Page 4 of 4 FirstFirst ... 234
Results 61 to 64 of 64

Thread: Warning about deceptive/dangerous site ahead {Merged}

  1. #61
    Join Date
    Nov 2008
    Location
    Pensacola, Fla
    Posts
    8,049

    Default

    I agree with you TimeWarpWife. I believe it is intentional because it is a conservative christian site.

  2. #62
    Join Date
    Jun 2011
    Location
    In God's Creation
    Posts
    1,102

    Default

    Quote Originally Posted by Jannette View Post
    Sometimes a site gets flagged because there is hidden malware/spam on it. You wouldn't see this on regular pages, but the hackers essentially use the hidden malware as a way to use that hosting's resources for sending out spam emails or phishing pages.

    The other reasons are more false positives; maybe their scanner picked up a few weird keywords on some pages and they assumed the whole site was compromised or dangerous based on that. This is common on blog sites where comments are allowed. Some spammer adds comments about 'low price prescription drugs!' and before the blog owner deletes it they get flagged.

    I was curious about why they flagged rr-bb myself after you said that (I assumed it was a false positive because I didn't see anything on the real forum pages), but I actually found it has some malicious web-search redirects in it... (that's what I get for assuming! )

    A free malware scanner shows the most important results:

    https://sitecheck.sucuri.net/results/rr-bb.com

    Some main pages are affected:

    http://rr-bb.com/faq.php
    http://rr-bb.com/activity.php
    http://rr-bb.com/calendar.php
    http://rr-bb.com/showgroups.php

    If you visit them directly, no issue, but the malware is smarter than that. Most site owners visit their pages internally (clicking those links in the topbar or anywhere inside the site in the navigation), but the hackers don't want to be found out by the owner, so they have the malicious redirect only take place when a visitor is clicking the link from another source, like a Google search.

    I searched for the rr-bb.com/faq.php page in Google (https://www.google.com/search?q=site...+rr-bb.com+faq) and then clicked the result link, and it triggered the malware to redirect me to some less-than-savory site.

    This is smarter than most I've come across. If you close the weird site it redirects you to and click the result link for the rr-bb.com/faq.php page again, it doesn't redirect you a second time, probably because they already loaded the browser up with tracking cookies. If I clear the browser cache, the cookies they added no longer exist so the malicious redirect does trigger again. Darn thing.

    I don't know if any of the mods know about this yet or have a handle on it, but I'm available if I could be of any help. The web hosting company I work for usually recommends Sucuri for malware removal, but I know they charge a pretty penny... sometimes it's not that bad and just requires updating the version of the application the site uses (vBulletin here) and checking some other common files like .htaccess they like to hide stuff in.
    Jannette,

    This is very interesting. Thank you for posting this clear explanation.

    I have had this computer for at least 6 months now, and have never cleared my cache in Firefox. I figured it would be a good test to see if I had any problems, both before I cleared my cache/cookies, then after. So at first, I searched for rr-bb.com and faq, then followed the link it found, and the rr-bb.com/faq page came up just fine. Next, I cleared my cache and cookies. Then I tried the same search and when I followed the link to rr-bb.com/faq that time, it gave me the Deceptive site warning page that some other folks are seeing.

    I have been using rr-bb in Microsoft Edge lately, I think I bypassed the errors by going to the main Rapture Ready website and following the links from there to get it to work.
    "Therefore my beloved brothers, be steadfast, immovable,
    always abounding in the work of the Lord;
    knowing that in the Lord your labor is not in vain."

    1 Corinthians 15:58 (ESV)

  3. #63
    Join Date
    Apr 2010
    Location
    In the palm of His hand
    Posts
    3,182

    Default

    I apologize if this has been mentioned already. My anti-virus keeps blocking attacks called "JSCoinminer Download 8" from "fileden(dot)com" right now as I'm browsing the forum. It lists the severity as high. I thought admin might want to know.
    Matt 16:27 | Rom 3:23 | Rom 10:9 | 1 Thes 5:9-10 | Ps 34:8

  4. #64
    Join Date
    Oct 2007
    Location
    Fairbanks Alaska
    Posts
    19,147

    Default

    Quote Originally Posted by Haeddre View Post
    I apologize if this has been mentioned already. My anti-virus keeps blocking attacks called "JSCoinminer Download 8" from "fileden(dot)com" right now as I'm browsing the forum. It lists the severity as high. I thought admin might want to know.
    Haeddre, What OS release are you using? I'm glad your antivirus is doing its job. the JSCoinminer is definitely a high threat.

    I believe the site owner is planning a software upgrade that will hopefully bring an end to the issues being shared/discussed in this thread. Hopefully a site upgrade will come soon.
    Tall Timbers, Imperfect but forgiven

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •