Reported attack
#51
It was a false positive based on hueristics, UNLESS NAM was hacked which I doubt. IE nor FF aren;t detecting anything, they are relying on a 3rd party to determine the relative security of a website.
Case in point performa Google search on NAM and use a link, you'll get the warning in IE FROM Google, not IE. However you can copy and paste the link and it will work fine since Google is no longer involved.
Case in point performa Google search on NAM and use a link, you'll get the warning in IE FROM Google, not IE. However you can copy and paste the link and it will work fine since Google is no longer involved.
your IE "case in point" also doesn't have any bearing on the issue.
the most likely cause is a malicious ad on the ad network NAM uses. but that is also just a guess.
disappointed that guesses and rumor are all we have to go on, though. been a few days now and we are still patiently waiting for an official explanation from NAM. doesn't give much confidence.
(you'd think they'd be more open and transparent with the users about something like this, eh?)
Last edited by fishbert; 10-13-2010 at 03:53 AM.
#53
Yes it is, but as you said, I wouldn't simply dismiss the warning as a "false positive". Something happend to get them blacklisted which was my point.
As for NAM, they should let folks know what happened as it really can affect everyone that visits the site.
As for NAM, they should let folks know what happened as it really can affect everyone that visits the site.
#55
4th Gear
iTrader: (1)
Join Date: Dec 2009
Location: Atlanta, Georgia
Posts: 404
Likes: 0
Received 0 Likes
on
0 Posts
disappointed that guesses and rumor are all we have to go on, though. been a few days now and we are still patiently waiting for an official explanation from NAM. doesn't give much confidence.
(you'd think they'd be more open and transparent with the users about something like this, eh?)
Maybe they don't know exactly what caused it. Maybe they're working hard on tracking it down. Maybe there's really nothing to report.
Transparent, indeed.
Unless you're an Alliance member, I really can't see what you've got to complain about. You're not paying anything to use this site and the site owners don't owe you anything.
#56
Oh, god. Really?
Maybe they don't know exactly what caused it. Maybe they're working hard on tracking it down. Maybe there's really nothing to report.
Transparent, indeed.
Unless you're an Alliance member, I really can't see what you've got to complain about. You're not paying anything to use this site and the site owners don't owe you anything.
Maybe they don't know exactly what caused it. Maybe they're working hard on tracking it down. Maybe there's really nothing to report.
Transparent, indeed.
Unless you're an Alliance member, I really can't see what you've got to complain about. You're not paying anything to use this site and the site owners don't owe you anything.
What happened when Google visited this site?
Of the 721 pages we tested on the site over the past 90 days, 9 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2010-10-11, and the last time suspicious content was found on this site was on 2010-10-11.
Malicious software includes 3 exploit(s).
Malicious software is hosted on 7 domain(s), including 4safe.in/, overskka.co.cc/, isteemps.co.cc/.
4 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including crabbeyroad.com/, 4safe.in/, isteemps.co.cc/.
This site was hosted on 2 network(s) including AS13897 (CDC1), AS25973 (MZIMA).
Of the 721 pages we tested on the site over the past 90 days, 9 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2010-10-11, and the last time suspicious content was found on this site was on 2010-10-11.
Malicious software includes 3 exploit(s).
Malicious software is hosted on 7 domain(s), including 4safe.in/, overskka.co.cc/, isteemps.co.cc/.
4 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including crabbeyroad.com/, 4safe.in/, isteemps.co.cc/.
This site was hosted on 2 network(s) including AS13897 (CDC1), AS25973 (MZIMA).
#57
One other thing - Google's crawl algorithm is know only to them, but they crawled the site twice (on Sunday and then again on Monday) and found baddies both times. They seem to have put crawling again on a back burner.
#58
If the cause wasn't easy to ID, then why has NAM said they already asked for reconsideration. Seems clear they know the cause, but even if they didn't, they could at least say that.
And regarding "just disable it"... that's not a smart move at all, as discussed previously. If you want to be reckless with your browser, fine; but advocating that to everyone else is nothing short of irresponsible.
And regarding "just disable it"... that's not a smart move at all, as discussed previously. If you want to be reckless with your browser, fine; but advocating that to everyone else is nothing short of irresponsible.
#59
4th Gear
iTrader: (1)
Join Date: Dec 2009
Location: Atlanta, Georgia
Posts: 404
Likes: 0
Received 0 Likes
on
0 Posts
You didn't really say the vast majority of contributors to this site simply don't matter, did you? I think I'll pay my way with some content:
In any event, you're probably right in that the cause for the Google blacklist might not be easy to ID. Nine total pages our of 721 crawled could be the same bad ad on several pages or it could by a specific post made to several threads.
In any event, you're probably right in that the cause for the Google blacklist might not be easy to ID. Nine total pages our of 721 crawled could be the same bad ad on several pages or it could by a specific post made to several threads.
#60
Not a False Positive.
My Norton log had a lot of activity since 10/3, they got in and changed some settings on my PC and it would not stay in sleep mode. Then last Friday the intrusion attacks began, one every 5 minutes or so from about 4 different URLs. I re-booted with the system disc and that restart seemed to fix it. And what about "gRay rAvEn", someone got in and changed his "NAM fav's" to show the logo of Motoring Underground.
I had been shopping for an anti-sway bar and clicked adds on the page, that is probably where I got the stuff.
I'm on my phone now and I don't want to go through that again. I guess I should have been using FF or Chrome insted of ie.
My Norton log had a lot of activity since 10/3, they got in and changed some settings on my PC and it would not stay in sleep mode. Then last Friday the intrusion attacks began, one every 5 minutes or so from about 4 different URLs. I re-booted with the system disc and that restart seemed to fix it. And what about "gRay rAvEn", someone got in and changed his "NAM fav's" to show the logo of Motoring Underground.
I had been shopping for an anti-sway bar and clicked adds on the page, that is probably where I got the stuff.
I'm on my phone now and I don't want to go through that again. I guess I should have been using FF or Chrome insted of ie.
Last edited by booktrout; 10-13-2010 at 09:51 AM.
#61
one time I couldn't open an e-mail because my anti-virus program kept saying it is a virus. I really wanted to open that e-mail so I uninstalled my anti-virus program so I could open the e-mail. pesky anti-virus program.
#62
Excuse me? I visit this site and trust that they are not infecting my computer with rogue scripts. As a non-Alliance member I have a LOT to complain about.
#63
NAM was also being blocked by Safari and Opera browsers. Good to see the issue appears to be resolved.
I hope motorers went out driving instead of banging on their computers while this was going on.
I hope motorers went out driving instead of banging on their computers while this was going on.
#69
It was a false positive based on hueristics, UNLESS NAM was hacked which I doubt. IE nor FF aren;t detecting anything, they are relying on a 3rd party to determine the relative security of a website.
Case in point performa Google search on NAM and use a link, you'll get the warning in IE FROM Google, not IE. However you can copy and paste the link and it will work fine since Google is no longer involved.
Case in point performa Google search on NAM and use a link, you'll get the warning in IE FROM Google, not IE. However you can copy and paste the link and it will work fine since Google is no longer involved.
#71
There is already a thread on this...
https://www.northamericanmotoring.co...ed-attack.html
If you have IE you will not get an error. Why? Because Microsoft does not use this service. Thus they let you drive right to the site that could possibly infect your PC. FF and Safari users are warned which is what you are seeing. According to Drew (moderator) they have corrected the problem and are waiting for Google to remove them from the blacklist.
https://www.northamericanmotoring.co...ed-attack.html
If you have IE you will not get an error. Why? Because Microsoft does not use this service. Thus they let you drive right to the site that could possibly infect your PC. FF and Safari users are warned which is what you are seeing. According to Drew (moderator) they have corrected the problem and are waiting for Google to remove them from the blacklist.
#72
4th Gear
iTrader: (1)
Join Date: Dec 2009
Location: Atlanta, Georgia
Posts: 404
Likes: 0
Received 0 Likes
on
0 Posts
I guess I need to be very, very specific. They're working on it. The site owners don't owe us a play-by-play, hour-by-hour dialogue of what exactly is happening. They're not keeping mum because they're hiding something. It's not a conspiracy. They're losing money because people can't get here. The ad servers aren't serving up as many page views, people aren't clicking on the ads. That's costing them money that's needed to keep the site open and free. It's in their best interests to get this sorted out as quickly as possible.
They'll update us when they feel it's necessary and productive.
#73
Oh, good grief.
I guess I need to be very, very specific. They're working on it. The site owners don't owe us a play-by-play, hour-by-hour dialogue of what exactly is happening. They're not keeping mum because they're hiding something. It's not a conspiracy. They're losing money because people can't get here. The ad servers aren't serving up as many page views, people aren't clicking on the ads. That's costing them money that's needed to keep the site open and free. It's in their best interests to get this sorted out as quickly as possible.
They'll update us when they feel it's necessary and productive.
I guess I need to be very, very specific. They're working on it. The site owners don't owe us a play-by-play, hour-by-hour dialogue of what exactly is happening. They're not keeping mum because they're hiding something. It's not a conspiracy. They're losing money because people can't get here. The ad servers aren't serving up as many page views, people aren't clicking on the ads. That's costing them money that's needed to keep the site open and free. It's in their best interests to get this sorted out as quickly as possible.
They'll update us when they feel it's necessary and productive.
As for the rest, I never said that they owed us an explanation but it would be nice to know what is going on as peoples computers might be infected. Do they owe us a play by play? No, but they do need to tell us what exactly users might be facing and let them know if there is a possibility that their machines need some TLC.
#74
The exploit/hack that was done to this site is an issue related to the software platform that this site runs on. Other sites, including another Mini site, that use a similar software platform has also been attacked, hacked, and subsequently patched in the past few weeks.
It is just dumb bad luck if the site a webmaster runs gets inspected by the Google web crawler before your site gets flagged...here, being a large site, that must be frequently indexed by Google, it was checked, mostly likely a couple times in short succession, perhaps as the techs were already working on fixing it.
The management at "the other site" that had a similar issues knows this stuff happens...no software is perfect...patches get applied, and sometimes folks find a "zero day exploit", an un-patched, newly discovered flaw, and take advantage of it. Crap happens...crap gets fixed, and you security umbrella works as a buffer to help+protect you and your computer.
Keep you computer patched, up to date, and if a site has an unknown issues, be-careful...
Remember, Firefox and chrome was just tring to protect you...more than IE ever did!! As with any safeguard, it takes a few days to verify all has been set right, and ensure there is no threat.
Edit: I would like to state that in all my research, about 90% says this type of attack is mainly an attempt to steal Add revenue....IT USUALLY DOES NOT have the pages installing "bad software"...it is still possible..but most reports of this attack..going back to FEBRUARY has to theft of advertising revenue. The Software support people do recommend that users change passwords, since the installer of the hack did gain unauthorized access to deep portions of the software...and anything was possible.
Thanks Matt, AKA DR O for tracking down the support sites, and a few useful threads to add the ones I had found!!
Last edited by ZippyNH; 10-18-2010 at 02:02 PM.