Pedelecs reported as an attack site

[rsscott]

We've checked the site again and not found any dodgy code. Google has also given it a clean bill of health. I'm wondering whether it takes a little while for all the antivirus/spam providers to update their own lists once Google has given it the all-clear.

 

[Tara]

Hi

I haven't logged in here since the end of last year (and never had this concern before)
As said already, Kaspersky is picking up the site (even before log in) as a 'phishing URL'



I think mods need to take a look at the screenshot I've attached, which says http://directmarketingline.in/tds/ is the cause of the problem

Tara

 

[themutiny]

There's definitely something still around. If I google 'Pedelecs' and then clink on the link 'Forum', (second one down) I get taken to this link URL123.INFO - free url redirection and masking service which is basically spam. It's the same for both iphone and win7 PC

 

[Oxygen Bicycles]

Hi Russ,

My Avast has just started showing it as a threat today. I didn't have it before at the weekend. http:/directmarketingline.in/in.cgi?walter

Similar link is pointed out and appears as Mal: Google

no idea what's going on

Andrew

 

[flecc]

There's definitely something still around. If I google 'Pedelecs' and then clink on the link 'Forum', (second one down) I get taken to this link URL123.INFO - free url redirection and masking service which is basically spam. It's the same for both iphone and win7 PC

I'm ok with normal entry Nick, but trying that entry brings up the same problem. It seems to be instigated by Google and it could be the problem is more with their detection system picking up the information collection cookie activity on this site. I think they are overstepping themselves with this activity, intruding in areas that don't concern them.

 

[rsscott]

We've found the culprit, someone had managed to insert an outgoing link into one of the vbulletin source files. All traces have been removed and we've reported the attack to vBulletin so they can patch it.

 

[FJJ]

Sounds like the permissions on the www directory might need looking at to prevent that happening again...

 

[Teejay]

Um, are we out of the woods I wonder? My Avast kept coming up with 'Threat has been detected. Malicious Website blocked' a few nights ago, on every page change - making browsing the forum very difficult and of course I gave up after reading this thread.

Since then, it's been fine.

But, about half-hour ago, it all started up again...

 

[Jimod]

On my laptop Malwarebytes reports blocking access to a website when I'm looking at some of the pages on pedelecs. It did it about 5 minutes ago.

 

[Tara]

We've found the culprit, someone had managed to insert an outgoing link into one of the vbulletin source files. All traces have been removed and we've reported the attack to vBulletin so they can patch it.

Russ, the issue isn't fixed...

Please look at the newest screenshot attached. At 11:48pm / 1st March, Kaspersky (KIS) is still flagging this site as malicious:



The first capture I posted above on the 26th Feb gave this info: http://directmarketingline.in/tds/

Now the URL causing the problem is: http://discount12-promo.in/home.php


I'm not happy to use the site whilst these issues are still active, so I won't be posting back for a while - Hopefully you can get this sorted out quickly.

Tara

 

[Blew it]

I'm not really sure what's going on in this site. I've had no problems up until yesterday, then lots of weird stuff started coming up.

This evening I was informed 'this site uses java script' and it took several attempts to get into the forum. Then a warning about some 'redirect' thingy. I don't think there is any real threat, it's just annoying.

 

[eddieo]

well i just tried it again out of interest and it is still doing it!

 

[shemozzle999]

3 attacks this morning on opening page. Nod AV captured OK and deleted.
Seems the naughty boys operate overnight.
No problems when I reconnected at 9.00am.

 

[mike killay]

I had a bad attack last night, everything seemed infected AVG appears to have removed them to the vault.
Who is doing this, and why?

 

[flecc]

I'm using AVG and Firefox and have absolutely no problems since Russ first reported clear.

 

[Cyclezee]

Likewise, using Google Chrome on a Mac with Sophos AV, no problemo?

 

[funkylyn]

Well....I havent been attacked for ages.......maybe my AVG protects me well......or maybe
its the Poms....

Lynda

 

[rsscott]

The exploit is within vBulletin. Unfortunately we can patch it but not stop it entirely yet until vBulletin release an update. There are quite a few vB sites affected.

 

[mike killay]

Meanwhile, my computer is very ill.

 

[Deleted member 4366]

Meanwhile, my computer is very ill.

If your pc gets really infected and you can't get them out, you can download Ubuntu Linux onto a pen drive.There's instructions how to do it on the Homepage | Ubuntu site. Then you set your pc to boot from USB, put in the stick and start your pc. Once it's going you can use the Ubuntu software centre to download Clam antivirus that will then scan and remove the viruses without Windows running. Sometimes the really clever viruses stop your anti-virus from running or detecting them, then this method is necessary. You can keep the memory stick and use it whenever you need to visit dodgy sites where the risk is high. It makes you invulnerable like when you use "God Mode" in games. Use a version of Ubuntu 11.04 or lower. The later ones take a bit of figuring out.