Security Issues...........

Discussion in 'tMP Computer Corner' started by tubafran, Mar 27, 2011.

  1. Pauli Walnuts

    Pauli Walnuts Moderator Staff Member

    I was referring to embedded links in your own site - all of the clickable adverts are embedded links back to the owners site.
    As the anti virus warnings have come from 2 respected software tools (Norton & AVG) it might be worth looking at that aspect.
    Interestingly, when I've had these warnings about tMp, it has been intermittent - and of course, the banner adverts are variable - different ones each time you load the page so once again, worth starting there.
    Finally, many people have added their own embedded links in their signatures - maybe one of those has been compromised.

    Just trying to be helpful
     
  2. TheMusicMan

    TheMusicMan tMP Founder Staff Member

    Yep, and I appreciate it, hence asking the question.

    None of the adverts are embedded, they are all hosted on the same server - which I have recently had fully checked by the server admins at the data center for all currently known virus's and for any potential security compromises. We came up absolutely 100% clear.

    I am not sure about users signatures, that may very well be something to consider.
     
  3. TheFopp

    TheFopp Member

    I'm getting the same thing with Kaspersky AV when I open the homepage.
     
  4. oleredeye

    oleredeye New Member

    Windows Restore virus

    :mad:I, too, caught the "Windows Restore" virus - at the same instant that I entered tMP Home Page.

    'All hell broke loose' is a good description; I have now got back to normality by deleting a spurious exe and its entry in the MSConfig startup, running antivirus scans, using (the real) System Restore to revert to a clean configuration, and unhiding all My Documents! A few hours work, and not recommended for the feint-hearted.....

    As a result of my prior experience (see post #12), the observations of others, and my clear "cause and effect" infection - I cannot believe that tMP is free from infection or risk!!

    **Caveat Windows users**
     
  5. sunshine

    sunshine Member

    My Norton has given me a full report including the actual pages which it says has unsafe links. (See below). For obvious reasons I'm not going to click on the links, but maybe one of the mods will know which threads/pages the links are referring to.

    Threat Report

    Total threats found: 6

    [​IMG] Embedded Link To Malicious Site (what's this?) Threats found: 6
    Here is a complete list: (for more information about a specific threat, click on the Threat Name below)
    Threat Name: Embedded link to malicious site 129.121.128.110 Location: http://www.themouthpiece.com/vb/showthread.php?t=44093&goto=nextnewest



    Threat Name: Embedded link to malicious site 129.121.128.110 Location: http://www.themouthpiece.com/vb/newreply.php?do=newreply&noquote=1&p=662821



    Threat Name: Embedded link to malicious site 129.121.128.110 Location: http://www.themouthpiece.com/vb/sendmessage.php?do=sendtofriend&t=44322



    Threat Name: Embedded link to malicious site 129.121.128.110 Location: http://www.themouthpiece.com/vb/showthread.php?t=35129



    Threat Name: Embedded link to malicious site 129.121.128.110 Location: http://www.themouthpiece.com/vb/showthread.php?t=43354



    Threat Name: Embedded link to malicious site 129.121.128.110 Location: http://www.themouthpiece.com/
     
  6. Ianroberts

    Ianroberts Member

    I run AVG at work, and at home. Avg at home will not let me access the site, but im free as a bird to log on here at work !
     
  7. Pauli Walnuts

    Pauli Walnuts Moderator Staff Member

    129.121.128.110 is currently a wordpress blog in Thai so I doubt any tMp advertiser is linked to it.

    Also, for those on AVG - it is probably the Linkscanner tool that is detecting potential malicious links. It may be that the version you have at work hasn't got that enabled.
     
  8. phildriscoll

    phildriscoll Moderator Staff Member

    129.121.128.110 is a server at OSO technologies, a hosting company in the USA. It could have many websites on it accessed via individual virtual host names, in addition to the wordpress site you see by accessing the IP address directly.
     
  9. Lucy V

    Lucy V New Member

    I too got a virus the moment I logged into tMp a couple of weeks ago, in fact this is the first time I've visited the site since, I've been deliberately avoiding it so as not to have to go through and sort out all the virus problems again.

    Today I thought I would try again hoping that in the meantime it would have been sorted but my Norton has reported it as an unsafe site with the same 6 issues that are listed above.

    It clearly is an issue which needs to be sorted asap.

    Lucy
    ______________________________________________
     
    Last edited: Apr 20, 2011
  10. P_S_Price

    P_S_Price Member

    Is it possible that it might be the rolling threads dialogue at the top of the Adds Frame?

    This was appearing normally until recently, but in the office it now does not appear, and is marked as a Crossed out image. I suspect that the corporate Firewall is cutting this out; and it may be doing so if it contains something suspect.
     
  11. Liz Courts

    Liz Courts Active Member

    I had a few problems a couple of weeks ago accessing tMP from both home and at work because of possible viruses. I'm still getting warnings at home but all seems clear at work now!
     
  12. Accidental

    Accidental Supporting Member

    Me too. It took my work PC out for a whole day last week (which didn't go down well!) so I've been avoiding. The Norton on my home laptop is still flagging it as unsafe today...... not good :(
     
  13. Pauli Walnuts

    Pauli Walnuts Moderator Staff Member

    Flagged again today by AVG: Exploit Blackhole Exploit Kit (type 2008) 129.121.128.110/Home/index.php
     
  14. Martin Hall

    Martin Hall Member

    Sort it out tMP you are trying to shaft my pc too!!!
     
  15. WoodenFlugel

    WoodenFlugel Moderator Staff Member

    Err excuse me! We've already stated several times now that there is no threat to your computer from tMP. We have run diagnositics on our servers and everything has come back clear. We've checked and re-checked for any threat and there simply isn't one.

    So no, we are not trying to 'shaft' your computer - as we have already said. Next time, how about thinking before you start banding acusations like that around?
     
  16. andyp

    andyp Active Member

    Be interested to know what people are using/running when they access tmp and get these warnings, might give a clue as to the cause? There are many known exploits in (for example) Internet Explorer which can allow nasties to infect which have nothing to do with the site visited.

    FWIW I use Firefox 4 with NoScript and AdBlock Plus, on Windows XP, run Comodo Internet Security and Threatfire, scan with Malwarebytes, and have never had a problem with tMP.
     
  17. Anno Draconis

    Anno Draconis Active Member

    IE9 doesn't seem to have a problem - so far.

    Looks like a job for Windows Update...
     
  18. TheFopp

    TheFopp Member

    Kaspersky antivirus is picking it up. It is the 'Windows Recovery' malware and it is being found at the web address 129(dot)121(dot)128(dot)110/Home/...won't print the full address incase people click on it. I know this IP isn't TMP's IP but there is something on your homepage, maybe an ad, that every so often tries to open this IP.
     
  19. oleredeye

    oleredeye New Member

    Malware / virus alerts from tMP



    :mad:Despite your reassurance that tMP is "clean", I am still getting alerts!! Points to note:
    1. I AM ONLY GETTING ALERTS ON VISITING tMP - and on no other sites
    2. This only happens occasionally - not every time
    3. The latest alert is shown in the attached screenshot... detected by AVG 10.0.1209, virus database version 1500/3611.
    4. It is also picked up by MalwareBytes 1.50.1.1100 database version 6496
      Files Infected:
      c:\Users\....\AppData\Local\Temp\jar_cache1087401049578954379.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    5. I am running Internet Explorer 8.0.6001.19048; Windows Vista SP2 with all patches / security updates applied
    So how to reconcile your statement that your servers are clean, yet many users are receiving virus / malware alerts?? It has already been noted in this thread that:
    1. post #25 mentions embedded links to malicious sites
    2. post #30 suggests that the Adverts frames on the Home Page
    Scanning the server itself apparently gives a clean bill of health; browsing can occasionally - but not always - give virus / malware alerts. The adverts change - perhaps there is just a single (or possibly a combination of) advert pointing to a rogue site.

    (Note too, that the above MalwareBytes alert is to a Java executable; not all users will have Java enabled, therefore may not be susceptible to this problem....)

    It is not sufficient for tMP to state that its servers are clean; you may also need to ensure that scripts giving scrolling / changing graphics linking to sponsors are beyond question.... :frown:

    HTH...
     

    Attached Files:

  20. MoominDave

    MoominDave Active Member

    I run Kaspersky on my PC at home, and it has never picked up any problem relating to tMP. It's Windows XP, and everything is fine under each of IE8, FF3, and Chrome.
     

Share This Page