mozilla I don't particularly like mozilla I only use it for email usually but I am pretty sure I was on mozilla at the time but if U say I couldn't have been then I couldn't have been!
I think someone should write a poison pill script that when a hacker tries to put some spam or ad or whatever on your computer it automatically sends back a poison pill that after say a day Or when some event occurs like the 500th "E" is received at it starts to wreck the script on their computer.
I think someone should write a poison pill script that when a hacker tries to put some spam or ad or whatever on your computer it automatically sends back a poison pill that after say a day Or when some event occurs like the 500th "E" is received at it starts to wreck the script on their computer.