Catholic Answers Forums

Catholic Answers Forums (http://forums.catholic.com/index.php)
-   Bug Reports (http://forums.catholic.com/forumdisplay.php?f=92)
-   -   Reported Attack Page! (http://forums.catholic.com/showthread.php?t=530082)

Shin Jan 23, '11 7:11 pm

Reported Attack Page!
 
Well I'm sure everyone else is having this pop up right now too..

Looks like somehow or other this site got reported.

Reported Attack Page!

This web page at forums.catholic.com has been reported as an attack page and has been blocked based on your security preferences.

Attack pages try to install programs that steal private information, use your computer to attack others, or damage your system.

Some attack pages intentionally distribute harmful software, but many are compromised without the knowledge or permission of their owners.


What is the current listing status for forums.catholic.com?

This site is not currently listed as suspicious.

What happened when Google visited this site?

Of the 74 pages we tested on the site over the past 90 days, 7 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2011-01-23, and the last time suspicious content was found on this site was on 2011-01-23.

Malicious software includes 6 exploit(s), 2 trojan(s). Successful infection resulted in an average of 1 new process(es) on the target machine.

Malicious software is hosted on 4 domain(s), including phenomen29.co.cc/, phenomen28.co.cc/, neneya8.co.cc/.

1 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including govtds30.co.cc/.

This site was hosted on 2 network(s) including AS46661 (ILLUMINATEDHOSTING), AS33070 (RMH).

Has this site acted as an intermediary resulting in further distribution of malware?

curlycool89 Jan 23, '11 7:35 pm

Re: Reported Attack Page!
 
I've been getting this for the past few minutes (man, is that annoying). CAF should contact Google to get this taken care of (the warning page is here).

Especially, ironically enough, for Macs. Safari, the default browser on Macs, uses the Google database for fraudulent websites and this is enabled by default. When you get a popup every time you open a page, it gets annoying really fast.

Shin Jan 23, '11 7:42 pm

Re: Reported Attack Page!
 
Yes, you can disable the warning in your security options, I will note.

At least with Firefox.

But I'm sure a number of people won't figure that out.

CatholicBoy1957 Jan 23, '11 7:45 pm

Re: Reported Attack Page!
 
I don't understand why it's even any of Google's business. I could understand if I got a message from ZoneAlarm or Avast, but where does Google come in? Is it part of Firefox?

Hmm. I had to open IE to be able to post!

TheTrueCentrist Jan 23, '11 7:55 pm

Re: Reported Attack Page!
 
Quote:

Originally Posted by CatholicBoy1957 (Post 7486735)
I don't understand why it's even any of Google's business. I could understand if I got a message from ZoneAlarm or Avast, but where does Google come in? Is it part of Firefox?

Hmm. I had to open IE to be able to post!

The idea is that it is better to prevent users from accessing compromised websites than it is to rely on users having up to date virus scanners/web browsers.

Just because the people who run this forum are not malicious does not mean that the site is free of malware, other people could have hacked the forums to spread their viruses. I would avoid circumventing the block for the time being, unless you are very confident in your virus scanner and browser. I am accessing the site from a virtual Ubuntu installation; even if this site is compromised, it is unlikely that their software would target linux. Even if it did, it would not be able to damage my actual file system (or access personal info) because the OS is in a virtual environment.

wanner47 Jan 23, '11 7:55 pm

Re: Reported Attack Page!
 
From what I understand, it's unique to Firefox. I had to use IE to log in as well. Very annoying.

Elizium23 Jan 23, '11 8:56 pm

Re: Reported Attack Page!
 
Quote:

Originally Posted by TheTrueCentrist (Post 7486751)
I am accessing the site from a virtual Ubuntu installation; even if this site is compromised, it is unlikely that their software would target linux. Even if it did, it would not be able to damage my actual file system (or access personal info) because the OS is in a virtual environment.

You shouldn't entirely rely on virtualization as a method of protection. Proof-of-concept exploits have been crafted that "break out" of a VM guest and access the underlying host OS. Now, no viruses have been reported that take advantage of this, and Unix viruses are also rare at this time, but vulnerabilities do exist, and it is only a matter of time before they are exploited in the wild.

Holly3278 Jan 23, '11 9:05 pm

Re: Reported Attack Page!
 
I am using Firefox and I am also getting this message. I hope it is resolved quickly.

Claire from DE Jan 23, '11 9:19 pm

Re: Reported Attack Page!
 
Quote:

Originally Posted by Shin (Post 7486730)
Yes, you can disable the warning in your security options, I will note.

At least with Firefox.

But I'm sure a number of people won't figure that out.

Thanks, that was very helpful. I have Firefox and just did that. I didn't know it could be disabled.

I downloaded Safari onto my MacBook so I could get on the site to read your message but now I'm back to Firefox.

Cat Herder Jan 23, '11 9:29 pm

Re: Reported Attack Page!
 
Safari on Mac OS X has the Google Safe Browsing service as well and as of right now, it still alerts on forums.catholic.com.

Michael Francis Jan 23, '11 9:38 pm

Re: Reported Attack Page!
 
Please be advised that the techs are aware of the problem and are dealing with it.

It is only from Firefox and Google.

It is prudent to run a full computer scan to insure that you haven't picked up a
"bug".

Hang in there.

P.S. I just ran mine and got no hits.


Tech Admin Jan 23, '11 9:55 pm

Re: Reported Attack Page!
 
I have spent sleepless nights on this issue and have finally identified the root of the problem. The problem only occurs intermittently and was related to the way some ads were being served.

As of earlier today, it has been safe to use the forums. Your browser, in trying to protect you from malware, may be still displaying a cautionary message. I am working directly with the appropriate third parties such as google to inform them that I have successfully removed the threat. In the meantime your browser may continue to display the warning message.

To try to minimize disrupting you on the forums, I worked late throughout the night with the appropriate parties to isolate the cause of the intermittent issue. In the process of doing so, I have moved the whole forums site to another datacenter which is a non-trivial, time-consuming task. It turns out that none of the forums systems were compromised but rather it was because of some ads previously mentioned.

Because of the datacenter change, your emails may have trouble being received by your email provider:
  • if you have a yahoo email address, you should be able to receive mail from the forums without problems
  • if you have an aol address, your emails may arrive to you later than usual

I'm actively working on getting search to work for you; I expect it should be sooner rather than later.

We at Catholic Answers take security very seriously. Even being short-staffed, I put extra effort into protecting you and making sure I provide you with the best tools for you to grow in the one true faith. I apologize for any inconveniences this may have caused you. Being that the ads are now offline while I rework it, we currently don't have a means of supporting our operations on the web; even the ads fall very short as it doesn't cover what we need. Please consider a modest donation (make sure to choose the appropriate option from the drop down list) and pray for us that God's continual assistance may be with us.

sojo Jan 23, '11 10:00 pm

Re: Reported Attack Page!
 
It's 9:54 PST and I couldn't get into CAF again - got the warning page that Shin printed. I logged out of Firefox, and into Internet Explorer, which finally let me in. When you do a search for CAF (thought maybe I'd find a backdoor), all the search results had the same warning.

One warning said I could enter at my own risk, but there was no link, and when I closed the window, the entire browser shut down.

Whatever was "fixed" last night is no longer fixed.

sojo Jan 23, '11 10:03 pm

Re: Reported Attack Page!
 
Also - a tech answered a post on the concierge desk telling us it was fixed but if anyone had anymore problems to "report it" -- but where exactly do we do that? Do we use the report button on each post? I tried the Tech Forum, but I was prohibited from entering that. An announcement for those of us who manage to get in here would be awfully nice - this is scary.

Tech Admin Jan 23, '11 10:26 pm

Re: Reported Attack Page!
 
Quote:

Originally Posted by sojo (Post 7486915)
It's 9:54 PST and I couldn't get into CAF again - got the warning page that Shin printed. I logged out of Firefox, and into Internet Explorer, which finally let me in. When you do a search for CAF (thought maybe I'd find a backdoor), all the search results had the same warning.

One warning said I could enter at my own risk, but there was no link, and when I closed the window, the entire browser shut down.

Whatever was "fixed" last night is no longer fixed.

Hi sojo,

As of earlier this Sunday evening (Pacific Time), I've identified the source of the problem and have effectively cut it off. The warning you see is a new development; google (and firefox which uses google data) has not yet been aware of the fix that I made. I am actively working with them to get this resolved; until then firefox and chrome will give you warning.

I did a test search with Internet Explorer 8 and the search results are coming up as expected. Please try again; I want to make sure it works for you.


All times are GMT -7. The time now is 10:24 am.


Copyright © 2004-2013, Catholic Answers.