Be careful

View previous topic View next topic Go down

Be careful

Post by Grace on Wed Oct 14, 2009 11:39 am

when downloading icons, smileys and other fun stuff. Many sites are on purpose infected with malicious programs.

It seems I encountered several times something strange on this site - whereever this comes from - as my excellent antivirus and internet security tool blocked pages saying there was something on it. I identified some flash thingie so far but cannot tell whether it's phishing or trojaner (opening your computer for third party access).

So please download a free antivirus if you don't have it on your PC and run a check whenever you download anything from the net.
(and don't upload anything here that was not scanned).

It would be a pity to have this site getting infected or spreading things we don't like.

Keep your eyes open. Michael Jackson is a magnet for all evil as well.
avatar
Grace
Platinum Member
Platinum Member

Aantal berichten : 672
Registratiedatum : 2009-08-19

View user profile

Back to top Go down

Re: Be careful

Post by city.gal1 on Wed Oct 14, 2009 11:41 am

I've been having a lot of problems with this site as well the last two days, somethimes I cannot post or log in and I have also had some "stuff" blocked by my firewall.

Second that!
avatar
city.gal1
Platinum Member
Platinum Member

Aantal berichten : 556
Registratiedatum : 2009-09-24

View user profile

Back to top Go down

Re: Be careful

Post by THE JACKSONOLOGIST on Wed Oct 14, 2009 11:49 am

I just PM'd Souza about me having problems with the site too. she told me it was Forumotion doing site updates....so..

I have excellent virus program on my PC too...but we do need to watch out.
avatar
THE JACKSONOLOGIST
Moderator
Moderator

Aantal berichten : 2436
Registratiedatum : 2009-08-04
Leeftijd : 47
Woonplaats : USA

View user profile

Back to top Go down

Re: Be careful

Post by Harleyblonde on Wed Oct 14, 2009 12:02 pm

I have in the past had very bad virus's on my PC that wiped everything off, my photoshop, all my music, photos etc. ("Trojan horse" the guy said) I had the get a PC guy to sort it as I didnt know what the problem was. I was told weeks before by a friend about a free downloading music site which she had been using for a while and I used it, the PC guy said do not ever trust the "free" downloading sites as people do the virus thing just for badness and they can infect thousands within minutes and a firewall doesn't always block it as I was with Norton then. Take care with these free sites-I will not use them at all now. Oh and my friend by the way also got the same with her PC within weeks and lost everything.
avatar
Harleyblonde
Diamond Member
Diamond Member

Aantal berichten : 1215
Registratiedatum : 2009-09-06
Woonplaats : UK

View user profile

Back to top Go down

Re: Be careful

Post by ILuvUMoreMJ on Wed Oct 14, 2009 8:39 pm

That's why I use a Mac. Wink
avatar
ILuvUMoreMJ
Moderator
Moderator

Aantal berichten : 977
Registratiedatum : 2009-10-02

View user profile

Back to top Go down

Re: Be careful

Post by Grace on Wed Oct 14, 2009 10:09 pm

Please don't read and continue as if there was nothing.
We have to do something about this.

This site is giving me headaches now since yesterday as whenever I click to see a new page there is an alert that malicious software such as phishing, social engineering and trojan horses was hidden on the mjkit site.

Would everybody hosting images on or setting links to other sites please check where their sources are coming from (downloaded from an infected site ? many smiley pages are full of viruses)?

The alert I get is pointing to an IP of Yahoo Europe so please check and delete everything there and host somewhere else if possible.

I have seen some people are setting links to some smiley pages.
In fact, we have good smileys here and we don't need additional smileys.
We were happy and safe so far, weren't we?
The dangers are far too big if we link non-trustful sites in here.

Yesterday was a weird day anyway as if negative energies wanted to destroy us. Go clean the house please. If this is going to continue, I will refrain from visiting.

Infecting PCs with malicious software and / or keeping people off this site are potential motivations why this is happening.

Will we allow trolls to destroy MJKIT ?
avatar
Grace
Platinum Member
Platinum Member

Aantal berichten : 672
Registratiedatum : 2009-08-19

View user profile

Back to top Go down

Re: Be careful

Post by iMISSYOUMJ on Wed Oct 14, 2009 10:20 pm

How do I check whether there is virus in my desktop or not?
avatar
iMISSYOUMJ
Platinum Member
Platinum Member

Aantal berichten : 948
Registratiedatum : 2009-09-24
Leeftijd : 21
Woonplaats : Singapore

View user profile

Back to top Go down

Re: Be careful

Post by Grace on Wed Oct 14, 2009 10:31 pm

You would have to download an antivirus software and scan your desktop regularily - best is every night before shutdown.

this is advertisement now but I am very happy since years with this one and it has a good free version:

http://free.avg.com/de-en/homepage

Don't forget to update daily. They have several updates every day so they are really knowing what they do.
Personally, I don't trust Norton since this let a 2 year old trojan horse through and it was really a mess to get it out again.

The professional version of AVG has extended features such as live link check when surfing - they tell you immediately if there is something wrong. The prof version is not too expensive either. I like it. So, this was my testimony of where and why I am happy too in another part of my life. LOL

I would die if some idiot infected my desktop and take everything away that is stored.
avatar
Grace
Platinum Member
Platinum Member

Aantal berichten : 672
Registratiedatum : 2009-08-19

View user profile

Back to top Go down

Re: Be careful

Post by iMISSYOUMJ on Wed Oct 14, 2009 10:32 pm

I think my desktop is with virus now, I can't even download anything. If I click on download, my PC will just shut down automatically!
avatar
iMISSYOUMJ
Platinum Member
Platinum Member

Aantal berichten : 948
Registratiedatum : 2009-09-24
Leeftijd : 21
Woonplaats : Singapore

View user profile

Back to top Go down

Re: Be careful

Post by Grace on Wed Oct 14, 2009 10:46 pm

try with right mouse click "store file at ..."

If this doesn't help, there's the excellent online scanner of Kaspersky, one of the real experts in this field. (You can change the location on top to get access to servers closer to you)

http://usa.kaspersky.com/
avatar
Grace
Platinum Member
Platinum Member

Aantal berichten : 672
Registratiedatum : 2009-08-19

View user profile

Back to top Go down

Re: Be careful

Post by Grace on Wed Oct 14, 2009 11:08 pm

This is getting weirder by the minute...

I just saw the time of the posts as 10:00 pm (US westcoast) and a minute later after a browser crash I get these warnings again that the site would be infected and time of the posts has switched back to Central Europe time of 7:00 am ?

Are forumotion switching the servers back and forth or is somebody hacking this site?

I will go now because this is TOO strange for me to understand.
avatar
Grace
Platinum Member
Platinum Member

Aantal berichten : 672
Registratiedatum : 2009-08-19

View user profile

Back to top Go down

Re: Be careful

Post by Grace on Wed Oct 14, 2009 11:33 pm

Look at these screenshots just taken within several minutes :

UK time




US westcoast


Central European Time (Summer Time)




What is happening here with this site? I am really worried now. We didn't see that happen in all those months.
I pmed Souza on it, hope she can clarify or help out.
avatar
Grace
Platinum Member
Platinum Member

Aantal berichten : 672
Registratiedatum : 2009-08-19

View user profile

Back to top Go down

Re: Be careful

Post by iMISSYOUMJ on Thu Oct 15, 2009 12:32 am

Ok well it's really strange!
And yeah, I keep on getting maintence and disconnection this fews weeks from this forum.
avatar
iMISSYOUMJ
Platinum Member
Platinum Member

Aantal berichten : 948
Registratiedatum : 2009-09-24
Leeftijd : 21
Woonplaats : Singapore

View user profile

Back to top Go down

Re: Be careful

Post by Grace on Sat Oct 17, 2009 1:32 am

Yesterday I got all these alerts of my internet security tool that some malicious software is sitting on this site.

Today I got the confirmation:

There is a popup window coming up when scrolling or clicking saying

WEBWATCHGUARD
and that there would be a threat and you should click on this popup

DONT CLICK ON THAT POPUP ! YOU WILL MOST LIKELY INFECT YOUR DESKTOP !

This webwatchguard.com site was registered October 12 and the DNS server is sitting in the Ukraine, a country that has many hackers serving the internet in a destructive way.

This is the link shown to that malicious site





http://webwatchguard.com/online/6503137ea9924ea78ce178be76f45ee6/376d

(I cut off some of the numbers so you don't get in trouble, I have it here though if Admin needs it)



This is whois of this site
WHOIS - webwatchguard.com



status = "Getting WHOIS results...";Registrar: DIRECTI INTERNET SOLUTIONS PVT. LTD. D/B/A PUBLICDOMAINREGISTRY.COM
Status: clientTransferProhibited
Dates: Created 12-oct-2009 Updated 16-oct-2009 Expires 12-oct-2010
DNS Servers: NS1.WEBWATCHGUARD.COM NS2.WEBWATCHGUARD.COM

I was referred to whois.PublicDomainRegistry.com; I'm looking it up there.

WHOIS - webwatchguard.com



status = "Getting WHOIS results...";Registrar: DIRECTI INTERNET SOLUTIONS PVT. LTD. D/B/A PUBLICDOMAINREGISTRY.COM
Status: clientTransferProhibited
Dates: Created 12-oct-2009 Updated 16-oct-2009 Expires 12-oct-2010
DNS Servers: NS1.WEBWATCHGUARD.COM NS2.WEBWATCHGUARD.COM

or from another whois website you'd get this information:

Domain Name: WEBWATCHGUARD.COM

Registrant:
N/A
Albert Trust ([img]http://source.domaintools.com/email.pgif?md5=e8c7d784fe30d42e295a038a507af085&face=arial&size=9&color=000000&bgcolor=FFFFFF&face=arial&size=9&color=0000FF&bgcolor=FFFFFF&format[]=underline&format[]=transparent&format[]=transparent[/img])
6121 Frontenac St,
Philadelphia
Pennsylvania,19149
US
Tel. +215.7433148

Creation Date: 12-Oct-2009
Expiration Date: 12-Oct-2010

Domain servers in listed order:
ns1.webwatchguard.com
ns2.webwatchguard.com

This is what you get when checking the DNS traversal
DNS Traversal for ns1.webwatchguard.com.

Getting NS record list at g.root-servers.net... Done!

Looking up at the 13 com. parent servers:

ServerResponseTime
l.gtld-servers.net [192.41.162.30] 194.54.81.98 42ms
d.gtld-servers.net [192.31.80.30] 194.54.81.98 31ms
g.gtld-servers.net [192.42.93.30] 194.54.81.98 47ms
f.gtld-servers.net [192.35.51.30] 194.54.81.98 46ms
a.gtld-servers.net [192.5.6.30] 194.54.81.98 62ms
m.gtld-servers.net [192.55.83.30] 194.54.81.98 16ms
h.gtld-servers.net [192.54.112.30] 194.54.81.98 123ms
k.gtld-servers.net [192.52.178.30] 194.54.81.98 139ms
c.gtld-servers.net [192.26.92.30] 194.54.81.98 45ms
b.gtld-servers.net [192.33.14.30] 194.54.81.98 139ms
e.gtld-servers.net [192.12.94.30] 194.54.81.98 151ms
j.gtld-servers.net [192.48.79.30] 194.54.81.98 170ms
i.gtld-servers.net [192.43.172.30] 194.54.81.98 217ms
And if you look up IP 194.54.81.98 you'll get this:

IP Information for 194.54.81.98



IP Location:

Ukraine Realon Service Llc
Resolve Host:
98.81.54.194.static.server.ua
IP Address:
194.54.81.98















Reverse IP:

2 other sites

hosted on this server.
Blacklist Status:
Clear





inetnum: 194.54.80.0 - 194.54.83.255
netname: REALON-UA
descr: Realon Service LLC
remarks: www.server.ua
country: UA
org: ORG-BEAR1-RIPE
admin-c: PRO-RIPE
tech-c: PRO-RIPE
status: ASSIGNED PI
mnt-by: RIPE-NCC-HM-PI-MNT
mnt-lower: RIPE-NCC-HM-PI-MNT
mnt-by: SERVER-MNT
mnt-routes: SERVER-MNT
mnt-domains: SERVER-MNT
source: RIPE # Filtered

organisation: ORG-BEAR1-RIPE
org-name: Realon Service LLC
org-type: OTHER
address: 54001, PBOX 297, Mykolayiv - 001
address: UA, Mykolayiv, Mykolaiv Oblast
e-mail: [img]http://source.domaintools.com/email.pgif?md5=e11050ec70b0208e9af582ebd6da918c&face=arial&size=9&color=000000&bgcolor=FFFFFF&face=arial&size=9&color=0000FF&bgcolor=FFFFFF&format[]=underline&format[]=transparent&format[]=transparent[/img]
mnt-ref: SERVER-MNT
mnt-by: SERVER-MNT
source: RIPE # Filtered

person: Alexey Provorny
address: 54001, PBOX 297, Mykolayiv - 001
address: Mykolayiv, Ukraine
phone: +380 512 71-18-36
phone: +380 44 360-00-44
fax-no: +380 512 71-18-36
nic-hdl: PRO-RIPE
mnt-by: RX-MNT
source: RIPE # Filtered

route: 194.54.80.0/22
descr: SERVER UA UKRAINE DEDICATED SERVICE
origin: AS41671
mnt-by: BEARNET-MNT
mnt-by: SERVER-MNT
source: RIPE # Filtered

I think this site caught a lot more attention of unkind persons than we expected.
Can we do something?
avatar
Grace
Platinum Member
Platinum Member

Aantal berichten : 672
Registratiedatum : 2009-08-19

View user profile

Back to top Go down

Re: Be careful

Post by See on Sat Oct 17, 2009 1:42 am

WOW I got that just now......how weird is that...
Are there more with this problem????
avatar
See
Platinum Member
Platinum Member

Aantal berichten : 621
Registratiedatum : 2009-08-31
Woonplaats : Wonderland

View user profile

Back to top Go down

Re: Be careful

Post by iMISSYOUMJ on Sat Oct 17, 2009 1:47 am

What is all this?
Btw.. thankyou Grace for the site of AVG, I've got the protection of AVG now.
avatar
iMISSYOUMJ
Platinum Member
Platinum Member

Aantal berichten : 948
Registratiedatum : 2009-09-24
Leeftijd : 21
Woonplaats : Singapore

View user profile

Back to top Go down

Re: Be careful

Post by Grace on Sat Oct 17, 2009 2:07 am

Either someone is hacking into the traffic in between us and the site server or has implemented small fractions of code into the site.

I had the strangest things going on yesterday switching this site in between three servers and I am sure that someone wants to interfere on the technical side. Therefore I hope that this forum will be set to private and participation on invitation only. This is just a not funny game anymore.
avatar
Grace
Platinum Member
Platinum Member

Aantal berichten : 672
Registratiedatum : 2009-08-19

View user profile

Back to top Go down

Re: Be careful

Post by iMISSYOUMJ on Sat Oct 17, 2009 2:11 am

@Grace,
I think you should PM Souza or Mo with this matter, since it's getting from bad to worse.
avatar
iMISSYOUMJ
Platinum Member
Platinum Member

Aantal berichten : 948
Registratiedatum : 2009-09-24
Leeftijd : 21
Woonplaats : Singapore

View user profile

Back to top Go down

Re: Be careful

Post by Grace on Sat Oct 17, 2009 2:27 am

OK, now it's two hackers:

This site definitely IMO has something:



1)
DONT CLICK ON POPUPS if they tell you your desktop were infected and should start a scan if you DONT KNOW THE ORIGIN OF THE POPUP

2)
Get an antivirus or internet protection software, some good ones are for free

3)
Scan you desktop regularily (each day before shut down e.g.)

4)
Get a firewall protection for your desktop

5)
Save screenshots and IP addresses of suspicious things happening while surfing
(greenshot.com is freeware, safe and good for screenshots of any kind)

6)
interrupt / shut down the internet connection immediately if you notice strange things happening on your desktop

7)
check with the Kaspersky online scanner if you have an issue and you local antivirus doesn't detect it (all antivirus software works similar but not all know each and every malicious thing in the world, so when you got something but cannot identify it, don't throw your desktop out of the window but try with another antivirus)


This is help when you know you got something but you don't know what:
http://www.hijackthis.com/

9)
prevention is key.
a. get what it takes for your safety first and then surf
b. surf the net as if it were a green meadow. green meadows attract cows and where are cows there are some remains which means on real green meadows expect the bomb next to your shoe
c. sites that are attractive (having much traffic) will attract bomblayers as well
d. sites with funny stuff are known to have funny stuff with some bombs inside
e. when you download something, next is the scan of this file with your antivirus
f. smile again !
avatar
Grace
Platinum Member
Platinum Member

Aantal berichten : 672
Registratiedatum : 2009-08-19

View user profile

Back to top Go down

Re: Be careful

Post by ILuvUMoreMJ on Sat Oct 17, 2009 2:36 am

I thought someone had hacked into the forum and shut it down yesterday. I don't have problems with viruses, but I'm almost sure someone was screwing with this site. I hope they have a backup of this backup forum. Laughing Can we start a thread for Souza saying we would like this forum private to approved registered users only, and see how many people agree?
avatar
ILuvUMoreMJ
Moderator
Moderator

Aantal berichten : 977
Registratiedatum : 2009-10-02

View user profile

Back to top Go down

Re: Be careful

Post by Grace on Sat Oct 17, 2009 2:43 am

I PMed Souza but did not get a reply so far.
Is anybody here who could call her in please?
avatar
Grace
Platinum Member
Platinum Member

Aantal berichten : 672
Registratiedatum : 2009-08-19

View user profile

Back to top Go down

Re: Be careful

Post by Sponsored content


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum