New Posts  All Forums:Forum Nav:

Atack on Epicski

post #1 of 21
Thread Starter 

Two days, Norton has blocked an attack shortly after I loaded Epic ski.

 

The Norton listed the following info:

 

Category: Intrusion Prevention
Date & Time,Risk,Activity,Status,Recommended Action,IPS Alert Name,Default Action,Action Taken,Attacking Computer,Attacker URL,Destination Address,Source Address,Traffic Description
2012-09-05 11:53:21,High,An intrusion attempt by BILL-PC was blocked.,Blocked,No Action Required,Fake App Attack: Fake Scan Webpage 3,No Action Required,No Action Required,"BILL-PC (192.168.0.2, 58827)", DELETED LINK  matches the signature of a known attack.  The attack was resulted from \DEVICE\HARDDISKVOLUME1\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE.  To stop being notified for this type of traffic, in the <b>Actions</b> panel, click <b>Stop Notifying Me</b>.

 

I will run a virsu scan in case anything is on my computer.

post #2 of 21

Bill, I'm sure the link you point to was not served by Epicski.  I'll report the activity to Huddler and try to get an explanation.

post #3 of 21
Thread Starter 

Thanks. About all I know is that I was on Epicski when it happened and that I have read that malicious software can sometimes be assoicated with ads.

post #4 of 21

My antivirus is frequently blocking attempted links to sites in russia.  Sometimes it's just because the server is associated with attackers, not necessarily the particular link. 

post #5 of 21

We got this explanation, and I have deleted the links in your post since they are clearly malicious.  Don't want to go there.

 

 

Quote:
The url for the offending site is right in that report - not Huddler related content.  Going to that site in Chrome pops up a big warning (I don't recommend you do so for this reason).  It could be linked in a spammy post on EpicSki or something the user clicked on, or it would be related to something on the user's system - I don't have any way of knowing.

 

If a member posts content that links to malicious sites, it can cause the redirect warnings.  Things like smilies from outside our system (planetsmileys.com) can be particularly bad.  If you get the redirect notice, it would help if you would flag the post so we can look at where the problem originates.

post #6 of 21

Maybe also list what the other tabs were open in your browser at the time?  

post #7 of 21
Thread Starter 

Thanks. Don't think any other tabs were open. Not sure I was on a post or I had just called up the list of new posts. I will be sure to note and report if it happens again.

post #8 of 21
Thread Starter 

Well, it just happened again, as soon as I submitted a reply and went back to the list of new posts using the back button. The other tasb opened was MSN.com. I had previously done a virus scan using Norotn Internet Security with nothing found.

post #9 of 21

Get a Mac already

post #10 of 21

Or use OpenDNS.   I swear I never get these warnings.  

post #11 of 21

why would it reference Bills-PC (obviously the name of his PC) as the attacking source of the IP  ID'd as a known attacker? Any chance your PC has been hacked and is serving as a host to spammers?

 

 

I found this on this IP, I would check to see if you are blacklisted

 

http://www.robtex.com/ip/192.168.0.2.html

post #12 of 21

Reading through the log it appears his computer has been setup as a slave to some bot. I'd suggest running a scan with Malwarebytes instead of Norton. It has a much higher success rate. Although with the malware's capabilities it could be a root kit and require a reinstall. I seem to be running into a lot of those as of late. 

post #13 of 21
Quote:
Originally Posted by tylrwnzl View Post

Reading through the log it appears his computer has been setup as a slave to some bot. I'd suggest running a scan with Malwarebytes instead of Norton. It has a much higher success rate. Although with the malware's capabilities it could be a root kit and require a reinstall. I seem to be running into a lot of those as of late. 


But how come he only gets the attack warnings when browsing EpicSki?  Wouldn't he be getting them when loading other forums and web pages elsewhere if it wasn't connected here somehow?  I haven't gotten any scares or notices here and we use 3 different vendors of anti virus and anti spyware on the machines I use.  It sounds like something related to both this site (including 3rd party ads) and his particular set up or trojan that got him. 

post #14 of 21
Thread Starter 

I don't know either. I downloaded and ran Malwarebytes without finding anything.

post #15 of 21

it depends on how Epic monitors these things. Do they subscribe to a monitoring service that checks the IP's?  The hack itself may not be via malware but rather through an open or unsecured port. its not always as easy as malware. 

post #16 of 21

I don't know if it's related or not ... but, I have a mac and the last two times I have browsed EPIC I get a "download pop up window" as soon as I enter the site and then each time I click on a thread.  It reads ai-1, ai-2 and so forth.  Last time I just logged off quick.  This time I thought I'd report it and found this thread.

post #17 of 21

I was writing a PM to nolo today and some weird music started playing.  I wonder if our ad servers might not need some scrutiny.

post #18 of 21

Cirque- do you have the ad's displayed or turned off?  I also wonder if Bill has them on or off as well. 

post #19 of 21

I leave the ads on because I have to report any weirdness or inappropriate advertising to Huddler.  All supporters can turn off ads in their profiles, and it can make a big difference.

post #20 of 21

I am thinking that may be the issue. 

post #21 of 21
Thread Starter 

Well after getting the attack three days in a row, it hasn't happened in a week. The adds were on then, but I have turned them off (forgot that Ambassador status allowed this).

New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: The Bug Report